General Data Protection Regulation (GDPR) enforced by the European Union (EU) governs the handling of Personally Identifiable Information (PII), including email, of EU citizens. GDPR affects all email verification services companies that handle the PII of EU citizens, irrespective of the domicile of the company or the EU citizen. GDPR has been in effect since May 2018, and non-complying companies face stiff fines.
What does GDPR compliance mean for email verification services?
Since email verification services collect and process user data, they must have data and privacy protection policies that meet GDPR requirements. Moreover, since email verification involves a large amount of personal data, they must have a Data Protection Officer (DPO).
Which companies are affected by GDPR and email verification requirements?
It is important to note that any company, regardless of their location, need to comply with GDPR and email verification restrictions if they meet both of the following criteria:
- The company collects PII, and,
even if they reside outside the EU
- The company has EU citizens as customers even if they reside outside the EU.
Most, if not all, email verification companies meet both these criteria, so they are affected by GDPR.
What is the penalty for non-compliance?
The penalty is quite high! If a company is found to be non-compliant with GDPR and email verification requirements, it can be penalized 20 million Euros (about $23 million) or 4% of its annual global turnover, whichever is higher.
Is there an advantage to using an email verification company based in the EU?
Being based in the EU does not automatically make a company GDPR compliant. But a company in the EU is more likely to be compliant with GDPR than a company that is outside the EU. There are also advantages to having a DPO based in the EU which would naturally be the case for a company based in the EU. The clients of a non-EU based email verification company have to take additional steps to ensure that the company complies with GDPR. So there are advantages to using an email verification company based in the EU.
Which countries are in the EU? What is the impact of Brexit on the email verification companies in the UK?
As of January 2019, there are 28 countries in the EU. Note that the UK is in the final stages of negotiating an exit (Brexit) from the EU in March 2019. But this remains uncertain since the draft Brexit agreement has not been well received by the UK parliament. If Brexit does happen, the email verification companies based in the UK will have to adjust their policies, and hire a DPO based in an EU country.
Is GDPR certification available for email verification companies?
There are many private organizations offering GDPR compliance certification. While these private certifications may not be recognized by the GDPR enforcement bodies, using them is beneficial for (a) gaining familiarity with GDPR, and, (b) as an audit mechanism.