Big changes are coming to Act-On. Be the first to know...and win a free gift!Sign up now!

Get GDPR Compliant With Act-On



The General Data Protection Regulation is the most critical change in data privacy regulation in 20 years. After four years of debate, the GDPR was finally approved by the EU Parliament in 2016 and was enforced on May 25th, 2018. Over one year later, we’re beginning to see the impact of this groundbreaking legislation.

What Does GDPR Really Mean for Marketers?

The European Union’s General Data Protection Regulation (GDPR) went into effect in May of 2018. The legislation is helping to strengthen and unify data protection for all individuals within the European Union (EU). Subsequently, GDPR has had a significant impact on all marketers doing business with people in these countries.

If you have at least one EU contact within your databases, you need to update your sales and marketing efforts to enter GDPR compliance and avoid the costly fines and penalties levied for even minor violations.

GDPR Checklist


General Data Protection Regulation

Compliance Checklist

View this checklist of steps drawn from the United Kingdom’s Information Commissioner’s Office to ensure GDPR compliance.

Get GDPR Compliant With Act-On


Examining the Impact of GDPR One Year In

It’s been one year since GDPR took effect, but businesses continue to commit minor and major data breaches. Read this blog to learn about how to comply with this legislation.

Need more information on the GDPR?


What is GDPR?

GDPR is a comprehensive law established by the European Parliament, the Council of the European Union, and the European Commission to strengthen and unify data protection for EU residents. GDPR replaced the former EU Data Protection Directive (95/46/EC) with additional compliance requirements for marketers and other data managers. GDPR extends to all companies (even those outside of the EU) when they process EU resident data.

About GDPR for B2B and B2C

Even though PECR (Privacy and Electronic Communications Regulations (UK ) allowed soft opt-out approach in email marketing, GDPR compliance and adoption makes no distinction between B2B and B2C organizations.

More on the PECR: https://ico.org.uk/for-organisations/guide-to-pecr/

Who does GDPR apply to?

GDPR applies to persons and entities of all sizes that process personal data of EU residents, regardless of where they are based. These regulations apply to both data controllers and data processors, including third parties such as cloud providers. Under GDPR, Act-On is a processor and our clients are Controllers.

Where does GDPR apply?

GDPR applies to all EU member states, as well as entities and organizations outside of the EU when processing the data of citizens within it. If you have EU data citizens on your files and they reside outside of the EU, you are obligated to comply.

Does Brexit affect the ruling of GDPR?

No. GDPR is already in effect, and Brexit will have no impact on the legislation in its current state.

What are the penalties for non-compliance with GDPR?

The maximum penalty for organizations that fail to comply with GDPR can be as much as €20 million or 4% of annual global turnover, whichever is greater. There is a tiered approach to fines. For example, a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach, or not conducting an impact assessment.

What is Act-On’s responsibility in complying with the GDPR?

Under the GDPR, we serve as the Data Processor and you are the Data Controller. We process the data based on your instructions. While we are not in a position to legally advise you on your GDPR obligations, we will provide insight regarding how to adopt your approach to GDPR compliance using our services.

In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. This education portal can help.

What is Act-On doing to help me be GDPR compliant?

Providing Best Practices
We will share our expertise in protecting your data, adopting privacy principles, and complying with many complex international regulations. We will also communicate to you all information we gather from any respective Data Protection Authority or other organization.

It’s important to note that GDPR compliance is ultimately a shared responsibility. In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. This education portal can help.

Act-On’s Capabilities
You can leverage Act-On to meet your GDPR requirements for managing consent, including:

  • Capturing consent for web tracking
  • Capturing consent through double opt-in
  • Managing withdrawals from your database

Contractual Commitments
Act-On requires all vendors we do business with to be contractually compliant with the GDPR. We also provide our customers with standard data protection clauses (model clauses) if requested.

Account Provisioning
All European-based clients are provisioned in our European data centers (Dublin or Frankfurt), ensuring your account remains within the EU.

Privacy Shield
Act-On Software (and its UK subsidiary company Actonsoftware Limited) complies with the EU-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries to the Framework’s applicable Principles.

Learn more about the Privacy Shield program and view Act-On’s certification.  

How can I get more information on GDPR and Act-On?

If you have additional questions or need further information please email: gdprinquiry@act-on.netand we will be happy to help.