On the off chance you can't, let me know and I'll send the slide deck on.
what exactly do we as admins have to do over this? We do have some accounts residing in the EU. But I don't understand what "
personal information" means? Everything I read has different suggestions. Some state: name, phone number, address, ip address etc..so what do we have to do on our end then to be in regulation?
From the text of the regulation itself (Article 4)
'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
2) The right to be forgotten. If a person requests it, you have an obligation to delete ALL data you hold on that person. Again, basic data should be pretty easy but what about all those records that have referential relationships and so are not deleted when a "parent" record is deleted? As a side note, you are permitted to hold minimal data on a person that requests deleting all their data sufficient to ensure that you don't load their data again from a new list, backup, or whatever...
3) Logging Opt In, Opt Out and holding the proof that the opted in. So maybe the URL they visited, the time and data and possibly even a screen shot of the opt in they completed. Different people have taken different views on this largely depending on what their current tech stack can support!Clearly, from a customer & prospect engagement perspective, you should also log the legal basis on which you are contacting the person and link to any supporting docs (eg. a Legitimate Interest Test). And then you need to make sure that your data is sufficiently detailed to allow you to use it for the purpose you intend. So, if you are relying on Legitimate Interest, you can demonstrate that you know enough about the contact you are emailing to justify your claims in your Legitimate Interest Test.With a bit of thought and reading around, you should be able to get most of the basics covered fairly quickly. The key areas to start with include:1) legal basis on which you are contacting prospects by email2) Data security and notification of a data breach to all affected records3) Storage of data outside the EU4) Appointment of a Data Protection OfficerDISCLAIMER: This is my view based on advising our UK based clients. Get legal advice to ensure what you plan to do covers you.