How do I make sure I meet GDPR requirements?

GDPR came into effect on the 25th of May 2018

From that date onwards, collection and use of data of a personal nature have been framed within the General Data Protection Regulation (GDPR).


All the information you’ll find on this page is for informative purposes only and is limited to those aspects that apply to our solutions.

Can I continue to send my email marketing campaigns to my existing contact list?
GDPR applies not only to data collected after the 25th of May 2018, but also to any data collected before this date! If you already have proof of consent, you have nothing to worry about! If not, or if the user in question has not given his or her permission, you will have to obtain opt-in consent again.
What happens if an individual who has been profiled demands not to be?
According to Article 19, use of these data must cease immediately unless the company can prove the the individual’s request goes beyond his interests, rights and freedoms.
Does GDPR allow for the purchase of lists of contacts?
While it is true that certain lists of contacts, obtained with a clear positive consent act at the moment of inscription, may be authorized under GDPR… this practice is not recommendable.
Previous slide
Next slide

What you need to know in terms of obligations

There are few obligations that you’ll need to meet in order to be compliant.


The right to be informed

The right to be informed

People must understand why and for how long their data will be stored

Obtaining consent

Obtaining consent

It is obligatory to obtain the clear and unambiguous consent of each contact before using his or her data

Right of Access and Rectification

Right of Access and Rectification

Every individual has the right to obtain confirmation that personal data concerning them is being processed, to obtain a copy of such data, and to request rectification if the data is inaccurate or incomplete.
Droit oublie

Right to opposition and to be forgotten

Right to opposition and to be forgotten

Individuals have the option to request the definitive deletion of their data and may withdraw their consent at any time

Right to data portability

Right to data portability

People can retrieve some of their data in a simple format in order to store or transpose them

Right to limitation

Right to limitation

People have the option of requesting that certain information not be processed

Impact on key marketing processes

What is now prohibited in terms of consent collection


Opt-out: refers to having to opt out after being automatically registered when registering for any service.


Passive opt-in: consists of pre-checking default boxes such as “I want to receive offers” or a drop-down menu that defaults to “yes”.

What is allowed and required


Opt-ins and double opt-ins: to guarantee legally valid express consent, the request must be clear and precise. And creating a second confirmation to opt to receive campaigns is always a good idea!


The unsubscribe link should be clearly visible in every email you send.

Save Consentement

Storing of proof of consent: you must be able to retrieve the consent obtained for each individual and this must be done according to the principle of responsibility required by GDPR.


We ensure that Internet users can object at any time to their personal data being processed by Eulerian Technologies.

We provide an unsubscribe link, available on our interface so it can be immediately added to your website. Should you need assistance with this kind of process, our account management teams are here to help.

The “Privacy manager” tool allows you to configure the time limit for storage of cookies and the information collected by the cookies within a limit a of 13 months from the moment the user’s consent was collected (or subsequently collected again).

We recommend you keep within this limited cookie-storage period in order to regularly remind your clients of the existence of cookies and to comply with their right to opposition to tracking or their right to be forgotten, should they so wish.

Minimize your unnecessary or outdated data by erasing what you no longer need.

One of the impacts of GDPR on businesses is a new philosophy as regards data, how they are collected and used. We recommend you clear out any inactive contacts or unsubscribed users and any other data you will no longer be using.

Here at Eulerian we have appointed a Data Protection Officer (DPO) who is in charge of GDPR compliance.

To contact our DPO, just send an email to:

We also recommend you appoint a DPO to manage the process of becoming GDPR compliant.

What we do on a daily basis to comply with GDPR

As an analytics solution provider we are in an ongoing process of staying 100% GDPR compliant. As part of this process, we decided to have our digital solution audited and adapted. All updates were carried out taking into account the concept of “privacy by design”, in other words, by integrating the highest level of data protection from the beginning and with every use.

Our software is built on a secure and regularly-audited technical infrastructure in order to assure the confidentiality and security of your data. We apply the following measures:


Your data are stored exclusively in France on highly secure Eulerian servers

Pas transfert

We do not transfer your data overseas

vie privee

The importing of your data into our software solution is done through an encrypted transmission channel


Access to stored data is limited to a select few Eulerian staff under a strict authorization policy


An incident management policy is implemented to respond immediately to any security incidents affecting the data we process on your behalf


Finally, our staff are aware of and exhaustively trained on GDPR requirements