The General Data Protection Regulation (GDPR) is enforceable as law in all EU member states on May 25, 2018. While Mailster is in technical compliance with this law you may have to bring some additional things in place to make the whole process compliant for your site.
Please note this is not a legal paper and should just help you to get started. Contact your lawyer for more info on the GDPR and your local laws.
The GDPR has four key principles. We help you to set this up for Mailster:
- Obtaining consent
- Right to Access
- Right to be forgotten
- Breach notification
Obtaining consent
Every time you collect an email address or any other personal information the subscriber needs to provide unambiguous consent for it. In Mailster you can add a checkbox for your Terms of Service people have to check and you have to always use double-opt-in on your forms.
Right to access
Your subscriber has the right to get the data you collect at any time. In Mailster you can give access to a profile page where people can update their subscription and cancel it.
Right to be forgotten
Subscribers can request to get completely removed from your list. This means not only getting marked as unsubscribed but being completely removed from your database. In Mailster you can delete each individual subscriber which also removes all related data. It will not remove connected WordPress Users unless you check this option on the WordPress Users settings page.
Breach notification
In case of a data breach on your site, you have to notify your subscribers immediately if they are affected. You can send a regular campaign to Mailster for this purpose.
Old User Consent
The GDPR applies not only to users you get after the 25th but also retrospective to all users who didn’t give consent in the past. You may have to run a Re-Permission Campaign for the user’s consent. We have a dedicated article on that to get you started.
The GDPR is like many laws a very complex topic and if you are interested you can check out further resources to read on. In general, we recommend getting in touch with your lawyer if you have legal-related questions.
Further Resources
- GDPR: What Europe’s New Privacy Law Means for Email Marketers (litmus.com)
- Are Your Email Marketing Practices GDPR-compliant? (emailmonks.com)
- Europe’s new internet regulations should make most Americans jealous (mashable.com)
- WTF is GDPR? (techcrunch.com)