The General Data Protection Regulation (GDPR) and is enforceable as law in all EU member states on May 25, 2018. While Mailster is technically compliance with this law you may have to bring some additional thing in place to make the whole process compliance for your site.
Please note this is not a legal paper and should just help you to get started. Contact your lawyer or more info on the GDPR and your local laws.
The GDPR has four key principles. We help you to set this up for Mailster:
- Obtaining consent
- Right to Access
- Right to be forgotten
- Breach notification
Every time you collect an email address or any other personal information the subscriber needs to provide unambiguous consent for it. In Mailster you can add a checkbox for your Terms of Service people have to check and you have to always use double-opt-in on your forms.
Right to access
Your subscriber has the right to get the data you collect at any time. In Mailster you can give access to a profile page where people can update their subscription and cancel it.
Right to be forgotten
Subscriber can request to get completely removed from your list. This means not only to get marked as unsubscribed but being completely removed from your database. In Mailster you can delete each individual subscriber which also removes all related data. It will not remove connected WordPress Users unless you check this option on the WordPress Users settings page.
In case of a data breach on your site you have to notify your subscribers immediately if they are affected. You can send a regular campaign in Mailster for this purpose.
Old User Consent
The GDPR applies not only for users you get after the 25th but also retrospective to all users who didn’t give the consent in the past. You may have to run a Re-Permission Campaign to the the users consent. We have a dedicate article on that to get your started.
The GDPR is like many laws a very complex topic and if your are interested you can check out further resources to read on. In general we recommend to get in touch with your lawyer if you have legal related questions.
- GDPR: What Europe’s New Privacy Law Means for Email Marketers (litmus.com)
- Are Your Email Marketing Practices GDPR-compliant? (emailmonks.com)
- Europe’s new internet regulations should make most Americans jealous (mashable.com)
- WTF is GDPR? (techcrunch.com)