Skip to content

What do we have to do in case of the DSGVO/GDPR law?

edited April 2018 in Questions

Anybody some more information what the requirements are to use Sendy without getting trouble? I guess an agreement with Amazon is mandatory. But what if you offer your Sendy installation to your clients? Do they need an agreement with me as their "email service provider"?

Comments

  • Was thinking about it the other day

  • Haha, as time flies by, we are all getting feverish ...

    I have just read up a little on this as well. The /r/GDPR subreddit on reddit.com is a great accumulator of tidbits.

    While GDPR has a lot of organisational / procedural impact, the software needs to facilitate this. A great article, imho, is this one here : https://techblog.bozho.net/gdpr-practical-guide-developers/

  • Ben, any insights on this?

  • With Sendy it is easy when your customer requires deletion of his personal data, you just find his e-mail in the list and delete it. Make sure you add a checkbox with "required" option to all forms that collect e-mails, something like I agree with the Privacy policy, this way if customer agrees, he can proceed, if not you don't have to worry. Also, make sure you have everything mentioned in your documentation, what kind of information Sendy collects and why, it does not have to be a rocket science, I don't think Ben has to do anything special, but if you have anything special in mind, you should be more specific.

  • @And have pointed out a good article, thanks.

    With regards to sending emails to existing subscribers after GDPR kicks in, it is probably a good idea to do a re-permission campaign. There is a separate discussion with this regard here → https://sendy.co/forum/discussion/11296/gdpr-re-permission-campaign#Item_5

    In order for a mailing list signup form be GDPR compliant, the following condition needs to be met (feel free to add or correct):

    1. Consent: The user explicitly signs up with the personal data, in which case, their name/email address
    2. Processing of Personal Data: The user must know how their data will be used, where it is stored etc. Which means you need to produce a Privacy Policy page and detail how you will use and process their data. Then display this information on the signup form (link to your Privacy Policy page)
    3. Their Rights: The user have the right to request from you a copy of their personal data held by you, or to modify their personal data, remove their consent (unsubscribe), or completely erase it (delete) at anytime
    4. Proof of consent: In any case the user contest their consent, you must provide proof of consent (Sendy stores all evidence of consent at the time of opt in, eg. the URL from which they sign up from, whether it’s single or double opt-in, time of signup, their IP address and country)

    As you are both the Processor and Controller of their Personal Data, the first thing you’d need to do is to build a Privacy Policy page detailing what data you collect, how you collect data, what you do with their data, disclosure policy, cookie policy etc. Then link this page in the sign up form.

    Sendy will allow you to add legal text with links at the bottom of your mailing list in the next version. However you can always build your own signup form with Sendy’s ‘subscribe’ API to be compliant right now.

    Lastly, the “checkbox” that you always read about having in order to be GDPR compliant pertains to “Unbundling”. ‘Consent' should not be a precondition of signing up for a service or purchasing of a product. For example if someone buys a product from your website, enter their name, email, address etc at the checkout, it does not mean you have the right to send marketing emails to the email address they have entered. You must have a checkbox at your checkout page to obtain their consent to send them marketing emails later.

    The next version of Sendy will include some useful GDPR friendly features.

    Thanks.

    Best regards,
    Ben

  • Awesome news, thanks Ben!

  • Sendy 3.0.7 is now released with lots of GDPR features! See the change log at → https://sendy.co/get-updated

This discussion has been closed.