What do we have to do in case of the DSGVO/GDPR law?
Anybody some more information what the requirements are to use Sendy without getting trouble? I guess an agreement with Amazon is mandatory. But what if you offer your Sendy installation to your clients? Do they need an agreement with me as their "email service provider"?
This discussion has been closed.
Comments
Was thinking about it the other day
Haha, as time flies by, we are all getting feverish ...
I have just read up a little on this as well. The /r/GDPR subreddit on reddit.com is a great accumulator of tidbits.
While GDPR has a lot of organisational / procedural impact, the software needs to facilitate this. A great article, imho, is this one here : https://techblog.bozho.net/gdpr-practical-guide-developers/
Ben, any insights on this?
With Sendy it is easy when your customer requires deletion of his personal data, you just find his e-mail in the list and delete it. Make sure you add a checkbox with "required" option to all forms that collect e-mails, something like I agree with the Privacy policy, this way if customer agrees, he can proceed, if not you don't have to worry. Also, make sure you have everything mentioned in your documentation, what kind of information Sendy collects and why, it does not have to be a rocket science, I don't think Ben has to do anything special, but if you have anything special in mind, you should be more specific.
@And have pointed out a good article, thanks.
With regards to sending emails to existing subscribers after GDPR kicks in, it is probably a good idea to do a re-permission campaign. There is a separate discussion with this regard here → https://sendy.co/forum/discussion/11296/gdpr-re-permission-campaign#Item_5
In order for a mailing list signup form be GDPR compliant, the following condition needs to be met (feel free to add or correct):
As you are both the Processor and Controller of their Personal Data, the first thing you’d need to do is to build a Privacy Policy page detailing what data you collect, how you collect data, what you do with their data, disclosure policy, cookie policy etc. Then link this page in the sign up form.
Sendy will allow you to add legal text with links at the bottom of your mailing list in the next version. However you can always build your own signup form with Sendy’s ‘subscribe’ API to be compliant right now.
Lastly, the “checkbox” that you always read about having in order to be GDPR compliant pertains to “Unbundling”. ‘Consent' should not be a precondition of signing up for a service or purchasing of a product. For example if someone buys a product from your website, enter their name, email, address etc at the checkout, it does not mean you have the right to send marketing emails to the email address they have entered. You must have a checkbox at your checkout page to obtain their consent to send them marketing emails later.
The next version of Sendy will include some useful GDPR friendly features.
Thanks.
Best regards,
Ben
Awesome news, thanks Ben!
Sendy 3.0.7 is now released with lots of GDPR features! See the change log at → https://sendy.co/get-updated