Are you concerned about compliance with the GDPR (General Data Protection Regulation) when using the Post SMTP plugin?
For website owners and businesses, using Post SMTP ensures reliable email delivery. However, complying with GDPR is essential.
Therefore, in today’s blog post, we’ll discuss the best practices, such as data storage policy, email logs management, and contact form data collection, to comply with GDPR when using Post SMTP.
PLEASE NOTE: Post SMTP is a WordPress GDPR compliance plugin. This article provides general insights into Post SMTP and GDPR compliance. However, we recommend talking to a GDPR lawyer if you’re looking for personalized assistance.
Let’s get started!
What is GDPR?
Before we discuss the specifics of how Post SMTP ensures GDPR compliance, let’s have a quick overview of what GDPR is.
Brief Introduction to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that took effect in the E.U. on May 25, 2018. It protects the privacy and personal data of European Union and EEC residents.
Regardless of whether your business is outside these regions or if you deal with data from EU citizens, GDPR applies to you.
Remember that GDPR requires you to request user permission before collecting or storing personal information. Also, make it easy for subscribers to access or delete their data.
To learn more, please check out the GDPR official website here.
Best Practices that Post SMTP Employs to Compliant with GDPR
The following sections discuss effective ways to make your website compliant with GDPR for WordPress when using Post SMTP.
Data Storage Policy
All data collected by Post SMTP is stored on your website. We do not collect or store any user data on our servers. Since your website stores all the user data acquired by Post SMTP, you should know what information the plugin stores.
Email Logs Data
Post SMTP gives you comprehensive email logs to track your email activity, but remember that all logs are stored in your website database, which you can easily export as a CSV file.
NOTE: The keeping of email logs is also mandated by GDPR. You can find more info about email logging later in the article.
Email Attachments
Post SMTP also stores email attachments, which you can directly send from your email logs screen. To stay GDPR compliant, ensure you have explicit consent from users before attaching any files in the email you send.
3 Key Considerations to Stay Compliant with GDPR
We collect user data using Post SMTP’s email log feature and keep a record of it on your site so you can retrieve it later. The following are some recommended practices to follow when dealing with email logs.
Logs Specific to the SMTP Mailer
IMPORTANT NOTE: Email logs related to the SMTP mailer are managed by your chosen email service provider, not Post SMTP. We have no control over how this data is stored or handled.
Even though we’ve listed some SMTP service providers below who keep logs, we strongly suggest checking the GDPR compliance of your chosen service provider, even if it’s not mentioned here. In any case, regarding GDPR compliance for WordPress, it is recommended that you have a legal expert review any website or third-party service you use.
Many Post SMTP mailers retain logs of emails sent from your website. To adhere to GDPR’s “right to be forgotten” aspect, you should know if your email provider is storing these logs and what you can do to remove them if necessary.
As of right now, the following mailers are known to store email logs:
- Brevo (formerly Sendinblue)
- Postmark
- Mailgun SMTP
- SparkPost
- SendGrid
- Amazon SES
If you would like additional information about viewing and deleting the email logs, be sure to get in touch with your mailer’s support team.
Contact Form Data Collection
Apart from email functionality, Post SMTP is compatible with all the contact forms on WordPress sites. These forms collect user data, and it’s crucial to have GDPR-compliant practices in place:
- Clearly state why you are collecting data and how you’ll use it.
- Provide users with the option to consent to data collection.
- Allow users to access or delete their data upon request.
Final Thoughts on WordPress GDPR Compliance
Staying WordPress GDPR compliant while using Post SMTP requires a combination of understanding the plugin’s features, your SMTP mailer’s logging practices, and implementing transparent data collection policies.
By following the best practices mentioned in the article and regularly reviewing your data management processes, you can ensure compliance with GDPR.
Frequently Asked Questions
How do I know if my website is GDPR compliant?
Ensuring GDPR compliance for your website involves:
1. Reviewing data collection practices.
2. Implementing privacy policies.
3. Providing clear options for users to manage their data.
We recommend consulting with legal counsel familiar with GDPR for a thorough compliance review.
How do I make my email GDPR compliant?
Ensure you get explicit consent from recipients before sending marketing emails, provide an easy way for users to unsubscribe, and avoid collecting unnecessary data. Implement encryption for sensitive information and regularly review your email marketing practices for compliance.
What are the GDPR rules for sending emails?
GDPR rules for sending emails include the following:
1. Obtaining explicit consent from recipients before sending marketing emails.
2. Providing clear information about the sender’s identity.
3. Allowing users to unsubscribe easily.
4. Ensuring secure storage and processing of email data.
What are the 7 GDPR requirements?
The 7 GDPR requirements include:
Lawfulness, fairness, and transparency in data processing.
Purpose limitation: Collect data for specified, explicit, and legitimate purposes.
Data minimization: Collect only what is necessary for the intended purpose.
Accuracy: Ensure data is accurate and up to date.
Storage limitation: Store data only for the necessary period.
Integrity and confidentiality: Process data securely.
Accountability: Demonstrate compliance with GDPR principles.
Is Outlook email GDPR compliant?
Like other email providers, Outlook offers tools and features to help users comply with GDPR regulations. You can be GDPR compliant while using Outlook if you integrate HR Management for Microsoft Dynamics 365, as all personal information is stored securely in Microsoft Dynamics 365, eliminating GDPR compliance risk.