How do I ensure compliance with the GDPR?

Data processing agreement

If you want to send newsletters with Laposta, you already comply with one of the most important requirements of the GDPR: entering into a data processing agreement; you sign it (mandatory) within our program. You can find the agreement under Account → Documents.

Subscribing

The GDPR states that subscribing must be a clear action. If you use one of Laposta's standard forms, the purpose is obvious: to subscribe for the newsletter. There is no need to add anything else.

If you sign people up in the course of another process, such as when requesting a document on your website, this must be explicitly confirmed. It is therefore no longer allowed to pre-tick a checkbox.

Subscribers from other sources

The Telecommunications Act regulates who you may or may not send email. This law will not change with the introduction of the GDPR. These are the conditions:

  • You either have unambiguous consent from the data subject, through a statement or affirmative action. (So no sentence in the terms and conditions stating that someone agrees to receive a newsletter, or a pre-checked box on a form).
  • Or you have an existing customer relationship with the data subject.

Demonstration of consent

If you want to send someone newsletters, you must be able to show that the person has given permission, as well as how, where and when, to whom, for what purpose, and in what context it was given.

If you receive subscriptions with a subscribe form through Laposta, you do not have to do any extra work to collect this information; these data are automatically captured by our program.

If your subscribers come from another source (e.g., a CRM), Laposta has no way of knowing how consent was obtained, and you must ensure that it is properly recorded.

Unsubscribe

It should always be clear how people can unsubscribe. This is taken care of automatically in Laposta because an unsubscribe link is mandatory under every newsletter.

Privacy statement

If you want to be specific about how you handle personal data, you can include a privacy statement on your website. This statement describes what data is collected, what you do with it, where it is stored, what rights someone has and how a complaint can be made. These policies must, of course, comply with the GDPR.

Duty to report data breaches

You are responsible for the personal data you manage. Should something go wrong with this, resulting in this data ending up in the hands of others, you are obliged to report this to the persons affected.

You transfer the personal data for the newsletters to Laposta. We thus become a personal data processor. Should we have a data breach, we are required to report it to you. This will be recorded in the data processing agreement.

Still need help? Contact Us Contact Us