The GDPR replaces the EU’s current data protection legal framework from 1995 (commonly known as the “Data Protection Directive”). This directive allowed member states to interpret the rules as they saw fit when they turned it into local legislation. The nature of GDPR as a regulation, and not a directive, means it applies directly without needing to be turned into law.

The General Data Protection Regulation (GDPR) is a new set of rules designed to strengthen the basic privacy and data protection rights of European consumers also giving them more control over their personal data. It calls for a more granular privacy policy in an organization’s systems, more nuanced data protection agreements, and more consumer-friendly, detailed disclosures about an organization’s privacy and data protection practices. It aims to simplify the regulatory environment for business so both citizens and businesses can fully benefit from the digital economy. Unlike the Data Protection Directive, the GDPR is relevant to any globally operating company processing data activities with regard to EU individuals and not just those located in the EU.

Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.

Sasta Mail and GDPR

Our team has worked hard to become a fully GDPR-compliant email marketing platform. At Sasta Mail, privacy, data protection, and data security have always held a position of paramount importance in everything we do. We are continuously working to raise the bar for ourselves in the security and data privacy realm, and view the GDPR as the most important change in data privacy regulation.

GDPR compliance is comprised of many elements. Among others, we have updated our documentation and agreements to align with GDPR requirements. We have also revised our internal policies and procedures to ensure that they adhere to the GDPR standards for data collection, storage and transfer.

We offer a Data Processing Addendum (DPA) that meets GDPR requirements and reflects our data privacy and security commitments. Recently, the DPA became an integral part of our Terms of Use, therefore, there is no need to sign it anymore. Once you agree with our Terms of Use, you agree with our DPA at the same time.

In order for you to be GDPR-compliant as a data controller, you can manage your subscribers’ data with our GDPR-friendly tools which will help you fulfill any data subjects’ requests, regarding their right to portability, access, to be forgotten, etc.

If you have any questions about data protection, please contact us at info@Sasta and review our GDPR-related blog posts and videos.

GDPR has a few main principles

For customers inside Sasta Mail account

A. Right to Access/Rectification

Customers can always access their account information from their account area, from where they can edit it accordingly.

B. Right to be Forgotten

Customers can close their account at any time from their account area.

C. Data Portability

Customers can export all their information, such as account info, email lists, campaigns, subscribers, stats, etc, from within the account.

D. Privacy by Design

Sasta Mail does its best to keep the customer information safely. In case of a data breach we notify customers immediately via email.

For subscribers inside your Sasta Mail account

A. Obtain Consent

You must insert a required consent checkbox in your subscribe forms, unchecked by default, where you ask your subscribers the consent for sending them emails periodically and only add them to the list if they consent. You should always enable double opt-in for your email lists so that your subscribers clearly consent they want to be added to your lists.

B. Right to Access/Rectification

Your subscribers, can at any time, update their profile information by following the link you include in the email footer. Subscribers might as well contact you directly in order to have their data corrected/removed and you should fulfil their request.

C. Right to be Forgotten

Your subscribers can unsubscribe at any time by following the unsubscribe link which you include in all email footers. The tag that does this is [UNSUBSCRIBELINK].

D. Data Portability

You can export your subscribers info at any time from your Sasta Mail account.

E. Privacy by Design

Sasta Mail does its best to keep the subscriber information safely.

F. Breach Notification

In case of a data breach on your site you have to notify your subscribers immediately if they are affected. You can send a regular campaign for this purpose.

GDPR itself is a very complex topic, please make sure you get in touch with a consultant related to how GDPR applies to the business you are running, in case you have any questions/doubts/etc.