Are your SAAS emails GDPR compliant. A quick checklist
Dec 13, 2022
GDPR affects how we ask for consent, how easy the unsubscription processis, how we store the context and proof of the subscription and how we maintain our database of emails and we handle GDPR complaints and questions.
Make sure that you have explicitly the subscription to regular emails from you, the topic of that email and the frequency of it as well.
Make sure they are NOT automatically opted in (by a check box that is ticked by default, for example) to receive emails and that they need to actively elect to receive emails from you.
Make sure it is a double opt-in by sending verification emails
Make sure you are not hiding email subscription content elsewhere in a long terms & conditions document. GDPR requires you to separate the 2 agreements and the consent to the email newsletter subscription has to happen at the time of giving the email only.
Ease of Unsubscriptions
GDPR requires you to make it easy to unsubscribe from emails and also to let them know very clearly how to do it.
Make sure there is no way that it can be construed by your process that your are charging a convenience fee to opt out of subscriptions.
Make sure it is not hard to unsubscribe.
Make sure you are not asking them to fill up a long form to unsubscribe.
Make sure there is a clear option to unsubscribe from all the newsletters from your company in a single click.
Make sure that users dont have to login at some place to unsubscribe.
Make sure you dont have more than a single step to unsubscribe.
Make sure once unsubscribed the email is actually removed from any future emails.
Store the context of consent
Make sure the time, date, URL and full context of the subscription is stored in a database and can be easily retrieved as proof.
Cleaning up and maintenance of lists
Make sure your dont keep sending emails even though you tracked that they almost never open your emails
Make sure your segment your active users and try only to communicate to users who rarely open your emails
If you have an old list, make sure you get them to resubscribe afresh.
If you are unsure of the clarity of consent of a list in your database, make sure you dont send them emails without resubscription.
Make sure you have a way to collect complaints and also to reply to them with confidence.
Make sure you can communicate how you got their email, when and proof of consent.
Make sure you can reasonably prove why you thought the email would be appropriate for them and how they would benefit.
Makes sure you tell them exactly what kind of information you have about them and give them a clear right to delete them, no questions asked.
Double check the security of your database and that there is no possible breaches.
Make sure you have clear policies on who has access to this data inside your company and keep a record of access levels.
Ensure you are using GDPR complaint software. At SendNet we follow GDPR guidelines very strictly and enforce them without any exceptions so that none of our customers are unwittingly buying into anything that violates the laws. SendNet is a simple platform that helps you send email newsletters at 1/100th the price of mailchimp using the Amazon SES service.