Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Emails and GDPR - Questions to Answer

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Emails and GDPR - Questions to Answer


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: dev.to

On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the EU. Before this, there were many concerns as to the impact GDPR would have on email marketing. Some predicted adverse consequences and total disruption of existing marketing strategies. The rules have changed de facto, and youโ€™ll have to pay daunting fines for their violation. But the devil is not as black as he is painted. Therefore, we collected the 10 most asked questions for GDPR email compliance and answered them.

What is GDPR all about?

Personal data protection is what the GDPR focuses on. Personal data is any information that can explicitly or implicitly identify an individual. This may include:

  • name
  • location
  • addresses (mail, email, IP, etc.)
  • bank details
  • gender
  • religious beliefs
  • ethnicity
  • political opinion
  • biometric data
  • web cookies
  • contacts
  • device IDs
  • and pseudonymous data

GDPR lays out rules and principles of personal data protection. Itโ€™s aimed at the way companies collect, store, or use the data. There is no direct emphasis on email or email marketing. However, the mailbox of a company contains lots of data that can be deemed personal: names, email addresses, conversations, and much more. Therefore, an email is a valuable asset that must be in compliance with GDPR requirements. This includes email marketing, antispam activities, as well as email encryption and safety.

Question #1 โ€“ What is the biggest headache for an email marketer under the GDPR?

Short answer: Email consent
Where in the GDPR is this covered: Article 6, 7
Long answer:

According to the EU Data Protection Directive (Directive 95/46/EC), data should not be disclosed without the data subjectโ€™s consent. GDPR expanded this statement and elaborated requirements for collection and storage of usersโ€™ consent. Details are laid out in Article 6, but the key points are the following:

  • Your request for the userโ€™s consent must be understandable and clearly distinguished
  • The provided consent must be freely given by an individual for a specific purpose without any ambiguous representation
  • The provided consent can be withdrawn by an individual at any time
  • Email consent must be separated from other options or services, such as privacy notices, terms and conditions, and so on. You can request consent for a particular purpose and specify this explicitly.
  • An opt-out option is a MUST. You are to provide a free and convenient way for users to withdraw consent โ€“ unsubscribe. In this aspect, GDPR is similar to the CAN-SPAM act.

Question #2 โ€“ To send, or not to send emails to the existing email list

Short answer: Send if you can prove there is email consent
Where in the GDPR is this covered: Article 4, 6, 7, 9, 22
Long answer:

Mailtrap began to take measures to ensure full compliance with GDPR far before it came into effect. Before GDPR, our customer base included over 300K email addresses. These were users who signed up for Mailtrap services and agreed to receive transactional emails like product updates, changes in billing plans, and other important notes. We did not, however, request explicit consent to send marketing emails to them. So, shall we reconfirm or can we send emails without it?

  • First, GDPR applies to all signups no matter when they provided their personal data. If you can prove that you have an unambiguous consent record of the existing email list, then you are GDPR-compliant.
  • Second, make sure that the consent applies to both transactional and marketing emails. This really matters because the GDPR is aimed at preventing users from receiving unwanted marketing emails. Using transactional emails for marketing purposes is also a dead-end. Sooner or later, some of your customers may report this to the data protection authority. If they conclude that your transactional emails look more like marketing ones, youโ€™ll be fined.

In the case of Mailtrap, we had consent for sending transactional emails only. So, sending marketing emails without re-engaging our email list would be a violation of the GDPR.

Question #3 โ€“ Email retention policy โ€“ what is it for?

Short answer: To protect against possible break-in of employee mailboxes
Where in the GDPR is this covered: Article 5, 17
Long answer:

Data erasure is one of the main data protection principles laid out in GDPR. The essence of this is that companies can store personal data of individuals no longer than it is necessary. The storage period should be set up according to the reason why the data is needed for processing. For example, youโ€™re processing CVs while looking for candidates for a certain position. Once the candidate has been found, you donโ€™t have to get rid of all the processed CVs at once. On the other hand, storing personal data (from CVs) for 5+ years without any update would be irrelevant.

There are exclusions for when companies can keep the data for a longer period. Those include archiving or scientific purposes, law restrictions, and other reasons. In these cases, the appropriate data security measures are obligatory.

In terms of GDPR and emails, the companies have to focus on the amount of data their employeesโ€™ store in their mailboxes. For this purpose, they need to establish an email retention policy that will regulate frequency, volume, and other aspects of email data erasure. The idea is to minimize the adverse consequences of a data breach in the case of a mailbox break-in.

Question #4 โ€“ Did the GDPR get rid of spam and doom email marketing?

Short answer: No, it did not
Where in the GDPR is this covered: Article 5, 6, 13
Long answer:

Someone expected significant changes after May 25, 2018. There were predictions for the demise of spam. GDPR was introduced as a hero that beats outlaws spreading malicious emails. But the hard-driving requirements were meant to protect personal data rather than combat spammers. You can see the outcome by yourself โ€“ our spam folders have not emptied. Maybe, we should wait till the email consent-centered regulation will help. Who knows?

Another prediction referred to the sunset of email marketers. Oppositionists introduced GDPR as an anti-email marketing document. However, itโ€™s only meant to facilitate a customerโ€™s email experience. Yes, GDPR stimulates companies to be more attentive to how they work with data. Those who are OK with that, survive; others donโ€™t.

Question #5 โ€“ Will I get penalized for poor email safety measures?

Short answer: GDPR non-compliance may be a costly mistake
Where in the GDPR is this covered: Article 82, 83
Long answer:

Letโ€™s say, youโ€™ve experienced a data breach because of your employeeโ€™s negligence, mailbox break-in, or anything else. Mostly, this happens due to the lack of security measures and policies that could have prevented a data breach. GDPR is not aimed at punishing anyone for poor email safety measures alone. A penalty for GDPR non-compliance will be a result of many internal problems with security and a lack of understanding of GDPR principles.

The GDPR established the following fines for violation of the rules:

  • โ‚ฌ10 ($11.2) million, or 2% of global revenue, whichever is higher. This fine covers the less severe infringements regulated by the following Articles: 8, 11, 25-39, 41-43.
  • โ‚ฌ20 ($22.3) million or 4 percent of global revenue, whichever is higher. This fine covers the more serious infringements regulated by the following Articles: 5, 6, 7, 9, 12-22, 44-49.

In both cases, youโ€™ll have to pay compensation for damages.
At the same time, the threshold of โ‚ฌ20 ($22.3) million is not ultimate. At the beginning of 2019, the French data privacy body, CNIL, imposed a โ‚ฌ50 million ($57 million) penalty to Google. The official reason was โ€œfor lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.โ€

Data protection regulators in each EU country are entitled to administer fines themselves. Thatโ€™s why the UK Information Commissionerโ€™s Office could penalize British Airways for ยฃ183 ($230) million. The reason was the 2018 data breach that compromised 500K consumers.

For more tips about GDPR email encryption requirements, check the initial Mailtrap article.

...



๐Ÿ“Œ Reddit's answer to Discord's answer to Clubhouse has arrived


๐Ÿ“ˆ 28.24 Punkte

๐Ÿ“Œ Most GDPR Emails Unnecessary and Some Illegal, Say Experts


๐Ÿ“ˆ 23.79 Punkte

๐Ÿ“Œ Ghostery Tries to Comply With GDPR, but Ends Up Violating GDPR in the Process


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ First GDPR Enforcement is Followed by First GDPR Appeal


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ What is GDPR Compliance? 7 Principles of GDPR Explained


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ GDPR One Year Anniversary: A Risk-Based approach to GDPR is key for achieving compliance


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ Hey Startups, Check Your GDPR Progress with this GDPR Checklist


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ Hey Startups, Check Your GDPR Progress with this GDPR Checklist


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ EXCEL vs. GDPR software โ€“ can you handle GDPR using Excel?


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ CVE-2023-1069 | Complianz GDPR CCPA Cookie Consent Plugin up to 6.4.1 on WordPress GDPR/CCPA cross site scripting


๐Ÿ“ˆ 23.21 Punkte

๐Ÿ“Œ How to Find Archived Emails in Gmail and How to Unarchive Emails


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ How to Find Archived Emails in Gmail and How to Unarchive Emails


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ How to Find Archived Emails in Gmail and How to Unarchive Emails


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Unearthed emails could be smoking gun for epic GDPR battle against Google, adtech giants


๐Ÿ“ˆ 21.88 Punkte

๐Ÿ“Œ Unearthed emails could be smoking gun for epic GDPR battle against Google, adtech giants


๐Ÿ“ˆ 21.88 Punkte

๐Ÿ“Œ How to Stay GDPR Compliant While Sending Cold Emails


๐Ÿ“ˆ 21.88 Punkte

๐Ÿ“Œ Phishers Leveraging GDPR-Themed Scam Emails to Steal Usersโ€™ Information


๐Ÿ“ˆ 21.88 Punkte

๐Ÿ“Œ Does analyzing employee emails run afoul of the GDPR?


๐Ÿ“ˆ 21.88 Punkte

๐Ÿ“Œ Google finally has a 20-dollar 'premium and advanced' answer to Copilot Pro and ChatGPT Plus


๐Ÿ“ˆ 17.92 Punkte

๐Ÿ“Œ The Answer to the Ultimate Question of Life, the Universe, and Everything.


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ The Answer to the Ultimate Question of Life, the Universe, and Everything.


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Where's All My CPU and Memory Gone? The Answer: $5B Worth Slack App


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ 42: The answer to life, the universe and how many Cisco products have Struts bugs


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ [webapps] Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ #0daytoday #Joomla JEXTN Question And Answer 3.1.0 Component - SQL Injection Vulnerability [#0day #Exploit]


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Joomla! JEXTN Question And Answer 3.1.0 SQL Injection


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Joomla! JEXTN Question And Answer 3.1.0 SQL Injection


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ A Fun and Educational Answer to the Security Awareness Problem: The Security Escape Room


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Question-and-answer website quora has suffered a data breach that may have affected approximately 100 million of its users.


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Whatโ€™s the Mission in Syria? The Answer May be Illegal and Without U.S. Alliesโ€™ Support


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ r/linux Monthly Poll Thread: Post your polls here and answer our main distribution/DE survey


๐Ÿ“ˆ 16.02 Punkte

๐Ÿ“Œ Windows 10 Testers Can Now Answer Android Phone Calls and Text Messages


๐Ÿ“ˆ 16.02 Punkte











matomo