System Updates – GDPR features
Enhanced Data Subject Access Request support
Under GDPR and earlier data protection law, anyone that you store data about can request to see, amend, and delete the data that you store about them. These are called DSARs. It’s extremely rare for web apps to have any integrated support for DSARs, but we introduced built-in support in 2005. Anyone whose data is used by Smartmessages (whether as an account holder or list subscriber) can log in and see the data that is stored about them, and amend or delete it at will, as is their right.
Improved data retention implementation
We have deleted low-level data after 6 months for many years, but there were some places where user data was kept unnecessarily, particularly in archived mailshots (ones more than 6 months old). We have made some internal changes to make it easier for us to delete data held in logs and archived mailshots, either due to expiration or DSARs.
Subscription page privacy policy
We have clarified key items of our privacy policy on our standard subscribe and landing pages, right where it’s needed most. You can see in in action on our own subscribe form. If you host your own subscribe forms, you need to present these same options to your potential subscribers – to skimp on that means that even double-opt-in subscriptions will be invalid since transparency of processing is a requirement under GDPR.