Getting Started

GDPR when using the newsletter plugin?

Home Forums Newsletter Plugin Support GDPR when using the newsletter plugin?

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • September 6, 2024 at 11:23 am #331507
    User
    Participant

    When using the service “the newsletter plugin”, is personal data transmitted to another company or to the service provider or is it a self-hosted system?

    September 9, 2024 at 3:20 pm #331623
    Michael
    Keymaster

    Hello,

    all the data stay on your own server. It’s completely self-hosted.

    October 8, 2024 at 3:26 pm #333628
    qra
    Participant

    Why aren’t the emails of newsletter subscribers encrypted as required by the GDPR?

    October 8, 2024 at 4:25 pm #333633
    Michael
    Keymaster

    Hello,

    where does Gdrp state this?

    Michael

    October 8, 2024 at 4:52 pm #333641
    qra
    Participant

    I don’t know if it is mandatory o reccomended, but here:
    https://www.privacy-regulation.eu/en/32.htm

    October 8, 2024 at 6:10 pm #333649
    Michael
    Keymaster

    Hi,

    don’t worry we are well aware of GDPR’s regulations. That is a recommendation, anyway all data is in your hands and nothing is stored elsewhere rather than your own server.

    thanks
    Michael

    December 19, 2025 at 9:14 am #352294
    Paul van Rossem
    Participant

    The GDPR simply requires to store sensitive data (like names and email addresses) in a safe manner. This is a requirement, not a recommendation. If your WP site is ever hacked (which is not unlikely for WP) and you didn’t encrypt your data as a security measure, you may have a really big problem. Names, email addresses, gender, etc, should ALWAYS be encrypted. It is very easy to implement, the tools are just there. Just do it!

    December 19, 2025 at 9:42 am #352295
    Stefano
    Keymaster

    The definition of sensitive data is here:

    https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en

    so it depends on what people collects about their subscribers. Since the data should be editable by subscribers, if the site is hacked (and 99.9% it means someone ha access to the files), they can exfiltrate the data and the encryption key that must be available in the code to have the site working.

    Of course, there are many different measures one can put in practice, and a security assessment should be carried out as soon as one decides to collect specific/sensitive personal data. One option is not to use a mail marketing plugin, but use a secure software not publicly accessible and sync only the minimal data required to send a newsletter.

    Another choice is to rely on a third-party mail marketing service to store or sync the data. They act as “data processor” (see the GDPR definition) and they may grant different levels of security and certifications (27001, nis2, …).

    A note that may be relevant for someone reading this discussion: our plugin does not transfer personal data out of the site where it is installed. The only exception is when a third-party delivery service is used; in that case, the site owner should check the grants offered by that service when they sign up with that service.

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.