Respecting GDPR is one of the most delicate and often underestimated topics when discussing email marketing. Yet, failure to comply can result in fines of up to 10 or even 20 million euros, depending on the severity of the violation.
But what can you do to comply with the European data protection regulation?
A great starting point is choosing a platform like Emailchef, which can meet all the requirements set by the GDPR (so you don’t have to worry about anything). The servers used by Emailchef are located in Europe, and our IP addresses are European, thus guaranteeing one of the key requirements under GDPR. This way, you can store the collected data on servers that are secure in terms of privacy.
By choosing to localize our servers in Europe, we can guarantee compliance with the protection standards required by GDPR, a fundamental step in ensuring the security of those who use our products and services.
But that’s not all: it will also be essential to implement the other measures required by the Regulation. Which ones?
- You must collect data only from those who have explicitly consented to it. To assist you in this process, Emailchef provides single or double opt-in subscription forms, allowing you to add to your mailing list only those who have given their authorization through registration.
![[EN] How to create a sign-up form with eMailChef](https://emailchef.com/wp-content/plugins/wp-youtube-lyte/lyteCache.php?origThumbUrl=https%3A%2F%2Fi.ytimg.com%2Fvi%2FC_IMb_oulCM%2F0.jpg)
- Allow all subscribers to unsubscribe from your mailing list whenever they wish. This is a requirement not only of GDPR but also of the CAN-SPAM Act, the U.S. privacy law. All templates created with Emailchef's drag-and-drop editor automatically include the footer for unsubscription. This way, you give anyone no longer interested in receiving your communications the option to unsubscribe.
Emailchef's measures to ensure your privacy protection.
To give you a complete picture of what Emailchef is doing to ensure privacy compliance, we’ve prepared a summary table of the measures we have adopted, allowing you to use our products and services in total security.
- We have appointed a Data Protection Officer (DPO).
- We have trained the personnel responsible for data processing and related control activities.
- Our policy on data subject rights and procedures for demonstrating consent to data processing has been updated.
- We have created a detailed GDPR-compliant privacy notice that is easy to understand, informing users how to exercise their rights.
- Our procedures for responding to data breaches are swift and occur without delay upon detecting an anomaly.
- We conducted a DPIA (Data Protection Impact Assessment).
- We have applied the GDPR principles to various aspects of data processing (activities, purposes, description of recipient categories, and potential transfers).
- Our technical and organizational measures have been strengthened.
- We guarantee the right to data portability and transparency of the data of the subjects involved, from and to third-party systems.
- The level of protection for data transfers to non-EU countries has been strengthened with appropriate protocols.
- We have long adopted Privacy by Design to effectively implement data protection principles (such as minimization) and integrate safeguards that meet GDPR requirements into the processing.
- We perform periodic checks on the efficiency and adequacy of the measures applied.
If you want to know more about the measures we have taken and what you can do to comply with GDPR, read our privacy regulation guide.
