GDPR and Email Marketing#
The General Data Protection Regulation (GDPR) applies to any business that processes personal data of EU residents, regardless of where the business is located.
Key Requirements#
1. Lawful Basis for Processing#
For marketing emails, you need explicit consent:
- Consent must be freely given, specific, informed, and unambiguous
- Pre-ticked checkboxes do NOT count as consent
- You must record when and how consent was given
2. Right to Access (Article 15)#
Subscribers can request all data you hold about them. In AcelleMail:
- Export subscriber profile from admin panel
- Include: email, name, custom fields, subscription date, engagement history
3. Right to Erasure (Article 17)#
"Right to be forgotten" — delete all subscriber data on request:
- Remove from all lists
- Delete engagement history
- Remove from any exports or backups
4. Right to Portability (Article 20)#
Export subscriber data in a machine-readable format (CSV/JSON).
5. Data Processing Agreement#
If using third-party sending services (SES, SendGrid), you need a DPA with each provider.
AcelleMail GDPR Features#
- Double opt-in with customizable confirmation emails
- Consent checkboxes on signup forms (customizable text)
- One-click data export for any subscriber
- One-click data deletion with confirmation
- Self-hosted: Data stays on YOUR server — no third-party sharing by default
- Audit trail: Track consent timestamps and sources
Signup Form Requirements#
<form>
<input type="email" name="email" required>
<label>
<input type="checkbox" name="consent" required>
I agree to receive marketing emails from [Company].
I understand I can unsubscribe at any time.
<a href="/privacy">Privacy Policy</a>
</label>
<button type="submit">Subscribe</button>
</form>
Important: The consent checkbox must NOT be pre-checked. The subscriber must actively opt in.
