| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| spam:gdpr [2021/06/04 11:17] – peter | spam:gdpr [2021/06/04 11:27] (current) – peter |
|---|
| GDPR [[https://gdpr.eu/article-6-how-to-process-personal-data-legally/|Article 6]] covers six **lawful bases** to allow **processing, collecting, storing and using of someones data**. | GDPR [[https://gdpr.eu/article-6-how-to-process-personal-data-legally/|Article 6]] covers six **lawful bases** to allow **processing, collecting, storing and using of someones data**. |
| |
| * Consent must be **freely given, specific, informed and unambiguous.** | - Consent must be **freely given, specific, informed and unambiguous.** |
| * Requests for consent must be **clearly distinguishable from the other matters** and presented in **clear and plain language.** | - Requests for consent must be **clearly distinguishable from the other matters** and presented in **clear and plain language.** |
| * Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. Companies cannot simply change the legal basis of the processing to one of the other justifications. | - Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. Companies cannot simply change the legal basis of the processing to one of the other justifications. |
| * Children under 13 can only give consent with permission from their parent. | - Children under 13 can only give consent with permission from their parent. |
| * They need to keep documentary evidence of consent. | - They need to keep documentary evidence of consent. |
| | - To have a **legitimate interest** to process someones data. |
| | |
| | |
| | The [[https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN|ePrivacy Directive, specifically Article 13]], presents organizations with another way to use someones data for marketing purposes that stems from the contractual basis of the GDPR. |
| | |
| | * An organization, **may use these electronic contact details for direct marketing of its __own__ similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner,** according to Article 13, part 2. |
| | * Essentially this means that an organization can lawfully send you marketing emails about the service they provide you as long as they inform you that you can opt-out at any time. |
| | |
| | ==== What this means for email ==== |
| | |
| | * GDPR does not ban email marketing. |
| | * GDPR does clarify the terms of consent, requiring organizations to ask for an affirmative opt-in to be able to send communications. |
| | * Companies must also make it easy for people to change their mind and opt-out. |
| | * If a marketing email does not present the option to unsubscribe, is sent to someone who never signed up for it, or does not advertise a service related to one the receiver uses is it violating the GDPR. |
| |
| ---- | ---- |
| https://gdpr.eu/email-encryption/ | https://gdpr.eu/email-encryption/ |
| |
| | https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN |
| |
| |
