GDPR
The GDPR (General Data Protection Regulation) is a European Union law that governs how personal data (including email addresses) is collected, processed, and stored.
What Is GDPR?
GDPR applies to any organisation that processes data of EU residents, regardless of where the organisation is based. For newsletter creators, GDPR means: obtaining explicit consent before adding someone to your list (pre-checked boxes don't count), being transparent about how you'll use subscriber data, providing a way for subscribers to access, correct, or delete their data, documenting your data processing activities, and reporting data breaches within 72 hours. GDPR requires a higher standard of consent than CAN-SPAM — you need affirmative opt-in, not just the ability to opt out. Fines can reach €20 million or 4% of annual global revenue.
Why It Matters for Newsletters
GDPR applies to you if any of your subscribers are in the EU — and unless you geo-block EU signups, some probably are. Beyond legal compliance, GDPR principles (informed consent, data minimisation, right to erasure) represent best practices that build trust with your entire audience.
Best Practices
- Use clear, affirmative opt-in — no pre-checked boxes or assumed consent
- Explain exactly what subscribers are signing up for and how their data will be used
- Provide a way for subscribers to request their data or request deletion
- Keep records of when and how each subscriber gave consent
- Regularly review your data processing practices for GDPR compliance
How Aldus Handles This
Aldus supports GDPR compliance with double opt-in subscription flows, clear consent recording, easy unsubscription, and the ability to export and delete subscriber data on request.