Are you looking to be sure that your use of WP Mail SMTP is compliant with the European Union’s General Data Protection Regulation? The best way to ensure GDPR compliance for your specific site is always to consult legal counsel, but in this guide, we’ll discuss general considerations for GDPR compliance in WP Mail SMTP.
Note: This article contains general information. However, in all circumstances we strongly recommend you consult directly with legal counsel familiar with the GDPR regulations to review your specific use of WP Mail SMTP.
What is the GDPR?
The GDPR, or General Data Protection Regulation, is a set of data collection regulations in the E.U. (effective as of May 25, 2018). Requirements under GDPR include requiring explicit consent before collecting or storing user data, as well as allowing the user to request access to or deletion of that data.
For full details, please see this ultimate guide to WordPress and GDPR.
Best Practices for GDPR Compliance
All data that is gathered from the WP Mail SMTP plugin is stored completely within each user’s site, and our team doesn’t store any information on our end. Since your site will store all user data, it’s important to understand exactly what types of data are located within your site.
WP Mail SMTP Lite
The WP Mail SMTP Lite plugin will only store plugin settings within your site’s database. This means that if you’re using our Lite version, you don’t need to worry about deleting or managing any user data within the WP Mail SMTP plugin.
WP Mail SMTP Pro
The paid version of WP Mail SMTP (WP Mail SMTP Pro) does have the ability to store email logs within your site’s database, in addition to plugin settings. Email logs are subject to GDPR regulations, and we outline more details about email logging considerations below.
Many mailer options will keep logs of any emails that are sent out from your site. In order to meet the “right to be forgotten” component of GDPR, you’ll need to be aware if your mailer is collecting these logs, as well as how to delete them. The mailers that currently store logs are listed below:
- Amazon SES (Logs can be set up with Amazon’s SNS product, but this is not enabled by default and is for advanced users only.)
Note: For more details on how to view and delete these logs, please be sure to reach out to your mailer’s support team for guidance.
WP Mail SMTP Logs
Within the paid version of WP Mail SMTP, you can optionally enable email logging. This is separate from your mailer’s logs above, and must be manually enabled.
If you do choose to enable this logging option, all log data will be stored on your site, and you’ll need to be sure to address this component if users request data deletion.
Aside from double-checking your data storage settings and email logging capabilities, it’s a good idea to check all forms on your site for GDPR compliance. Since GDPR requires that you ask for consent before any user data is collected (which will also be before any emails could get sent out), this is a super important part of the compliance process.
Frequently Asked Questions
How can I be sure my site is GDPR compliant?
Compliance details will vary from site to site. This is why in all cases we recommend seeking legal counsel familiar with GDPR to review your specific site to ensure compliance.
That’s it! We hope this guide helped you understand your options to maintain GDPR compliance in WP Mail SMTP.
Next, would you like to change which types of emails are sent by default through WordPress core? Be sure to check out our our guide on how to manage email controls for more details!