Are you looking to be sure that your use of WP Mail SMTP is compliant with the European Union’s General Data Protection Regulation?
The best way to ensure GDPR compliance for your specific site is always to consult legal counsel. However, in this guide, we’ll discuss general considerations for GDPR compliance in WP Mail SMTP.
In This Article
Note: This article contains general information about WP Mail SMTP and the GDPR. However, in all circumstances, we strongly recommend you consult directly with legal counsel familiar with the GDPR to review your specific use of WP Mail SMTP.
What Is the GDPR?
The GDPR, or General Data Protection Regulation, is a set of data collection regulations in the E.U. (effective as of May 25, 2018). Requirements under the GDPR include acquiring explicit consent before collecting or storing user data, as well as allowing users to request access to or deletion of that data.
For more details, please see WPBeginner’s ultimate guide to WordPress and the GDPR.
WP Mail SMTP Best Practices for GDPR Compliance
Below, we’ve reviewed the top ways you can improve your site’s GDPR compliance when using WP Mail SMTP.
Data Storage
WP Mail SMTP stores all the data it gathers on your site. Our team doesn’t store any information on our end. Since your site will store all user data collected by WP Mail SMTP, it’s important to understand exactly what types of data the plugin saves.
WP Mail SMTP Lite
The WP Mail SMTP Lite plugin will only store plugin settings in your site’s database. This means that if you’re using our Lite version, you don’t need to worry about deleting or managing any user data in the WP Mail SMTP plugin.
WP Mail SMTP Pro
The paid version of WP Mail SMTP (WP Mail SMTP Pro) does have the ability to store email logs in your site’s database, in addition to plugin settings. Email logs are subject to the GDPR. We’ve outlined more details about email logging considerations below.
Email Logging
When using our email logging feature, your site will store user data collected by WP Mail SMTP. These are some important best practices to keep in mind regarding email logs.
Mailer-Specific Logs
Note: Mailer-specific logs are collected by your mailer, not by WP Mail SMTP. We do not have any control over the storage or management of this data.
Although we have listed below which mailers we know keep logs, we recommend looking into the GDPR compliance of your chosen mailer even if it is not mentioned below. Again, consult with legal counsel familiar with the GDPR to ensure your site and third-party services connected to it are compliant.
Many WP Mail SMTP mailers will keep logs of any emails that are sent out from your site. In order to meet the “right to be forgotten” component of the GDPR, you’ll need to be aware if your mailer is collecting these logs, as well as how to delete them.
The mailers that currently store logs are listed below:
- Brevo (Sendinblue)
- Amazon SES (Logs can be set up with Amazon’s SNS product, but this is not enabled by default and is for advanced users only.)
- Mailgun
- Postmark
- SendGrid
- SparkPost
Note: For more details on how to view and delete these logs, please be sure to reach out to your mailer’s support team for guidance.
WP Mail SMTP Logs
In the paid version of WP Mail SMTP, you can optionally enable email logging. This feature is separate from your mailer’s logs above, and must be manually enabled.
If you do choose to enable this logging option, all log data will be stored on your site. You’ll need to be sure to address this component if users request data deletion.
Other Considerations
Aside from double-checking your data storage settings and email logging capabilities, it’s also a good idea to check all the forms on your site for GDPR compliance. Since the GDPR requires that you ask for consent before collecting any user data (which you’ll need to do before sending out any emails), this is a super important part of the compliance process.
Frequently Asked Questions
Here, we’ve discussed the most common questions we see about WP Mail SMTP and the GDPR.
How can I be sure my site is GDPR compliant?
Compliance details will vary from site to site. This is why in all cases we recommend seeking legal counsel familiar with the GDPR to review your specific site to ensure compliance.
That’s it! We hope this guide helped you understand your options to maintain GDPR compliance in WP Mail SMTP.
Next, would you like to change which types of emails are sent by default through WordPress core? Be sure to check out our guide on how to manage email controls for more details.