E-mail marketing GDPR compliant– AGNITAS

AGNITAS is compliant

As the deadline for its enforcement draws nearer, it is becoming more difficult to ignore the EU’s General Data Protection Regulation (GDPR). Whether daily newsletters or postal mailings, the headlines are screaming about “How to Comply with the EU General Data Protection Regulation”. In social media, the issue has taken on absurd proportions. Access the #GDPR feed through Twitter and you won’t know whether to laugh or cry. In general, the atmosphere is one of panic and uncertainty.

At AGNITAS, we also had to exam the GDPR issues in detail, in particular because of our concerns with providing services as an email service provider to our customers, and their customers, with personalized data processing. Naturally, we began examining the issues early and adjusting to the new requirements with the support of our legal department. As part of that, EMM has received a couple of additional features that we would like to present to you now.

New features

Tracking rejection

By default, EMM records when the recipient personally opens email messages and clicks links. Of course, the GDPR requires that people receiving such message have the ability to reject being tracked. For that reason, you must give recipients the option of choosing whether they want their data recorded or not. The Sys_Tracking_Veto entry has been added to the system profile for EMM for this purpose. The entry allows statistics to be recorded, but prevents the collection of personal data. So that recipients can also retroactively reject tracking, we always recommend integrating a checkbox into the email message’s footer. A link can also be used to connect to the profile page or the Profile Center page, where such a choice can be made using a checkbox. Personal data can also be removed from the database retroactively.

You can find more information here or contact your customer representative directly.

Notification report

According to the GDPR, each recipient has the right to be notified about the data stored about them in electronic format. As part of this, we have developed a notification report for EMM. It provides EMM with the ability to create a complete report for a recipient profile by merely clicking.

BCC addresses for archiving double-opt-in messages

To avoid unnecessary problems, we recommend that you document each agreement from customers and any changes, especially where the double-opt-in form is involved. That way, you will always have proof of that agreement was made legally. To provide additional support, you can send the transaction message to a blind carbon copy (BCC) address. Using this option will allow you to simply send your double-opt-in agreements as email to an email account created for that purpose and archive them. Upon request, we can also make an email account available to you. This way, you will always have legal proof ready.

You can find more information about this here.

Exporting the user activity log

Based on the GDPR, not only should newsletter recipients have access to their own data, but the ability to export user data must also exist. This also affects the user activity log. The steps taken by EMM users are logged in this file. Exporting this data is now possible with EMM.

Data protection and security

Because AGNITAS already fulfills the highest standards for data protection and security, such as the ISO 27018:2014 standard, even before the GDPR was enacted, the E-Marketing Manager did not require additional changes.

Additional measures

Outside of EMM, AGNITAS has made the following updates and additions:

  • Service provision directory,
  • Advanced procedural directory,
  • New contracts for processing customer orders,
  • New declaration of obligations for employees,
  • New data protection declaration.

By using EMM, you are not risking any problems based on the new GDPR. Nothing will stand in the way of your email marketing campaigns after May 25 2018.

However, please be aware that your company must also take all of the necessary measures. For example, you should modify your data protection declaration with regard to processing newsletter data. Likewise, modifications should also be made to the newsletter itself. To be sure, please review our 7-point Check List.


If you have any questions, please contact your customer representative or our support team.