Scenarios in connection with the GDPR

When addressing the issue of which adjustments you should make in Inxmail Professional in connection with the provisions of the GDPR, the following three questions are of decisive importance:

  1. Do the provisions of the EU GDPR apply to your company or organisation?
  2. Do you store or process personal data that you obtain through personalised tracking?

  3. Do you use data obtained through personalised tracking to create user profiles and target groups (recipient reactions), or is it sufficient if data obtained through personalised tracking is available in anonymised form?

Depending on whether you answer Yes or No to these questions, three main scenarios emerge for using Inxmail Professional. These scenarios differ considerably in the scope of the measures you should take.

The following diagram provides an overview of the main questions and scenarios.

Be aware that the scenarios shown here may turn out to be somewhat more complex, depending on constellation. This can be the case if, for example, multiple scenarios may exist for your Inxmail Professional client. If you have international recipients, it may be that the provisions of the GDPR apply to some mailing lists but not to others.

Scenario 1 – GDPR compliance is not required

You have answered No to the first question.

The provisions of the GDPR do not apply to you. Whether you store and process data obtained through person-based tracking is therefore insignificant for you in this connection. You should, however, observe any existing legal provisions that apply to your situation.

The measures you must take for this scenario can be found in the section Scenario 1 – GDPR compliance is not required.

Scenario 2 – GDPR compliance through anonymised data

You have answered Yes to Question 1 and No to Question 2.

The provisions of the GDPR apply to you. In addition, you store and process personal data obtained through tracking. However, it is sufficient if this data is available in anonymised form.

The measures you must take for this scenario can be found in the section Scenario 2 – GDPR compliance through anonymised data.

Scenario 3 – GDPR compliance through recipients’ consent

You have answered Yes to Questions 1, 2 and 3.

The provisions of the GDPR apply to you. You store and process personal data obtained through tracking. You use this data to create user profiles and/or target groups.

The measures you must take for this scenario can be found in the section Scenario 3 – GDPR compliance through recipients’ consent.