The EU General Data Protection Regulation (EU GDPR) was created to protect all EU residents from privacy and data breaches. It will become enforceable as of May 25, 2018. This guide is provided for informational purposes only. It should not be considered as legal advice.
The GDPR is a privacy law enacted by the European Commission in 2016. The GDPR replaces a prior EU privacy directive (Directive 95/46/EC). The regulation is a binding act, which must be followed in its entirety by all organizations who process EU residents' personal data, regardless of location. The GDPR is intended to modernize EU privacy data protection. The GDPR regulates how organizations gather, use and retain personal data. The GDPR will have an impact on all organizations involved in processing personal data of EU residents.
Personal Data: Any information that results in the identification of an individual. Personal data includes name and email address, data that is embedded in LISTSERV.
The GDPR applies to any organization regardless of where the data is processed. All organizations should determine whether they are processing personal data of EU residents. The GDPR also encompasses all industries and sectors.
The GDPR has a broad impact. The following changes are particularly relevant to our customers:
1. Expansion of individual rights
EU residents will have important new rights under the GDPR, including:
You, as a data controller, must accommodate these rights if you are processing the personal data of EU residents.
2. Stricter consent requirements
Organizations must ensure that consent is obtained for the use of personal data. Obtain consent from your subscribers for each different usage of their personal data. The surest route to compliance is to obtain explicit consent via the double opt-in subscription method built into LISTSERV and LISTSERV Maestro.
3. Stricter processing requirements
Individuals have the right to receive information about the processing of their personal data, including:
Review the GDPR in its entirety to ensure that you have a full understanding of its requirements.
Consult your legal counsel regarding your compliance obligations. If your organization is in the European Union or your organization processes the personal information of EU residents, then the GDPR probably applies to you.
If your organization accesses personal data, you do so in the role of either a controller or a processor. The obligations differ based on the role. A controller is the organization that determines the:
If you administer or own a LISTSERV or LISTSERV Maestro list, you are a data controller. A processor is the organization that processes the data on behalf of the controller.
Controllers are responsible for the protection of personal data. Controllers must respond to subscriber inquiries about personal data use, personal data corrections, requests to be "forgotten" and requests for data transfer. Controllers have the obligation to report data breaches to the appropriate Data Protection Authority (DPA). L-Soft customers, using LISTSERV and LISTSERV Maestro, are responsible for EU resident's personal data.
L-Soft is a processor of personal data for its hosting customers (ListPlex and EASE). The LISTSERV and LISTSERV Maestro software distribute email messages and collect information based on the instructions of the hosting customer.
L-Soft software will help your organization respond to EU subscriber requests based on their rights, including:
If you are a ListPlex or EASE customer, review the privacy statement and practices applicable to your organization and ensure that these documents and practices include proper notice that the personal data of your subscribers will be transferred to and processed by L-Soft. Consider updating your privacy statement to include language that specifically identifies L-Soft as one of your processors and delineates the applicable processing activities performed by L-Soft, such as the collection and storage of personal data within your LISTSERV account to allow you to create and use distribution lists.
If you have specific questions about GDPR, please contact L-Soft sales at: firstname.lastname@example.org.
For a list of frequently asked question about GDPR, visit:
Your company may have an existing contract with L-Soft International, Inc. and its affiliates (L-Soft). According to the EU General Data Protection Regulation (GDPR, article 28), the controller (your company) and the processor (L-Soft) are obligated to have an agreement governing the processing of personal data (for example, name and email address). To comply with article 28 and permit your company to update the existing contracts with your users, L-Soft created the Data Processing Addendum (DPA).
Use this amendment to the existing contract if:
In the event of any conflict with existing data privacy or security terms of agreement, the DPA shall prevail. The DPA can be found at the following location:
If you contract with L-Soft for a hosting service (ListPlex, EASE), L-Soft will store and process personal data for your subscribers. Where notice to or consent by the individuals is required for such processing, you will notify and obtain such consent.
Your continued ordering, marketing or accessing of the L-Soft services provided under your existing contract indicates your acceptance of the DPA.
LISTSERV is a registered trademark licensed to L-Soft international, Inc.
See Guidelines for Proper Usage of the LISTSERV Trademark for more details.
All other trademarks, both marked and unmarked, are the property of their respective owners.