General Data Protection Regulation (GDPR)
The GDPR is a set of data protection rules that applies to businesses around the world that provide services and process data from, or about, individuals in the EU. It requires that individuals must have control over their personal data and it specifies how such data may be collected, processed, and stored.
List-owners have obligations to their subscribers in the EU -- namely ensuring that their subscribers' consent to be on the list; and ensuring their subscribers' information is not shared without permission. List-owners' obligations are set out in MailmanLists' Terms and conditions of use.
In summary, the GDPR requires:
- transparency about how data is processed
- an individual's access to, and information about, collected data
- the correction of stored data as requested
- the removal of data (right to be forgotten)
- the restriction of data processing
- data portability.
And in protecting data, the GDPR requires that:
- personal data must only be collected when consent from the user has been obtained
- personal data must not be used for purposes inconsistent with the initial purpose of collection
- personal data must not be stored longer than required by the purpose of collection
- personal data must be kept confidential unless required by law.