Remove access to Subscribers

[Rod Rayner]

Hi,

Due to some GDPR regulations we are looking for a way to remove access to the subscribers list based on group permissions. i.e. normal users can not see actual subscriber information and instead send campaigns to a list but admins can access subscriber information.

Is this possible at all and if so how? I have looked at group permissions with lists etc and can not see how we woudl achieve this.

Thanks.

 

[twisted1919]

Mailwizz is designed in such way that a "customer" is the owner of the list and the emails in that list. If you share access to that list with other people, then mailwizz cannot help you, simply because it's not in our design.

 

[Rod Rayner]

Hi Twisted, i understand what your saying but the list isn't being shared with anyone out side of our business. Its simply a GDPR housekeeping task that ONLY staff that need access should be able to see personal information.

GDPR regulations makes it very clear that privacy is at the top of the list. There is no reason for our marketing people to know who is a member of what list, they simply need to send campaigns to a list.

Adding a feature like this WILL tick a lot of boxes for GDPR and you will overcome many issues that other e-marketing platforms seem to ignore or do not understand. If it's not possible with the current version then i would strongly recommend such a permission, its then up to users of the system if they want to impose it or not. Not having such a permission in place would suggest your system is not GDPR compliant.

For now i will ask our Devs to look into a way to edit code to remove access.

 

[twisted1919]

Its simply a GDPR housekeeping task that ONLY staff that need access should be able to see personal information.

Marketing people don't just do campaigns blindly, at least not in any environment i have been in touch with.
They check stats, reports, metrics, opens/clicks/bounce rates, it's impossible for them to not get in touch with subscriber data.
So, give access to the login only to the people who need access to it and teach them the importance of data privacy.

GDPR regulations makes it very clear that privacy is at the top of the list.

Of course, and we've been one of the first companies in Envato that took action towards this purpose and spend considerable amount of money with lawyers to make sure we're on the right track with all this, and we're a super duper small company, but still.
Mailwizz is gdpr compliant as described at https://kb.mailwizz.com/articles/mailwizz-and-gdpr/
If we got something wrong, we can take it to our lawyer, but again, i think we're very much compliant right now.

Not having such a permission in place would suggest your system is not GDPR compliant.

Well, the fact that the app doesn't bend to some specific needs does not make it less compliant.
It is compliant for the way it has been designed to work which is explained in above link.
People having access to private data can be instructed to handle it with care and that would solve the problem.

For now i will ask our Devs to look into a way to edit code to remove access.

If you need any type of assistance with where to place code, or your devs need any hooks the app doesn't have now, let me know, i'll do my best to assist, as with anything else

 

[Rod Rayner]

Twisted, thanks for the offer of helping change / update code. Much appreciated, i'll be in touch..

I'm not getting into anything back and forth re GDPR because to be fair even the experts argue what's right / wrong. What you have said re running a campaign i totally 100% agree with... BUT... you dont need access to a persons name or email address to run a campaign or check stats... just saying . I'm happy to help with any GDPR questions as we are not a small company and have also spent considerable money on getting compliant... i also have an external GDPR consultant on retainer that acts as our DPO... and can assure you that the best route to take is if you dont need access to personal data then remove it... that way you cant go wrong