Management of personal data in Mautic may not fit for all business applications (see: Data Management Background). This plugin extends this with GDPR compliant data management to meet EU requirements.
When using the plugin in LeadEngine / Mautic – a user requesting to unsubscribe from the service, will not be put on the ‘do-not-contact’ list, but their data will not be completely deleted either.
The personal data of the affected user is encrypted with a unique MD5 hash, so that it can no longer be sent to a message in any case (thus achieving the original purpose in a different way). The encrypted data set, on the other hand, remains in the system, thus providing the possibility that, in the event of a post-unsubscribe official request, the data subject’s data may be partially identifiable even when it is no no longer available for messaging purposes.
This brings the system in line with both EU – GDPR regulation and, in parallel, general criminal law and consequent regulatory requirements.
As a result of the solution, no additional personal data will be stored * after unsubscribing from the messaging service *, while upon official request – knowing specific data – the older presence of the already inactive person in the service can still be examined.
* In addition to using the plugin, you can set which of the user-related ‘custom field’ data in the database the user unsubscribes will be deleted when, whose value will be encrypted, and what will remain intact – no longer as personal, statistical data.
In Mautic’s factory solution, the user is either on a ‘do-not-contact’ list (in which case his personal data is retained, although this cannot be done in the case of a user requesting unsubscription)or alternatively a complete deletion (which is not automatic delete all existing data about the user).
Hashing the personal data of unsubscribed or bounced contacts allows to not have those data available, but also allows to search for them – with the exact email address – in case of an official or support request.
