Email Lists - Not GDPR Compliant

[AdamSwish]

Under the right to be forgotten (GDPR) if someone asks for their data to be deleted from your records then it must be entirely removed. That doesn't mean taken off of a mailing list, it means "forgotten", gone, deleted.

The current functionality in Squarespace allows you (or the user) to delete a users email from a specific mailing list but not completely from your profile. So they would not receive campaigns/marketing emails anymore but they are not forgotten. It is not possible to delete someone from your profile and therefore impossible to comply with this law.  

I cannot see how email lists and therefore campaigns through squarespace can possibly be used anywhere where GDPR or equivalent rules apply?

To be clear on the importance of this, the penalties for a breach range from 2% to 4% of annual global turnover of the business in breach.

Has squarespace made a statement to the contrary as I can't find one?

For clarity the Information Commissioners Office states the right to operate as per the attachment.

Edited May 9, 2023 by AdamSwish

[Parker_SQSP]

Hi @AdamSwish,

I understand your concern here. I wanted to let you know that individual contacts can be deleted from the Contacts panel of your site, as well as removed from mailing lists. The steps to delete that data can be found here: 

https://support.squarespace.com/hc/en-us/articles/360046485652#toc-delete-contacts

If you need a large amount of contacts deleted, you can reach out to privacy@squarespace.com.

I hope this helps!