GDPR and Privacy Compliance

Learn what Wishpond is doing to comply with GDPR, and what it means for you.

In compliance with EU law, Wishpond is fully GDPR compliant. We want to ensure that every one of our users and subscribers knows exactly what we’re doing to meet GDPR compliance as well as how it pertains to them.

1. What is GDPR?

Going into law on May 25th, the General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union.

The GDPR applies to any organization that uses the personal data of people located in the EU.

If you do any business with the EU, or have marketing campaigns which may be seen by EU residents, then GDPR compliance matters to you.

But I don’t do business in the European Union…

You are not required to sign Wishpond’s new GDPR-compliant Data Protection Agreement, and Wishpond has put in place a feature allowing you to hide your Wishpond campaigns from EU residents/IP addresses.

What is Wishpond doing to comply with GDPR?

Wishpond welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe as an opportunity for us to strengthen our commitment to data protection and personal privacy.

As such, we have undertaken the following:

  • Analyzed what personal data we process and confirmed our lawful basis for processing that data
  • Updated our Privacy Policy
  • Updated our Terms of Service
  • Reviewed how we gather consent for marketing
  • Implementing procedures related to data subject rights
  • Improving our data breach response procedure
  • Communicated with our customers about GDPR and how it affects our relationship with them and their role

What do Wishpond’s merchants need to do to meet Wishpond’s new GDPR compliant policies?

Review our updated Privacy Policy

Review our updated Terms of Service

Sign our Data Processor Agreement.

What do Wishpond’s merchants need to do to comply with GDPR?

We understand that compliance with the GDPR requires a partnership between​ Wishpond ​and our customers in their use of our services and we look forward to working with you on this important new regulation.

Within the GDPR, there are two primary roles: Data “Processors” and Data “Controllers.” As a Wishpond merchant, you are a Data Controller – responsible for the personal data you collect in connection with Wishpond (the Data Processor).

What are your responsibilities as a Data Controller?

You will typically act as the Data Controller for any personal information you collect in connection with your business. The Data Controller determines the purpose and means of processing personal data. When you choose to use Wishpond’s services to collect personal information, you are deciding the purpose and means.

Data Controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimization, and accuracy, as well as fulfilling data subject’s rights with respect to their data.


Wishpond recommends you seek advice from a GDPR consultant relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation. Nothing on this page is intended to provide you with, or should be used as a substitute for, legal advice.


Where should you start?

As a Data Controller, the following are some tips on where to start with GDPR compliance:

  • Assign a data protection business lead or appoint a Data Protection Officer.
  • Create an inventory of personal data that you handle.
  • Review your current data protection controls, policies, and processes to assess whether they meet the requirements of the GDPR, and build a plan to address any gaps. Again, it is recommended that you consult with a professional.
  • Review and sign our Data Processor Agreement.
  • Monitor updated regulatory guidance as it becomes available.

Getting Consent

If you are creating an email list with users from the EU, there is a requirement to collect explicit consent in a “freely given, specific, informed and unambiguous” way, which is reinforced by a “clear affirmative action.”

In other words, your leads, customers, etc, ned to physically confirm that they want to be contacted. Therefore, a pre-ticked box that automatically opts them is no longer sufficient. Opt-ins need to be a deliberate choice.

What is Wishpond doing in-platform to help users comply with GDPR?

Alongside our recommended tips on GDPR compliance above, Wishpond has added a number of GDPR-focused features to our software to help our users ensure GDPR compliance:

Prevent viewing of campaign based on IP address (COMPLETED)

We have introduced a feature into our campaign editor which makes it easy for our users to hide their campaigns from EU IP addresses, meaning you can launch your campaign without having to worry about GDPR compliance.

Export lead data (COMPLETED)

This feature will allow merchants to export all of the data they have on specific Leads so they can comply with people’s requests for their personal data.

Delete lead data (COMPLETED)

This feature allows merchants to delete all of a specific Lead’s data from their Wishpond account.

Disable 3rd party tracking codes on campaign (per lead) (COMPLETED)

This will allow merchants to comply with people’s requests to not pass their data on to 3rd party services via tracking codes on their Wishpond Campaigns.

Disable leads from being exported to 3rd party integrations (COMPLETED)

This will allow merchants to comply with people’s requests to not pass their data on to 3rd party services via Wishpond’s Lead Export feature.

Redirect visitors from campaigns if they are from the EU (COMPLETED)

This allows merchants to redirect visitors to their Wishpond Campaigns to another (GDPR-compliant) URL if the visitor has an EU IP Address.

Conditional exclusion of leads from a list or automation if they are from the EU (COMPLETED)

This allows merchants to easily exclude leads from lists, workflows and newsletters if they have an EU IP address.

Disable tracking of visitors from the EU (COMPLETED)

This will allow merchants to exclude visitors from the EU from being tracked using Wishpond’s tracking code.

Where can I go for help?

Please contact support@wishpond.com if you need anything.