Self-hosted does not mean processor-free
Self-hosting can reduce one vendor relationship, but hosting operators, SMTP relays, backup targets, monitoring systems, support tools, and administrators may still process personal data.
Processor control record
For every processor or subprocessor, document:
- service, role, processing purpose, data, people, and locations;
- controller instructions and prohibited uses;
- Article 28 contract and security obligations;
- confidentiality, access, incident, rights, audit, and assistance terms;
- subprocessor authorization and change-notice mechanism;
- deletion or return behavior, including backups;
- business continuity and service-exit plan; and
- transfer mechanism and supplementary assessment where required.
International-transfer sequence
- Identify whether personal data leaves the EEA or becomes remotely accessible from a third country.
- Check whether an Article 45 adequacy decision covers the destination and recipient.
- If not, identify an Article 46 safeguard such as applicable Standard Contractual Clauses or Binding Corporate Rules.
- Assess whether destination-country law or practice undermines the safeguard and whether supplementary measures are needed.
- Use Article 49 derogations narrowly; they are not a routine architecture pattern.
- Tell people about applicable transfers and how safeguards can be obtained.
Listmonk implications
A self-hosted Listmonk deployment should keep PostgreSQL private, restrict the admin surface, use double opt-in, record consent and notice versions, enforce unsubscribe and suppression, define retention, encrypt backups, test restore and deletion, govern SMTP delivery providers, and preserve migration reconciliation. Migrating email addresses without consent and suppression history destroys evidence and can reactivate people who unsubscribed.
Primary references
- Gdpr
- Processor
- Subprocessor
- International transfer
- Article 28
- Supplier risk
Note Metadata
Aliases: GDPR Article 28, GDPR International Transfers
Source: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng