Articles on: Good practices
This article is also available in:

Manual of Best Practices for Data Protection (GDPR)

Best Practices Manual on Data Protection (GDPR)


At Mailerfind, we take the protection of personal data and regulatory compliance very seriously. For this reason, we provide our clients with a series of support materials aimed at facilitating compliance with the General Data Protection Regulation (GDPR) and the applicable Spanish regulations.


This section is intended to help you understand which obligations apply to you as the data controller, what the recommended best practices are, and which guidance tools you can use to analyze the legality of your data processing activities.


Reference Regulatory Framework


The use of Mailerfind may involve the processing of third-party personal data. Such processing is subject, among others, to the following regulations:


  • Regulation (EU) 2016/679 of 27 April (GDPR)
  • Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD)
  • Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE)
  • Criteria and decisions issued by the Spanish Data Protection Agency (AEPD) and the European Data Protection Board (EDPB)


In this context, the Mailerfind client acts as the Data Controller, while Mailerfind acts as the Data Processor, limiting its processing of the data to the client’s behalf and in accordance with the client’s instructions.


Best Practices Manual for Clients and Users


Mailerfind, together with the law firm ECIJA & Asociados Abogados, has prepared a Best Practices Manual that sets out general guidelines for the responsible use of personal data obtained through the platform.


This manual addresses, among other aspects:


  • Basic GDPR principles applicable to data processing
  • Legal bases for processing, such as consent, legitimate interest, etc.
  • Profiling and segmentation
  • Sending commercial communications
  • Duty of information and transparency
  • Management of data subjects’ rights
  • Organizational measures and due diligence


👉 Access the Best Practices Manual here:
Best Practices Manual for Mailerfind Clients and Users


Legitimate Interest Assessment (LIA)


In many cases, clients may consider relying on legitimate interest as the legal basis for certain processing activities, especially in activities such as profiling or audience segmentation.


The regulation requires that this legal basis not be applied automatically, but rather be preceded by a Legitimate Interest Assessment (LIA), which makes it possible to verify that:


  1. There is a real and specific legitimate interest.
  2. The processing is necessary to achieve that purpose.
  3. The rights and freedoms of the data subjects do not override that interest.


Each processing activity requires its own analysis, adapted to the context, purpose, and type of data being processed.


In order to help you understand this process, Mailerfind provides a guidance template in Excel format, which serves as a practical guide to structure the analysis.


👉 Download the guidance template for the Legitimate Interest Assessment (LIA):
LIA Guide – Guidance Template


Data Protection Impact Assessment (DPIA)


In certain cases, the GDPR requires a Data Protection Impact Assessment (DPIA) to be carried out, especially when the processing may pose a high risk to the rights and freedoms of individuals.


This may occur, for example, when:


  • Large volumes of data are processed
  • Profiling is carried out for commercial purposes
  • Different sources of information are combined
  • Intensive technologies or processing methods are used


As with the LIA, there is no single model that is valid for all cases. Each DPIA must be adapted to the specific processing activity to be carried out.


To facilitate understanding of the process, Mailerfind provides a guidance template in Excel format, which helps identify the essential steps, potential risks, and mitigation measures.


👉 Download the guidance template for the Data Protection Impact Assessment (DPIA):
DPIA Guide – Guidance Template


Important: Guidance Nature of the Materials


It is essential that you keep in mind that:


  • The manuals and templates provided by Mailerfind do not constitute legal advice.
  • They are not closed models or automatically applicable to all cases.
  • Their purpose is to help you understand the key concepts and serve as an initial reference framework.


Each client is responsible for analyzing their specific situation and, where appropriate, seeking specialized legal advice to validate the legal basis for their processing activities and full compliance with the GDPR.


Client Responsibility


As the data controller, the Mailerfind client is solely responsible for:


  • Determining the legal basis for processing
  • Ensuring the duty of information and transparency
  • Properly obtaining and managing consent when necessary
  • Responding to data subjects’ rights
  • Applying appropriate technical and organizational measures
  • Documenting the assessments and decisions adopted, in accordance with the principle of accountability


Mailerfind provides technology and supporting documentation, but does not determine the purposes or means of the processing carried out by the client.


If you have any questions about these materials or how to apply them correctly in your case, we recommend consulting a professional specialized in data protection.

Updated on: 09/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!