Data Protection and the GDPR
Last updated on 14.07.2026
Organisations that manage contact details have a responsibility: the GDPR grants data subjects clear rights and imposes clear obligations on organisations. Komma is designed to enable you to fulfil these obligations in a practical way.
What Komma offers
- Data separation: Thanks to the multi-tenant architecture, each organisation’s data is strictly isolated.
- Access control: Permissions ensure that only authorised individuals can view data.
- Logging: The audit log documents changes and exports – including the automatic redaction of sensitive fields.
- Secure login: Passwordless logins eliminate the risk of stolen passwords.
- Unsubscribe handling: Newsletter unsubscriptions are automatically and permanently honoured.
Implementing data subjects’ rights
If a person exercises their rights, Komma supports you:
- Right of access (Art. 15 GDPR): All data stored about a person can be viewed and exported in a consolidated form within the contact profile.
- Rectification (Art. 16): Data can be corrected in the profile at any time.
- Erasure (Art. 17): Contacts can be completely deleted. Please note statutory retention obligations (e.g. for donation data).
Your responsibility as an organisation
Komma is the tool – the responsibility for lawful data processing lies with your organisation:
- Only collect data that you really need.
- Obtain consent for newsletters and keep a record of it.
- Keep your privacy policy up to date.
- Establish internal policies governing who has access to which data.
This article does not replace legal advice on specific legal issues – if in doubt, consult your organisation’s data protection officer.