The only thing you as a user of the Post SMTP plugin needs to do is switch off the logging of emails to your server IF and only IF you don’t inform your users that you log their emails, their email IP addresses and the contents of their emails for a short period of time (no longer than XXX days) for the purpose of debugging or maintaining the website. This debugging is not permanently enabled etc etc.
If you want to avoid having to put anything in your privacy policies, then just switch off logging full stop.
If anything, all the plugin developer need do is insert a section in the Plugin Documentation reminding users of the plugin that ‘logs’ are stored within the database and therefore users should consider the GDPR guidelines with respect to the storage of user data.
At the moment, the logs store a number of entries, one future feature request could be an expiry date (i.e. X days) where log entries will expire and be automatically deleted. That will provide cover for websites that have low traffic where it might take several years to have say 100 emails accumulate and for emails to drop out of the log/database. Having an expiry date will reduce the chances of falling foul of the GDPR. But that’s a nice to have feature request…
GDPR is not ‘as scary’ is it first sounds. 9/10, so long as you show you have well documented procedures and policies, you do not keep data that you don’t operationally need for longer than necessary, that the user can easily request to be forgotten or have their data transferred and corrected, you are covered.
(YMMV – if in doubt, consult a lawyer etc etc, yada yada yada).
