Data Protection

General Data Protection Regulation

Forfront complies with the new requirements set out in GDPR. The GDPR represents a refreshed Data Protection regulation as set out by UK laws to protect personal data.

As data controllers our obligation is to be responsible for and to be able to demonstrate compliance with the principles.

Forfront's responsibilities under GDPR fall under 2 categories: as data controller with its obligations for the data, information and procedures it processes as a company for its own use; and the processing of its clients' data as a data processor.

How do we comply?

  • We ensure that all individual data is processed in a transparent, fair and lawful way;
  • Data collection is only for legitimate purposes;
  • The data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • The data is kept accurate and up to date or discarded if it’s no longer correct or relevant;
  • The data is not kept where it is no longer necessary for the purpose of processing;
  • The data is kept secure and ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

How do we help you comply?

Keep your data up to date:

e-shot™ offers its clients a variety of methods to ensure the data they use is kept fresh, relevant and up to date. Clients are able to use our import facilities, a variety of integrations with CRM systems or API integration.

Keep all relevant records:

An important part of the GDPR is being able to demonstrate your compliance. e-shot™ is unique in recording all the information that is relevant to each contact; from the initial subscription date, opt-out information and any relevant interaction throughout the contact's activity.

For clients who use the e-shot™ generated subscription form, we offer to use the double opt-in form which not only ensures subscribing for the correct information but offers authentication of user credentials before being added to the list.


All information and communication being processed including via the user interface, API and integrations is encrypted and resides on secure servers.

Forfront hosting facilities are UK based, Tier 3 facilities using industry standards firewalls and Disaster Recovery processes.

Read our GDPR guide for e-shot™ clients

Your data is safe with us

Your data is one of your business' most valuable assets, so you have to be confident that your partners and providers take your data as seriously as you do. We continually invest in the technology and resources to ensure the tightest security and privacy by design into our service.

Security and infrastructure

UK data centre and infrastructure team

Our data centre is Tier 3, designed to host mission critical servers and computer systems. This secure facility sits in the heart of London, easily accessible for our Operations and Technical teams when changes/updates are required.

We have the flexibility to respond to your requirements with ample bandwidth and the ability to upscale. We continually monitor our output to ensure that you are always receiving the optimum service. We employ skilled information security and data privacy specialists in our team to ensure security is always a priority. Virus scan technology is implemented throughout our infrastructure.

Access and security

All hosted services are protected by our own dedicated firewalls and all management access requires two-factor authentication. Role-based permissions are used to control staff access to systems and data. Management access to infrastructure is tightly controlled, and employs multi-factor authentication protection and Intrusion Detection Technology is in place.

Data Security


As well as data security, reputation management and authentication we also continually monitor data and campaigns to keep our system clean as part of our abuse prevention work.

We work in the background taking into account evolving user behaviour and analysing campaign activity to prevent the broadcast of material containing or linking to unlawful, illegal, obscene or threatening material. If we suspect activity of this type we will initially suspend the account while our team investigates and, if it's clear that an account is malicious, we will shut it down.

Spam monitoring

Using sophisticated self-learning algorithms, developed by our team of specialists, we scan millions of emails to improve deliverability and recognise potential patterns of abuse. We scan for bad URLs and questionable keywords combining these stats with cleansing services, blacklist information and our team's wealth of experience.

We offer education to clients who are committed to improve their engagement with their audience. Our account managers offer regular reviews to help you optimise your emails.

We use our global suppression list to ensure that all our clients get the benefit of hard bounce information so that you don't send further emails to a hard bounced address.

With e-shot™ and its self-learning proactive deliverability systems, you'll achieve better inbox placement by default.

By ring-fencing our clients, we maintain your reputation and protect your branding.