Good morning,
I can not clear my ideas about getting into compliance with the GDPR, especially with regard to users already subscribed to the newsletter.
Anyone can tell me if you are forced to send an email to all users (even if already subscribed to the newsletter) asking them to confirm the registration again via a link?
Thanks in advance
Massimo
I can not clear my ideas about getting into compliance with the GDPR, especially with regard to users already subscribed to the newsletter.
Anyone can tell me if you are forced to send an email to all users (even if already subscribed to the newsletter) asking them to confirm the registration again via a link?
Thanks in advance
Massimo
That is very simple:
users/customers subscribed in the past
1. with a Double OptIn solution: you should already have the confirmation > no resend required
2. no Double OptIn solution: you have no confirmation > send them a simple (without any advertisements !) email to confirm their subscriptions. And store those confirmations.
In general: all newsletter subscriptions (and not only from the 25. May 2018) should be done with a Double OptIn solution.
Means: user/customer confirm that wants to subscribe to a newsletter have to confirm their subscription > see Double OptIn.
You have to store that confirmation and if the customer ask for stored informations (see GDPR) you have (and can) provide this info easily.
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
Finally: a newsletter subscription is only for sending emails as newsletter.
Nothing else!
users/customers subscribed in the past
1. with a Double OptIn solution: you should already have the confirmation > no resend required
2. no Double OptIn solution: you have no confirmation > send them a simple (without any advertisements !) email to confirm their subscriptions. And store those confirmations.
In general: all newsletter subscriptions (and not only from the 25. May 2018) should be done with a Double OptIn solution.
Means: user/customer confirm that wants to subscribe to a newsletter have to confirm their subscription > see Double OptIn.
You have to store that confirmation and if the customer ask for stored informations (see GDPR) you have (and can) provide this info easily.
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
Finally: a newsletter subscription is only for sending emails as newsletter.
Nothing else!
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Simply by the approbiate extension
Have to check my current extension for this and publish it soon.
Could you tell me which OpenCart Version you are using?
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
My understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.
Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
Double OptIn for example is a requirement in Germany - or customers from Germany.ADD Creative wrote: ↑Wed May 16, 2018 7:31 pmMy understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.
Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
Austria too, other countries please check by yourself.
Why?
Imagine this case: customer A subscribe to your newsletter.
But he is wether interested in this, nor is he customer A (it is another person B).
B now recieve an newsletter from, but has not agreed to recieve any.
This newsletter falls now under Spam and violates the GDPR.
You will be fined.
But, if you use the DoubleOptIn solution, you will have the explicite confirmation from customer A that he is A (and not B).
And you have the piece of evidence > stored in your database.
If you have no confirmation, it will be hard for you to prove that customer A has agreed.
So, what is the easier (and cheaper) solution??
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
you are correct, you don't NEED double opt in, you just NEED people to consent to receiving the material... unless it's in your legitimate interests, which if you make extra income from the emails or your business needs them to keep going, it is.ADD Creative wrote: ↑Wed May 16, 2018 7:31 pmMy understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.
Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
so in general, in the past people just send you emails left right and centre even if you didn't ask.
now you need clear audited consent for emails with offers etc.
I do not want to write always the same things:lovol3 wrote: ↑Thu May 17, 2018 4:43 amyou are correct, you don't NEED double opt in, you just NEED people to consent to receiving the material... unless it's in your legitimate interests, which if you make extra income from the emails or your business needs them to keep going, it is.ADD Creative wrote: ↑Wed May 16, 2018 7:31 pmMy understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.
Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
so in general, in the past people just send you emails left right and centre even if you didn't ask.
now you need clear audited consent for emails with offers etc.
In some countries it is required - for sure not in India ..
For example see this: viewtopic.php?f=10&t=201183&e=1&view=unread#p723687
And this: viewtopic.php?f=190&t=204299&e=1&view=unread#p723333
See one of my other answer: how can you proven that Customer A has confirmed the newsletter subscription when person B recieve the newsletter instead (because A made this for B as joke).
When not stored in the database - never.
And you will pay!
Beside this: this regulation was also the reason why thos former so beloved 'Recomend to a friend' modules died very quickly.
But finally it is always in your responsibilty what and how you du your business - as long as you have enough money in your pocket after the 25th.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
OSWorX
Then you need also double opt-in for register an account or ordering something, because customer A can register an account with customer B email and B now recieve an emails from, but has not agreed to recieve any.
Then you need also double opt-in for register an account or ordering something, because customer A can register an account with customer B email and B now recieve an emails from, but has not agreed to recieve any.
Strictly speaking: yes.
If it is only a registration, while if it is a purchase in your shop who will order and pay for another person (except it is a Gift)?
But here we speak 'only' about subscribing to newsletters.
Beside this: the moment a new user registers himself, the timestamp and IP is recorded.
In any case another person has done this, you can prove the registration with these data.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Who is online
Users browsing this forum: No registered users and 85 guests