Post by iografico » Wed May 09, 2018 5:16 pm

Good morning,
I can not clear my ideas about getting into compliance with the GDPR, especially with regard to users already subscribed to the newsletter.
Anyone can tell me if you are forced to send an email to all users (even if already subscribed to the newsletter) asking them to confirm the registration again via a link?

Thanks in advance
Massimo

New member

Posts

Joined
Fri Feb 17, 2012 6:45 pm

Post by OSWorX » Wed May 09, 2018 10:20 pm

That is very simple:

users/customers subscribed in the past

1. with a Double OptIn solution: you should already have the confirmation > no resend required
2. no Double OptIn solution: you have no confirmation > send them a simple (without any advertisements !) email to confirm their subscriptions. And store those confirmations.

In general: all newsletter subscriptions (and not only from the 25. May 2018) should be done with a Double OptIn solution.
Means: user/customer confirm that wants to subscribe to a newsletter have to confirm their subscription > see Double OptIn.
You have to store that confirmation and if the customer ask for stored informations (see GDPR) you have (and can) provide this info easily.

After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!

Finally: a newsletter subscription is only for sending emails as newsletter.
Nothing else!

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by davidbfranks » Wed May 16, 2018 1:51 am

How can this technically be achieved in OpenCart?

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by OSWorX » Wed May 16, 2018 5:15 am

davidbfranks wrote:
Wed May 16, 2018 1:51 am
How can this technically be achieved in OpenCart?
Simply by the approbiate extension :)
Have to check my current extension for this and publish it soon.
Could you tell me which OpenCart Version you are using?

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ADD Creative » Wed May 16, 2018 7:31 pm

OSWorX wrote:
Wed May 09, 2018 10:20 pm
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
My understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.

Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?

ADD Creative - Web development and e-commerce development, Milton Keynes or Christchurch, UK
ADD Filtration - HVAC Panel Filters, Bag Filters and HEPA Filters


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am

Post by OSWorX » Wed May 16, 2018 8:49 pm

ADD Creative wrote:
Wed May 16, 2018 7:31 pm
OSWorX wrote:
Wed May 09, 2018 10:20 pm
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
My understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.

Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
Double OptIn for example is a requirement in Germany - or customers from Germany.
Austria too, other countries please check by yourself.

Why?
Imagine this case: customer A subscribe to your newsletter.
But he is wether interested in this, nor is he customer A (it is another person B).

B now recieve an newsletter from, but has not agreed to recieve any.
This newsletter falls now under Spam and violates the GDPR.
You will be fined.

But, if you use the DoubleOptIn solution, you will have the explicite confirmation from customer A that he is A (and not B).
And you have the piece of evidence > stored in your database.
If you have no confirmation, it will be hard for you to prove that customer A has agreed.

So, what is the easier (and cheaper) solution??

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by davidbfranks » Wed May 16, 2018 11:57 pm

OSWorX wrote:
Wed May 16, 2018 5:15 am
davidbfranks wrote:
Wed May 16, 2018 1:51 am
How can this technically be achieved in OpenCart?
Simply by the approbiate extension :)
Have to check my current extension for this and publish it soon.
Could you tell me which OpenCart Version you are using?
1.5.6.4 - will gladly pay a premium for this extension if you offer it.

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by lovol3 » Thu May 17, 2018 4:43 am

ADD Creative wrote:
Wed May 16, 2018 7:31 pm
OSWorX wrote:
Wed May 09, 2018 10:20 pm
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
My understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.

Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
you are correct, you don't NEED double opt in, you just NEED people to consent to receiving the material... unless it's in your legitimate interests, which if you make extra income from the emails or your business needs them to keep going, it is.

so in general, in the past people just send you emails left right and centre even if you didn't ask.

now you need clear audited consent for emails with offers etc.

Newbie

Posts

Joined
Thu May 17, 2018 4:05 am

Post by OSWorX » Thu May 17, 2018 6:32 am

lovol3 wrote:
Thu May 17, 2018 4:43 am
ADD Creative wrote:
Wed May 16, 2018 7:31 pm
OSWorX wrote:
Wed May 09, 2018 10:20 pm
After the 25. May 2018 you are not allowed to send any newsletter to not confirmed addresses!
My understanding that double opt-in is not required (but is a good idea) providing you clearly obtained consent, provided information on what you are using their email address for and made a record of how and when the consent was obtained.

Do you have any reference to where it's stated a confirmed addresses is a requirement of the GDPR?
you are correct, you don't NEED double opt in, you just NEED people to consent to receiving the material... unless it's in your legitimate interests, which if you make extra income from the emails or your business needs them to keep going, it is.

so in general, in the past people just send you emails left right and centre even if you didn't ask.

now you need clear audited consent for emails with offers etc.
I do not want to write always the same things:
In some countries it is required - for sure not in India ..
For example see this: viewtopic.php?f=10&t=201183&e=1&view=unread#p723687
And this: viewtopic.php?f=190&t=204299&e=1&view=unread#p723333

lovol3 wrote:
Thu May 17, 2018 4:43 am
you are correct, you don't NEED double opt in, you just NEED people to consent to receiving the material... unless it's in your legitimate interests, which if you make extra income from the emails or your business needs them to keep going, it is.
See one of my other answer: how can you proven that Customer A has confirmed the newsletter subscription when person B recieve the newsletter instead (because A made this for B as joke).
When not stored in the database - never.
And you will pay!

Beside this: this regulation was also the reason why thos former so beloved 'Recomend to a friend' modules died very quickly.

But finally it is always in your responsibilty what and how you du your business - as long as you have enough money in your pocket after the 25th.

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by daniGo » Thu May 17, 2018 8:31 pm

OSWorX

Then you need also double opt-in for register an account or ordering something, because customer A can register an account with customer B email and B now recieve an emails from, but has not agreed to recieve any.

http://www.gombac.si


Active Member

Posts

Joined
Wed Mar 20, 2013 4:49 pm
Location - Slovenia

Post by OSWorX » Thu May 17, 2018 9:20 pm

daniGo wrote:
Thu May 17, 2018 8:31 pm
OSWorX

Then you need also double opt-in for register an account or ordering something, because customer A can register an account with customer B email and B now recieve an emails from, but has not agreed to recieve any.
Strictly speaking: yes.
If it is only a registration, while if it is a purchase in your shop who will order and pay for another person (except it is a Gift)?

But here we speak 'only' about subscribing to newsletters.

Beside this: the moment a new user registers himself, the timestamp and IP is recorded.
In any case another person has done this, you can prove the registration with these data.

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 14 guests