GDPR-compliant mails

[Chris Trotzky]

Hi folks,

This is my first post here. So: Hi, I'm Chris 🙂

I'm still evaluating Invision to see whether it fits my requirements. Sadly, one important aspect is not available: GDPR-compliant admin mails / newsletter. As this is very important for us in the EU, a marketplace plugin might be a nice option. So anyone who likes to give it a try? Here are the detailed requirements (accordingly to my lawyer):

• Every time a user gives an opt-in to the admin mails (a.k.a. newsletter), the platform needs to send a dedicated mail asking for a consent.
• If the user then clicks on „yes, I like to receive this mails“, the platform needs to log this click with a timestamp and the IP address of the user.
• This applies to the signup form as well as the button which can be shown in the sidebar
• The initial mail, which is also used to verify the E-Mail address, can't be used for this, as not all people fill sign up for the newsletter
  • At least 2 different sign-up mails must be sent: One for "no newsletter, only verification" and one for "verification with newsletter content"

Looking forward for your feedback!

Cheers

Chris

[Pete T]

Your lawyer is over looking the GDPR sorry but that true, you can turn off newsletter by default and if they wish opt in they can tick that option this gives them the agreement needed having the user ip and timestamped is not required by any part because could be using VPN.

What this about signup ? sorry not sure what need here if user enter there details again give permission for you to store that data and rest well that history.

[opentype]

The logging of the approval was implemented recently in 4.3.

The double-opt-in behavior is not available. But it’s a debatable feature anyway. Believe it or not: Companies have also been sued for HAVING this feature and sending out confirmations were deemed as spam. Note that the IPS software is a member platform, where people authorize everything by logging in. It’s not single public newsletter form where double-opt-in makes sense, because anyone can just enter anyone’s email address.  

[Joel R]

You can check out (SD) Newsletter by @Spanner.  It has double opt-in permission.  

 

[Cyboman]

On ‎1‎/‎29‎/‎2019 at 5:13 PM, Chris Trotzky said:

The initial mail, which is also used to verify the E-Mail address, can't be used for this

I think it can be used, as the double opt in is performed during registration (if you have configured the email validation). The sense of double opt in is to check if it's the real owner of an email address. So if this is checked during registration, then we can assume that it will still be the owners email address afterwards.

So far, so good, but...

On ‎1‎/‎29‎/‎2019 at 5:13 PM, Chris Trotzky said:

asking for a consent

This is indeed a problem with the sidebar widget, as it requires a checkmark field (that must actively and consciously be checked by the user to receive newsletters… a single button is not enough), which is not present in the sidebar widget (at least I haven't seen such a checkmark field there so far).

Though, I admit there could be better configuration options for email newsletters. If every email opt-in would have its own email, it would be better.

But even more important is, that you declare (in the registration form and in the notification settings page) what types of emails will be sent. The wording "Send me news and informations" or "Allow admin emails" is definitely not enough as there are more informations required (f.e. if commercial emails will be sent, or stating that you can leave the list anytime…)

On ‎1‎/‎29‎/‎2019 at 5:46 PM, opentype said:

Companies have also been sued for HAVING this feature and sending out confirmations were deemed as spam

yes, especially if the email had commercial contents.

Only send confirmation emails without any other contents than required. "Our picks" (in the email footer) is highly dangerous in this case...