Double Optin Process

All e-mails i have received about confirming e-mail were made with 1 simple confirm button
No, this is not GDPR compliant.
The subscriber has to give you consent in the same form where the information you have about him is visible, thus the update profile form, where the subscriber simply checks the consent checkbox and submits the form.
Anything that is just a link which does all for the subscribe is not gdpr compliant.
Remember, you also have to save the text the subscriber has consent to, you can't do that with a link.
 
It's still very grey because the law hasn't actually been finished being written, and it probably won't be for some time after it goes into action. You can see examples of lots of different ways of doing it from different companies, how you do it is how concerned you are about your lists and of course how you built your list. You don't actually need to use double-optin for GDPR, you have to be able to prove that you had consent to communicate and share their data in the way you do. There are plenty of companies who are simply notifying their marketing lists of an update to their T&C's and Privacy Policy and offering them the chance to remove themselves, all the way through to companies who are making their entire lists re-optin to new forms and data.

I think only you can make a decision for your business based on your marketing lists, how they were gathered and what you do with their data.
 
It's still very grey because the law hasn't actually been finished being written, and it probably won't be for some time after it goes into action. You can see examples of lots of different ways of doing it from different companies, how you do it is how concerned you are about your lists and of course how you built your list. You don't actually need to use double-optin for GDPR, you have to be able to prove that you had consent to communicate and share their data in the way you do. There are plenty of companies who are simply notifying their marketing lists of an update to their T&C's and Privacy Policy and offering them the chance to remove themselves, all the way through to companies who are making their entire lists re-optin to new forms and data.

I think only you can make a decision for your business based on your marketing lists, how they were gathered and what you do with their data.
I agree, therefore we are going to do the same thing all other big Belgian companies do it. And make it 1 click confirm subscription.
 
What would happen, if all connections from a GDPR-regulated IP geo-location are blocked,
and the mwz/webform/subscription site would display a notice that the visitor's IP address is not in a served area (but they can use tor/vpn to come back)?
 
If someone would block all these IPs
This also means those people will not be able to access the site, if you block their access, so i don't see why you'd go down this road.
GDPR is really nothing to fear about, it really is about respecting people, it should be applied no matter where you are located ;)
 
I also try to view it positively...especially as a real privacy advocate (a NO to: spying on the people, backdoor access, etc).

This also means those people will not be able to access the site, if you block their access
Anyone could still access any site, as long as they come from allowed IPs (e.g. via tor/vpn).

GDPR is really nothing to fear about, it really is about respecting people, it should be applied no matter where you are located
The ideal is good, but the reality is, that the small, honest people face big cost/problems...e.g. there is not even a clear practice re these rules, and all kinds of fining bodies are salivating at the gates...hence protection is better for as long as possible, until the mess is sorted and the dust has settled.

Independently of the above: kudos to how you handle it, good input here on the forum and on the kb!
Well done :)
 
Back
Top