Double Optin Process

Discussion in 'General discussions' started by Michael Wilding, Jan 31, 2018.

  1. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,463
    Likes Received:
    2,223
    No, this is not GDPR compliant.
    The subscriber has to give you consent in the same form where the information you have about him is visible, thus the update profile form, where the subscriber simply checks the consent checkbox and submits the form.
    Anything that is just a link which does all for the subscribe is not gdpr compliant.
    Remember, you also have to save the text the subscriber has consent to, you can't do that with a link.
     
    frm.mwz likes this.
  2. Michael Wilding

    Michael Wilding Active Member

    Joined:
    Apr 28, 2015
    Messages:
    241
    Likes Received:
    26
    S.E:
    Expired
    L.T:
    Regular
    L.C:
    1
    It's still very grey because the law hasn't actually been finished being written, and it probably won't be for some time after it goes into action. You can see examples of lots of different ways of doing it from different companies, how you do it is how concerned you are about your lists and of course how you built your list. You don't actually need to use double-optin for GDPR, you have to be able to prove that you had consent to communicate and share their data in the way you do. There are plenty of companies who are simply notifying their marketing lists of an update to their T&C's and Privacy Policy and offering them the chance to remove themselves, all the way through to companies who are making their entire lists re-optin to new forms and data.

    I think only you can make a decision for your business based on your marketing lists, how they were gathered and what you do with their data.
     
  3. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,463
    Likes Received:
    2,223
    @Michael Wilding - My input was only related to what i have been told by our company lawyer, but yeah, everyone should consult their legal advisor.
     
  4. Yordi Van Dessel

    Yordi Van Dessel New Member

    Joined:
    Apr 13, 2018
    Messages:
    5
    Likes Received:
    0
    S.E:
    Expired
    L.T:
    Regular
    L.C:
    1
    I agree, therefore we are going to do the same thing all other big Belgian companies do it. And make it 1 click confirm subscription.
     
  5. frm.mwz

    frm.mwz Well-Known Member

    Joined:
    Mar 8, 2016
    Messages:
    3,443
    Likes Received:
    644
    S.E:
    2018-11-06 14:46:35
    L.T:
    Regular
    L.C:
    6
    What would happen, if all connections from a GDPR-regulated IP geo-location are blocked,
    and the mwz/webform/subscription site would display a notice that the visitor's IP address is not in a served area (but they can use tor/vpn to come back)?
     
  6. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,463
    Likes Received:
    2,223
    Why would you that ?
     
  7. frm.mwz

    frm.mwz Well-Known Member

    Joined:
    Mar 8, 2016
    Messages:
    3,443
    Likes Received:
    644
    S.E:
    2018-11-06 14:46:35
    L.T:
    Regular
    L.C:
    6
    If someone would block all these IPs, then no geo-location records re these IPs would be created, as you know from the GeoLite dbf.
     
  8. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,463
    Likes Received:
    2,223
    This also means those people will not be able to access the site, if you block their access, so i don't see why you'd go down this road.
    GDPR is really nothing to fear about, it really is about respecting people, it should be applied no matter where you are located ;)
     
  9. frm.mwz

    frm.mwz Well-Known Member

    Joined:
    Mar 8, 2016
    Messages:
    3,443
    Likes Received:
    644
    S.E:
    2018-11-06 14:46:35
    L.T:
    Regular
    L.C:
    6
    I also try to view it positively...especially as a real privacy advocate (a NO to: spying on the people, backdoor access, etc).

    Anyone could still access any site, as long as they come from allowed IPs (e.g. via tor/vpn).

    The ideal is good, but the reality is, that the small, honest people face big cost/problems...e.g. there is not even a clear practice re these rules, and all kinds of fining bodies are salivating at the gates...hence protection is better for as long as possible, until the mess is sorted and the dust has settled.

    Independently of the above: kudos to how you handle it, good input here on the forum and on the kb!
    Well done :)
     

Share This Page