back to phpList.org

Questions About Invite Plugin - GDPR


#1

First, I’ve read in detail about the GDPR, and have concluded that it is absolutely NOT necessary for me (and likely most of you) to ask people in the EU to re-opt in to my email list–they did that already when they signed up.

I was a corporate and criminal paralegal for 7 years, and am confident with my assessment of the GDPR’s requirements, and other software platforms have also concluded this as well.

That said, I would like to know exactly what this GDPR Plugin does? I want to comply with obvious GDPR requirements, like allowing list members to be able to download their info, but I don’t intend to email my list to opt in again.

Please explain exactly what will happen if I activate this plugin. Will it automatically make my list inactive until people opt back in? In my case, someone who isn’t going to do that, should I activate it at all? Does it have other features that I do need, or is it only to get this consent?

A better explanation would be appreciated, as I’ve read all of your published content on this and it does not make it clear the full scope of this plugin.


#2

@keeenone There is an ‘Invite’ plugin, but there is no GDPR plugin. Various GDPR-related features are built into phpList. Documentation about the invite plugin exists on it’s page in the phpList wiki and in the readme file within its repository on GitHub.


#3

Thank you for that link. It seems like it may be good to add this info to your page, as it would not have occurred to me to look for it on a software developer’s forum.

I read about the GDPR links that would be added to the sign up pages, but after installing the 3.3.3 update I don’t see any new links on my subscriber pages, or, when I, acting as a user on my email list, click on a link to update my subscription preferences, I don’t see a way to download all of my personal data.

I wen’t through the new config.php file to see if I missed something, and don’t see anything there either. How do these links get activated?


#4

@keeenone Yes the documentation for that plugin is somewhat fragmented at the moment, but will be improved shortly.

The default public page of phpList installations since 3.3.3 was released includes additional links to set subscriber preferences and contact the administrator. E.g. yourdomain.com/lists. The subscriber export button is accessible on the Subscriber Profile page, which is a page accessible to phpList administrators.

Currently subscribers cannot access that data themselves. Additional security measures may need to be considered before exposing that functionality to subscribers. The manual entry on the GDPR has more info.


#5

Ok, and I’m trying not to seem incredibly skeptical, but this is, after well over 10 years of using this software, the first time I’ve ever been to the mydomain/lists page, and I don’t see how any of my users would ever end up there. The links are not on the subscribe pages, which is probably where they ought to go. Am I missing something? How would this comply with GDPR in terms of making these available to my users?


#6

@keeenone The /lists page is the default public homepage of the phpList installation; it’s usually indexed by search engines, but you’re right that it’s not necessarily easily discoverable by subscribers.

It would be good to add this link to the other public pages as well, such as subscribe, unsubscribe, preferences etc. This could easily be achieved by adding the link to the footer of the default template for these pages. Are you able to submit such a patch?


#7

Yes, I am able to add a link to the footer of my emails easily enough, but this “should be built in” link is tougher to add to my subscribe pages. I can do it, but many won’t be able to.


#8

@keeenone I meant add the links to the default template that is used in all installations, effectively building them into the core application.


#9

Sorry but I’m not much of a programmer…