@samtuke Very good and helpful, thanks! Here are a few comments, but I am not a lawyer so no comment to the difficult task what is and what is not mandatory for compliance with GDPR:
- Is it really now routinely necessary to have a check box where subscribers confirm on the subscribe page that there age is above 16 when the topic of the mailing list is not all related to age or critical in this sense?
- there is one word “which” too much (Chapter Consent line 11)
- so no more unsuscribed clients on the blacklist in order to avoid accidental inclusion in the next campaign or to avoid bounces?
- “use the Data Export feature…” for “Right of Access” but in this general subscriber info and history file there may be/is a lot (!) not really self explanatory stuff. And the GDPR demands easy to understand explanation and presentation of data. Do you think subscribers should access this download automatically and by themselfs, respectively. I thought the stored data on the preference page are already enough and regarded as “complete”?
- what about the stored IP address in this file?
So what is your recommendation (not in a strict legal sense of course) can be fixed concerning GDPR by offering the necessary access (links) to the related pages (mostly preferences) to subscribers and where to tell them to contact the administrator to achieve what they want (regarding the above problem of complicated history files with IPs in it)?
However, very good and useful detailed recommendations.