Support » Plugin: MailPoet - emails and newsletters in WordPress » Is Mailpoet 3 really 100% GDPR compliant?

  • Hi everybody,
    I open this thread in the hope of being useful and to receive feedback on a very sensitive subject, the Mailpot GDPR compliance.

    I did a lot of research on the Net, I read tons of documentation, I talked with lawyers and people specialized in privacy rules (e.g. http://www.iubenda.com).

    Every source, every body says that [you must] “… keep a record of exactly what they were told at the time.” See https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/

    In other words it is necessary to keep track of “what is said to the user”, that is a copy of the blank form presented to the user while obtaining the consent, as well as the exact version of the documents (for example, Privacy Policy and Terms of Service) in force on the site when the user has given consent.

    Now, even if Mailpoet 3 claims to be 100% GDPR compliant, it doesn’t keep track of all the stuff above. It does keep IP, timestamp, a boolean value about consent (that isn’t enough), but it doesn’t store the discaimer text about the terms of use of the user data that you must have on your subscription’s form (not to mention the Privacy policy).

    Am I too zealous?

    I ask it because I’m “struggling” with the (very kind ant patient) support of Mailpoet3 who say that it is enough to keep track of the consent given by a user who signs up for the newsletter … But if there is no trace of what about he gave consent, what “legal” value does it have? (the text on the form could then be changed and one would be found to have given consent to something that has not read).

    What is your opinion about?
    Thanks
    S.M.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hello,

    I agree. I think you could add a checkbox with and explicit label to be fine.

    You could also add the consent into the mail sent when double opt- in is set.
    The subscriber gets a confirmation mail to confirm your subscription. That is enough for gdpr

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is Mailpoet 3 really 100% GDPR compliant?’ is closed to new replies.