GDPR re-permission email

Question

looking for a little advice on HTML emails and GDPR re-permission.

With the new GDPR regulations I have to create an email to send out to an existing list requesting their consent to continue contacting them.

My intention is to have an 'I'm in' button in the email, which when clicked takes the user to another page/url which has a simple form on it requesting the users email address and checkbox for them to tick to opt in.

My question is can I achieve this another more simple way. For example in the email itself when the user clicks the 'I'm in' button, can a post submission be made automatically with their email address, that gets sent to clients email, and they then just get re-directed to a standard success message. Is something like this possible? It would save having to create a form somewhere and make the process easier for the user.

I don't normally do HTML emails so I'm a little unsure - any help on this would be greatly appreciated, thanks in advance

Answer 1

Yes, you could embed their email in the query string of the URL and then have a webapp at that URL pick up their email from the querystring and process it. Obviously you'd need to code the webapp side accordingly.

E.g:

<a href="http://yourwebapp.com/?email=someemail@place.com">I'm in!</a>

Answer 2

If you can still send an email to the user, the collection of consent can be quite simple. It will be sufficient to send each user an email containing a link to accept the newsletter (e.g. "Yes, I want to receive the newsletter"). The email should also contain the terms and conditions of the service, and the privacy policy. What come next can be either automated, or handled manually.

The best option would be to automate the process. This can be done in multiple way, the simplest being with a customized link for each user pointing to a website capable of interpreting the data transmitted by the link itself. To achieve this result, the link contained in each email should contain an identification code - which should be anonymized where possible - so that it will be possible to link the new consent to each user. In this way, when the user clicks the link, he or she will be taken to the website. At that point, the backend will be able to collect the code passed by the link, identify the user and, finally, re-subscribe the user to the newsletter.

In practical terms, in the email there could be a link with a value to be passed as a `GET« parameter:

<a href="https://www.example.com/re-subscribe?uuid=123xyz">Yes, I want to receive the newsletter</a>

The server-side logic could be as follows (in PHP synthax):

// re-subscribe.php
$uuid = $_GET['uuid'];
$user = getUserByUUID($uuid); // assumed function that gets the user infos by a UUID
subscribeUser($user); // assumed function that re-subscribes user to the newsletter
echo 'Thank you!'

This could even be accomplished manually, provided that a link tracker service/tool is used.

In this – less ideal – case, in the email there should only be a single clickable link, the one required to express consent (e.g. "Yes, I want to receive the newsletter"). This link could take the user wherever deemed most appropriate. What matters, in this case, is the ability, through the tracker service/tool, to know which users have clicked the link. As long as there is only one link in the email, this would inform us that the user has expressed his or her consent, and thus we could manually re-subscribe them to the newsletter. In this case, the link to the terms and conditions and to the privacy policy should be included as static text, and not as an actual clickable link.

For more info, check out our blog post, inspired by this question, at blog.autoprivacy.eu/2018/05/newsletters-after-gdpr-existing-and-new.html