CMS Made Simple Forums

Hi all.

The new EU GDPR requires that a sender of newsletter can prove the subscription and track the date and ip address of confirmation.

Who can help to add an additional field "ip-address" to the table ...
cms_module_nms_users
and scripts of confirmation process to the currently tracked fields: userid, uniqueid, email, username, disabled, confirmed, htmlemail, dateadded, dateconfirmed, error_count, bounce_count.

Thx

MAP

Just for reference.

NMS cannot in any way be considered to be GDPR compliant. Neither can FEU, CGFeedback, CGBlog, SelfRegistration, or the Orders module.

For NMS to be GDPR compliant it would need at least require:
a: A task to remove un-confirmed users from the database on a regular basis
b: A method to verify the double-opt-in mechanism. Right now only a confirmed date is recorded. Some additional data would need to be stored. and that is not the IP address. Not sure what that additional data is yet though.
c: Verifying that the unsubscribe stuff works properly from the frontend and the admin. Deleting users completely as it goes.

For the record. I am doing 'some' work wrt the GDPR in FEU in the coming weeks, but have no schedule for doing the other modules, and it certainly won't be a volunteer thing.

Follow up:

NMS should be recording evidence of consent. Potentially a copy of the email sent to the user after confirmation with the user information when he is confirmed. That email text should contain the privacy policy, the link to unsubscribe, and other things.

Also, Because users already have potentially tens of thousands of email addresses already collected before this GDPR thing reared it's ugly head... there should be some way of re-confirming existing users. Because at the moment, evidence of consent is not stored.

All in all, it is not a trivial task.

Dear calguy.

Thank you for taking care of this matter in any way.

Yours

MAP