Consent and Mailing List Subscriptions in Dada Mail

With the GDPR finally active, many people have questions about “consent” and how it relates to public mailing list subscriptions. This article is to try to help out those who are confused, and give a little bit of guidance on how you can set up your mailing list correctly to make sure your subscribers have granted their consent when being a part of your mailing list. We’ll highlight some of the tools at your disposal to help build trust with your subscribers when it comes to asking for their consent to use their personal information, like their email address, for your mailing list.

We’re going to use this doc. put out by the UK’s ICO as the basis for this article:

Closed-Loop Opt-In Subscription

This is what the subscription confirmation button looks like embedded in an email message when it’s received by a user.

The original form of consent used in Dada Mail since version 1 is still with us today. That is Closed-Loop Opt-In Subscription – a fancy way of saying that after user fills out a form to subscribe, they will have to then click a link in an email message they receive to confirm their subscription to the mailing list.
The main reason to have this done is to make sure that the user who filled out the information into the subscription form is also the same user that has access to the email account the information will be tied to.
If you can’t check the email account, you can’t subscribe the email address to a mailing list. Simple and effective,  Closed-Loop Opt-In also stops a lot of abusive things that happen on a mailing list, like a ‘bot subscribing bogus addresses through your subscription form.

Collecting Additional Consent

If there is something specific that you would like to do with the data you collect during a subscription request, Dada Mail has an additional mechanism in place to ask, record, and report this consent.
To be thorough, we do suggest collecting this consent specifically for asking a user to grant the consent to be a part of your mailing list! This means, at minimum, you’ll have one List Consent set up that says something like,
I would like to subscribe to [YOUR MAILING LIST NAME] to receive updates from [YOUR ORGANIZATION’S NAME] by email about [A SPECIFIC TOPIC]
In Dada Mail, this is simply called, List Consents. Here’s how to work with them:
Log into your mailing list – make sure to use your Pro Dada Root Password, as this screen is, by default, only available to those who use that password (the List Password won’t show this screen!)
Once logged on, navigate to, Mailing List: List Consents
This screen will allow you to add as many explicit, and separate different points of consents you would like the users of your mailing list to give you.
Find the form labeled, Create a New Consent
Fill out the textbox with the new point of consent and click, Save New Consent.
That’s it! You’re done!
The List Consents you have set up will now show up on your mailing list subscription form, next to checkboxes (unchecked) a user will have to explicitly check in order to then join your mailing list.
When a user requests a subscription for your mailing list, the request will be recorded, along with exactly which List Consents the user has agreed to.
Once a user has joined your mailing list, this data can be seen being reported from within the list control panel. Log back in (if you aren’t logged in still), and navigate to: Membership: View.
Search/Select an address you would like to see the report about.
Once on the individual user’s screen, click the, Subscriber History tab.
Data about their subscription will be shown.
This data can be exported via CSV – click the button in this same tab labeled, Export Subscriber Activity (.csv)

How Should You Construct A List Consent?

All my points about this are going to be from the ICO doc, linked about (and here). Here’s some things to include:
  • The name of your organization
  • Why you want the data (example: join your mailing list)
  • What you will do with it  (example: email updates/news/announcements, etc)

Dada Mail’s subscription forms also lists the fact:

  • that individuals can withdraw consent at any time.
as well as a link to the privacy policy for the mailing list – so that’s already covered.

Will I Need Additional List Consents?

Are you doing anything else with the information you’re collecting? If so, yes! You will have to explicitly ask your user to grant you that consent. Remember to list why your want the data, and what you will do with it, as well as any third-party involved with the user of the data. There’s a good chance that all you’re using a mailing list’s data for is (get ready) for the mailing list, which makes your life easy.

This goes the other way, too. Did you NOT ask for explicit consent to use a person’s information in a specific way?! Then guess what, you can’t use it in a way they haven’t given their consent to. That’s it! That’s the whole idea around this mechanism of asking for a user’s consent on the use of their data.

Stick with your end of the bargain! This is a dead-easy way to gain the trust of your users. This trust is critical in developing a positive relationship with your users!

Revoking Consent As a User

This one is an easy concept: a subscriber removes consent by unsubscribing from a mailing list. When that happens, the personal information (including the email address) won’t be used for anything when it comes to the mailing list itself. The user can still be a part of the mailing list again, but they must again provide their explicit consent to do so.
Unsubscribing is very easy to do in Dada Mail. For public mailing lists, a working unsubscription link is required to be in place in all mailing list messages sent out by the app itself. If one isn’t found, Dada Mail will put one in on your behalf.
Unsubscribing is also available from within a user’s profile.
Data about the unsubscription and removal of the consent for this mailing list will also be recorded.

More Information

For a Deep Dive on Dada Mail and GDPR Compliance, see this doc: