The ultimate goal for having people log in was to allow people to manage whether they receive marketing or not. GDPR regulation being introduced makes this a perfect opportunity to ensure receivers of the monthly list are explicitly opted in. Mailing list at the moment is managed by Mailchimp, which I (think) is sufficient for showing opt-in records (which were collected on Eventbrite registrations originally).
This means that actually, any new attendees haven't been auto-subscribed (probably a good thing, as the PHPH site does not mention any marketing!)
I'd suggest the following changes (would help to have someone review the ideas for complying with GDPR stuff):
When registering, have an opt-in checkbox to monthly newsletter box - not checked by default, with clear text and understanding
In user settings, allow enabling this or disabling this
Interfacing to Mailchimp API to subscribe/unsubscribe mailing list members with this. Ideally, also copy opt-in records to Mailchimp
I expect we'd have to do the reverse (if the user with the email exists), maybe a cron, or maybe the Mailchimp API has a webhook for subscribe/unsubscribe?
Existing users should not be opted in, unless they already receive the emails on Mailchimp
The ultimate goal for having people log in was to allow people to manage whether they receive marketing or not. GDPR regulation being introduced makes this a perfect opportunity to ensure receivers of the monthly list are explicitly opted in. Mailing list at the moment is managed by Mailchimp, which I (think) is sufficient for showing opt-in records (which were collected on Eventbrite registrations originally).
This means that actually, any new attendees haven't been auto-subscribed (probably a good thing, as the PHPH site does not mention any marketing!)
I'd suggest the following changes (would help to have someone review the ideas for complying with GDPR stuff):