I work in a company. We have multiple customers signed up on our websites. Currently, we do not perform email verification of customer Sign-ups. I wanted to check whether this will be a GDPR concern. Does GDPR mandate us to do email verification during sign ups?
I came across one issue where a user could use the email id of any other random person. Our marketing team may reach out to the email with marketing emails. This can be an concern wherein the actual email id user raises an issue that he/she has not signed on our website
Assign topic to the user
I recommend you perform email double opt-in - email verification of customer Sign-ups – as this would be a technical measure to address the accuracy principle in GDPR, as it is described in Article 5 GDPR - Principles relating to the processing of personal data. If this step is not performed, people might enter email addresses that are not their own. GDPR requires you to process only correct personal data, so this would be a recommended step to address this requirement. This principle is also explained in our free GDPR Training – links provided below.
Please check these links as well:
- Article 5 – Principles relating to the processing of personal data: https://advisera.com/gdpr/principles-relating-to-processing-of-personal-data/
- Understanding 6 key GDPR principles: https://advisera.com/articles/understanding-6-key-gdpr-principles/
- A summary of 10 key GDPR requirements: https://advisera.com/articles/a-summary-of-10-key-gdpr-requirements/
- EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/
- EU GDPR Data Protection Officer Course: https://advisera.com/training/eu-gdpr-data-protection-officer-course/
Comment as guest or Sign in
Jan 13, 2023