GDRP: Let user delete its mautic contact

Unsubscribe should lead to a complete unsubscribe from that specific channel (email, text, etc). That is what a user expects when they click unsubscribe.

That is the way the one click unsubscribe feature works.

If you want users to manage their segment memberships instead of unsubscribing, you’d need to set up a preference center.

(Keep in mind: Some people claim that redirecting a user to such a preference center instead of directly unsubscribing them is a dark pattern and could pose a violation in itself.)

Contact deletion

I’m not sure if there should be an option to let users delete their records.

Worst case: Someone wants to intentionally harm you. They sign up, receive emails, click delete and file a GDPR complaint. At this point, you don’t have any record that you lawfully sent them messages, i.e., processed their data.

In my opinion unsubscribing is enough. You can keep the data for 2 years to respond to any GDPR inquiries.

If a user really wants to delete their data they can and will email you. This email is then proof that you once processed their data lawfully.


See this