Privacy-compliant configuration of mailing lists

When administering your mailing list, please ensure that the list is configured to comply with the provisions of the General Data Protection Regulation (GDPR).

Especially for mailing lists that are used as newsletters and for mailing lists where external email addresses are also entered as subscribers, it is important that users agree to be added to the mailing list and that no personal data is publicly visible.

Some important points for a privacy-compliant mailing list are the following (not exhaustive):

  • A mailing list used as a newsletter must be configured so that subscribing is only possible with double opt-in.
    This means that the subscriber actively adds his or her name to the list and that the identity is subsequently verified by a confirmation e-mail.
    If the subscriber has already been authenticated on the website, the second step is unnecessary because the identity has already been confirmed.
  • The email addresses of subscribers and of owners and moderators must not be publicly visible and, in the case of newsletters, should also be visible only to the list owners.
  • Mailing list archives must not be publicly visible.
  • Unsubscribing from the list must be possible for any user.
  • A newsletter must contain a footer with information on how to leave the lists and a link to the imprint.
    For unsigned emails, this can be done by editing the template for the footer on the mailing list website, which is then automatically attached to the reply.
    For signed e-mails, the text of the footer must be appended directly to the text of the e-mail by the user himself in each case before the e-mail is sent, for technical reasons.

If the recipients have already consented to receive a newsletter before the GDPR came into force, this consent continues to exist. You can therefore continue to use the mailing list. It is important that the data subjects have not been added to the list unwantedly.

If you have technical questions about the configuration of the mailing list, please contact the listmasters, who can be reached at the address listmaster∂ can be reached.
If you have questions regarding data protection, please contact the KIT data protection officer, who you can reach at the address datenschutzbeauftragter∂ address.