Research into GDPR guidelines

[rafeeJ]

In general - does adding a mailing list necessitate some inclusion of a GDPR statement (regarding email storage)? probably worth filing a bug request for it as it'll certainly be useful for moderation/admin page email storage.

Originally posted by @davidswarbrick in #47 (comment)

[behradkoohy]

https://www.litmus.com/blog/5-things-you-must-know-about-email-consent-under-gdpr/

By the sounds of it, we need to have a way of tracking consent and when it is given and we need to have a way of unsubscribing. The former is something we can track when the server receives the call from the modal that @benlellouch has implemented. The latter is slightly more difficult, I'm thinking we should have a writeforchange.uk/unsubscribe where the user can enter their email address and we remove them from the consent collection?

[tjgurwara99]

You can implement the unsubscribe option using user tokens. I haven't looked at this repo's code in a while but it should be straight forward using the itsDangerous package - documentation is here. It's worth looking into.