The aspect of GDPR that has perhaps been given the most publicity, is that users must explicitly opt-in to receive marketing information. It is no longer considered acceptable to imply consent because a user places an order or creates an account on a web site.

Kartris has always employed best practice with regard to adding users to mailing lists; an email confirmation is sent which the user must respond to by clicking a link, in order to confirm their addition to the mailing list. We have never considered it an acceptable practice to add users to mailing lists other that with an explicit approval, and an email verification to ensure consent is gained from the owner of the email address for this purpose. It also ensures that email addresses cannot be added to the mailing list by third parties, either maliciously, or accidentally (e.g. a typo).

The mailing list approval emails that Kartris sends are formatted using an email template, which you can find in the templates folder of a skin (see the Kartris default skin, if your own skin lacks this). Therefore, we would recommend expanding the text within this template to explain that clicking the confirmation link will give explicity consent to add your email address to the mailing list.