In your registration form, only ask for personal data that you really need, because Article 25 paragraph 2 sentence 1 of the EU GDPR requires:
“The controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each specific processing purpose are processed.”
Of course, you can decide what is required. Does your azerbaijan number dataset newsletter personally greet the recipients by name? Then you need the recipient's name. Do you offer different content for men and women? Then specifying the gender is important. Do you want to send the recipient a gift for their birthday? For this, you obviously need their date of birth.
It is important to note, however, that these fields are not mandatory, but that all information except the email address remains voluntary.
5. Opt-out tracking
Allow the recipient to stop tracking. This is possible by including a link to the profile page or preference center with a checkbox to opt out in each newsletter.
Reason: Article 13, already mentioned in point 1, requires the right to withdraw consent. It should also be noted that if consent is withdrawn, the existing tracking data may no longer be used for advertising purposes in accordance with Article 21 paragraph 3: “If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.”
Recommendation: If you want to be on the safe side, delete at least the tracking data from advertising newsletters retroactively when you revoke your consent, preferably automatically. By doing this, you no longer have any data that could later be accidentally used for direct advertising.
6. Use only HTTPS protocol
To ensure that personal data transmitted over the Internet is secure and therefore encrypted, registration and deregistration forms as well as the preference center should only be offered on websites with HTTPS protocol. Article 32 paragraph 1 of the EU GDPR requires "[...] appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; these measures include, among others, the following: a) the pseudonymization and encryption of personal data [...]"
The unencrypted transmission of personal data over the Internet is therefore no longer permitted because an adequate level of protection is lacking.
7. Archiving screenshots and email copies
In order to have proof in case of legal problems, I recommend that you create a screenshot with a time stamp or save electronic copies every time you change your registration page, your privacy policy, your double opt-in emails and the registration logic behind the forms. Archive these screenshots and copies. Whenever something changes in the registration, archive the changed versions again.
Justification: Article 7 paragraph 1 of the EU GDPR requires: “Where the processing is based on consent, the controller must be able to demonstrate that the data subject has consented to the processing of his or her personal data.”
The better prepared you are to provide this evidence, the better your chances are in the event of a dispute.