GDPR: What You Need to Know and How MailOptin Helps You Comply

GDPR stands for the General Data Protection Regulation. It’s a law enacted by the European Commission in 2016 that goes into effect on May 25, 2018. It’s designed to protect the privacy of all EU citizens. It applies to almost every internet company or website using contact forms and email marketing, which probably includes your site too.

Regardless of where your business is located, if your website gets visitors from around the world, and collects information from people located in the EU, it should be aligned with GDPR.

How MailOptin Will Help You Comply with GDPR

Please note this is not a legal paper and should just help you to get started. Contact your lawyer for more info on the GDPR and your local laws.

Obtaining consent

With the GDPR’s strict policies, marketing to EU residents requires explicit, active, and unambiguous consent.

To this end, we added the option to display a required checkbox alongside your privacy policies, terms of service or whatever agreement users must consent to.

The GDPR requires you to be able to demonstrate proof of explicit, affirmative consent from data subjects so that you’re able to provide it if requested.

Depending on the email service provider (ESP) you are using, MailOptin will save the consent against their profile either as custom field, tag or utilizing the API of your ESP to pass across the consent.

Taking Mailchimp, Drip, Kit (ConvertKit) and Sendy as an example, here’s how the GDPR consent is stored.

An alternative to using a checkbox to get explicit permission to send marketing emails is the use of double opt-in. When double opt-in is enabled, contacts will need to confirm their email address before receiving further communications.

However, relying on double opt-in will reduce the number of contacts you’re getting into your system because it requires the contact to check their inbox and click a link to confirm. Hence we recommend the checkbox approach above.

Collect Only Personal Data You Need

In light of GDPR, it is advisable you collect only personal data about your subscribers that you need. As a result, we added a feature to make the name field optional.

Right to Be Forgotten (GDPR Article 16)

A subscriber may request to have all data you have stored on them erased, which would include data stored by MailOptin in your WordPress database. MailOptin only store personal data about subscribers/visitors when Lead Bank (used for storing record of subscribers that opt in to your campaigns) is active.

If you receive a legitimate request for this from your subscriber, search for the subscriber using the search form and delete their data.

If you do not want to save any data about subscribers via Lead Bank, you can disable it  by navigating to Settings >> “Lead Bank” and then check “Disable Lead Bank”.

Right of Access and Portability (GDPR Article 15)

A subscriber may request access to all data you have stored on them, which would include data stored in LeadBank. Thankfully, WordPress 4.9.6 will include tools for GDPR compliance to export or/and remove a registered user data.

When users request for their data, the export file will include any lead bank data tied to them.

Also, when they request for their personal data to be erased at Tools >> Erase Personal Data, MailOptin will automatically anonymize their record in Lead Bank by default.

Add the code below to a site specific plugin or your active theme’s functions.php file if you want MailOptin to delete the data instead of anonymizing it.
add_filter('mo_leadbank_delete_personal_data', '__return_true');

Further Resources

• GDPR: What Europe’s New Privacy Law Means for Email Marketers (litmus.com)
• 6 Myths about the GDPR and Email Marketing Debunked (AWeber.com)