GDPR: What You Need to Know and How MailOptin Helps You Comply | MailOptin

GDPR: What You Need to Know and How MailOptin Helps You Comply

gdpr flag

GDPR stands for the General Data Protection Regulation. It’s a law enacted by the European Commission in 2016 that goes into effect on May 25, 2018. It’s designed to protect the privacy of all EU citizens. It applies to almost every internet company or website using contact forms and email marketing, which probably includes your site too.

Regardless of where your business is located, if your website gets visitors from around the world, and collects information from people located in the EU, it should be aligned with GDPR.

How MailOptin Will Help You Comply with GDPR

Please note this is not a legal paper and should just help you to get started. Contact your lawyer for more info on the GDPR and your local laws.

Obtaining consent

With the GDPR’s strict policies, marketing to EU residents requires explicit, active, and unambiguous consent.

To this end, we added the option to display a required checkbox alongside your privacy policies, terms of service or whatever agreement users must consent to.

Optin form with accept terms and marketing permission checkbox

The GDPR requires you to be able to demonstrate proof of explicit, affirmative consent from data subjects so that you’re able to provide it if requested.

Depending on the email service provider (ESP) you are using, MailOptin will save the consent against their profile either as custom field, tag or utilizing the API of your ESP to pass across the consent.

Taking MailChimp, Drip, ConvertKit and Sendy as an example, here’s how the GDPR consent is stored.

mailchimp gdpr flag

Drip subscriber with GDPR / EU consent

 

 

ConvertKit subscriber with GDPR / EU consent

 

Sendy subscriber with GDPR / EU consent

An alternative to using a checkbox to get explicit permission to send marketing emails is the use of double opt-in. When double opt-in is enabled, contacts will need to confirm their email address before receiving further communications.

However, relying on double opt-in will reduce the number of contacts you’re getting into your system because it requires the contact to check their inbox and click a link to confirm. Hence we recommend the checkbox approach above.

Collect Only Personal Data You Need

In light of GDPR, it is advisable you collect only personal data about your subscribers that you need. As a result, we added a feature to make the name field optional.

Make name field in optin form optional

Right to Be Forgotten (GDPR Article 16)

A subscriber may request to have all data you have stored on them erased, which would include data stored by MailOptin in your WordPress database. MailOptin only store personal data about subscribers/visitors when Lead Bank (used for storing record of subscribers that opt in to your campaigns) is active.

If you receive a legitimate request for this from your subscriber, search for the subscriber using the search form and delete their data.

Lead Bank page

If you do not want to save any data about subscribers via Lead Bank, you can disable it  by navigating to Settings >> “Lead Bank” and then check “Disable Lead Bank”.

Lead Bank Settings

Right of Access and Portability (GDPR Article 15)

A subscriber may request access to all data you have stored on them, which would include data stored in LeadBank. Thankfully, WordPress 4.9.6 will include tools for GDPR compliance to export or/and remove a registered user data.

When users request for their data, the export file will include any lead bank data tied to them.

WordPress user data export

Also, when they request for their personal data to be erased at Tools >> Erase Personal Data, MailOptin will automatically anonymize their record in Lead Bank by default.

WordPress delete all user data

Lead bank anonymized data

Add the code below to a site specific plugin or your active theme’s functions.php file if you want MailOptin to delete the data instead of anonymizing it.
add_filter('mo_leadbank_delete_personal_data', '__return_true');

Further Resources