European Union’s privacy act and e-newsletter subscription forms
Photo Copyright: mixmagic / 123RF Stock Photo
“Many feel that because it’s an EU initiative the regulations don’t apply to them. The problem is the GDPR is not just bound by region in terms of people actually in the EU. It extends to anyone doing business or holding data for citizens in the EU.”
Matt Tyrer, senior manager, solutions marketing, Americas at Commvault in Ottawa
If you are using MailChimp, Active Campaign or any other email campaign service I’m willing to bet you have seen an email come out about how they are complying with the European Union’s General Data Protection Regulation (GDPR).
Here at Platypi we use Active Campaign for our e-newsletter sending tool however a fair number of my clients use MailChimp so I have had the pleasure of looking into how both these system are adapting to the GDPR.
Please note that this blog post deals with how to alter your online e-newsletter form from this point forward so that any new e-newsletter subscribers are using a form that is GDPR compliant. If you have e-newletter subscribers on your list from the EU right now, the proper protocol is to get them to re-subscribe or re-confirm their subscription to your newsletter list using 1 of the 2 methods below. If you are a Canadian company this probably sounds very familiar to what you had to do to be compliant with CASL (Canadian Anti-spam Legislation) back in 2014.
NOTE: The comments below are the opinions and solutions implemented by Platypi Designs and should in no way be considered legal advice. If you have questions about how you can be GDPR compliant, please contact your legal team.
The preferred GDPR e-newsletter subscription form
So far from what I have read and seen for solutions the preferred way to comply with GDPR seems to be by adding checkboxes to your newsletter subscription form that allows subscribes to choose what they are opting into. The messages can be updated as per your needs and this extra section will be added to your online form where you ask for their name and email address.
The MailChimp standard example looks like this:
Source: https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-formsIn essence the form becomes a bit clunky and no longer fits nicely into very small spaces.
I believe that this option assumes that you do not have the double opt-in feature enabled because that would be redundant.
I tested out a dummy MailChimp form that I created, and I noticed that I can submit the form without checking any checkboxes? What if I forgot to check them? Now I’m subscribed to a list, but the owners of the list don’t have the right to email me as I haven’t checked any of the boxes. I haven’t found good answer for this but when I find one I’ll be sure to update this post.
If you’re based in Canada and market to Canadians then you need to follow CASL (Canadian Anti-spam legislation). The easiest way to be compliant for CASL when it comes to online newsletter subscription forms is to have a double opt-in. So this means that someone signs up for your newsletter on your website, they will get an email to their inbox asking them to confirm they want to be a part of your list. They click a link in the email and that confirms their subscription.
When you are using a double opt-in, I read that you can avoid the checkbox scenario provided you do three things:
- Make sure you tell your newsletter subscribers the different scenarios in which they will be contacted by you (i.e. sales and marketing offers, regular newsletters, occasional time sensitive updates, etc) so that people understand what they are opting into.
You can include a blurb above your newsletter subscription form that is a bit longer than “Sign up for our newsletter” AND/OR add the text into the opt-in confirmation email that they get. So that before they hit the “Yes sign me up to your newsletter” link they know what they are saying yes to. If you watch the video above you’ll see we do a bit of a combination of these two.
- Take a screen shot of what the newsletter subscriber will see that has your explicit message of what they are signing up for. Whether it’s the text on your website above the form or in the opt-in email, take a screen shot and keep that on file. I basically have a folder on my computer where I have a screen shot of my opt-in confirmation message and then I add any newsletter subscription emails (see step 3) to that folder.
- When someone clicks on the link in the opt-in email confirmation, you should get a notice of who signed up if you are the administrator of the email newsletter account. The email that comes in tells you who subscribed and has as date/time stamp. What I do is PDF this message and keep it in the same folder as my screen shot of email opt-in confirmation message. I then know what the newsletter subscriber agreed to.
As you can see this process is more time consuming however it does avoid the checkboxes which I really liked and it seems to meet requirements from what I have read.
This alternative option came from an Active Campaign article in the section called “Confirmation Opt-In Forms”