GDPR Compliance In Action: Opt-In Consent Forms

Avatar Act-On

At some point you need to stop asking whether you’re prepared for GDPR compliance, and start showing how you’re ready for the biggest change to the internet in a generation.

Commonly referred to by its acronym, GDPR is the European Union’s General Data Protection Regulation. It becomes effective on May 25, 2018. We’ve produced quite a bit of information about the new regulation, including podcasts, blog posts, eBooks and webinars.

In a nutshell, GDPR:

  • The key principle of GDPR gives consumers control of their data
  • Applies to the 28-nation European Union’s 510+ million citizens, as well as any business doing business with them, regardless of where they are based
  • Fines of up to 4 percent of total global revenue for violations

Most of us leave thousands of fingerprints of our personal data throughout the Internet from social media, retail shops, banks and financial institutions, and elsewhere. News headlines in recent years highlighted who is legally and illegally using that data (and somewhere in between), whether data hacks at Target, Home Depot and Experian to Cambridge Analytica’s shady harvesting of data from more than 50 million Facebook profiles.

In many ways, the collection and use of that data begins with vague, misleading opt-out forms or confusing terms-of-service agreements. Now, EU residents will have the freedom to opt in, rather than the burden of opting out. And consent must be easy to withdraw.

David Fowler, who is Act-On’s head of privacy, compliance, and deliverability, has been in the front row in many of the conversations clarifying what GDPR means for Act-On and its thousands of customers.

Fowler said despite the real challenges that come with complying with GDPR, this also presents an opportunity for companies to reset their standards for email engagement, embrace a new normal, and “reap the benefits of what should be a more engaged funnel and customer base as fortunate side effect.”

“This is an opportunity to reassess your opt-in list strategy for more engaged prospects in your funnel,” he said. “Yes, GDPR may be forcing our hand, but adding a strategic opt-in strategy to your forms used in inbound lead generation campaigns will allow your prospects to self-select into the types of messages they want to receive – from their very first interaction with your brand. With the proper strategy in place this will allow for more effective segmentation and tailored methods of engagement, which should cause an organic lift in engagement in your funnel.”

At Act-On, back in 2016, we undertook a third-party assessment of our preparedness for GDPR through a company called Truste, which is an organization that certifies our website and our privacy principles. From their assessment, we put together a working plan of what we needed to do for GDPR compliance.

One of those items was rewording our opt-in consent forms to be in compliance with the regulation, and then pushing out that change across all the hundreds of forms we may be using in our own marketing operations.

[podloveaudio src="" duration="7:57" title="Ep. 75 | GDPR Compliance and Opt-In Consent Forms"]

We recently chatted with Robert Kohnke, Act-On’s Marketing Operations Strategist and the person in charge of adding our GDPR-compliant consent to all of our forms. You can listen to our interview on our Rethink Marketing podcast, episode 75.

Robert said Act-On’s legal, compliance, and marketing teams worked together to draft the new consent language. The goal was to be compliant, but not too long that it became a roadblock to someone completing a form.

Once the language was settled on, Robert created a new form in Act-On, and then added the new opt-in language into a field. He then saved that field as a template, which he was able to quickly drag and drop into all of Act-On’s other forms.

Act-On recently created an eBook on Using Act-On to Manage Consent for the GDPR. It covers the step-by-step processes for creating compliant forms, as well as segmenting your master lists to reflect those who have opted in, as well as clear out those who want their information removed.

For more information about GDPR, visit our GDPR hub.