GDPR Compliant Forms

The General Data Protection Regulation (GDPR) serves as a standardization of data privacy law in the European Union and will come into effect May 25, 2018. This regulation will implement a set of rules and processes to ensure the protection of the data privacy of all EU citizens. We have recently posted a Guide to the GDPR covering the most important changes presented along with essential terminology to help you better understand its implications and how GDPR relates to using Elastic Email. Also find out what is GDPR compliance in email marketing.

What is GDPR compliance in email marketing?

As you may be aware now, if you are collecting and storing information from users/customers in the European Union, then you should comply with the GDPR - as you will be affected and subject to the GDPR from the moment you handle information related to even one individual residing in the EU. Considering all of this, we have made adhering to GDPR a very simple thing to do with Elastic Email’s web forms.

Web forms are the most basic and one of the most important tools to help your business grow. With our web forms, you can make sure that the contacts that you have collected are indeed Double Opt-In - which is legally required in some countries/regions. Also, you can now get your contact’s consent to each type of email you might be sending them from the moment they subscribe to your list - more on that later. Similarly, these forms are fully customizable and can be saved in your Elastic Email account.

GDPR compliant forms - how it works in email marketing?

Now, when it comes to GDPR compliance, we have worked hard on our forms personalization and features so you can easily follow the best GDPR practices while adding contacts to your list. Let’s talk for a minute about these features and how you can make them work for you.

Form Description field

This field can be found on the Options tab of the form creator. Our recommendation for GDPR compliance is to utilize this field to clearly explain to your customers/users how you will be processing their data.

Personal Data Disclaimer field

The “Personal Data Disclaimer” field can be found on the Options tab of the form creator. Our suggestion for GDPR compliance is to leave it as it is configured by default since it displays information relevant to the processing of your customer’s/user’s data.

"consenttracking" field

You can find the "consenttracking" field on the Contact fields of the form creator. If you add it to a form, it will allow the contact to opt-in or -out of open and click tracking - you can learn more about tracking your opened/clicked emails.

Custom fields

With our custom fields, you can now add and personalize even more GDPR preferences. As a matter of fact, our custom fields will allow you to be more specific about the type of mail your users will be agreeing to receive, to consent to the processing of your customer’s data, as well as other options.

To give a clear example, let’s say you add a new field called “processingconsent” whose type will be boolean. After you create and add the “processingconsent” field to the form, our form creator will give you the option to make it required - you can name it something like “I consent to example.com collecting and storing my data from this form”. Any other specific processing you will do with your contacts you will need specific consent for, so you can add more checkboxes in the same way to collect the additional consents that you need. You can determine if they are required to check something in order to sign up or if they are simply opting in or out of your particular consent options.

For the non-required consent data you have collected, you can now create dynamic segments and static lists from the results. For example, let’s try it with a form we are creating from scratch.

We will be creating an “smsnumber” field and a custom consent field called “smsconsent”. The SMS number field will be for customers to provide us with a preferred cell phone number to receive messages, while in the custom field “smsconsent” we will be asking them to agree to receive information/offers via SMS - remember that this will be a boolean field. Once we have both added and modified our respective SMS customs field, we will proceed to create a segment for our SMS contacts. From the Contacts section in the account, we will click on the green Manage Contacts button and then select “Create Segment”.

For the purposes of this example, we will be naming our segment “SMS Consent”. Now, for the query, we will choose the “smsconsent” from the drop-down list and choose “=” and choose “true”, which will select for our segment the contacts who have consented to SMS so we can send them text messages to their SMS number. Finally, we will save our progress, and now we have successfully set up our dynamic segment for SMS contacts!

Obtain legal advice

As always, we recommend you obtain legal advice on the matter of consent and your specific business practices and how they would be viewed under the GDPR. If you are using any third party software (integrations/plugins/SMTP sending software, etc.) that transfers contact information to Elastic Email, be sure you are adequately disclosing data processing activities through these channels as well. Our forms are designed to be extremely flexible for all of our customers and it is your responsibility to ensure that you are designing your form information to be compliant with the laws that affect you.

Finally, ensure your privacy policies are clear that you are transferring personal data of your customers to Elastic Email for processing. Specifically, it would be good to add Elastic Email as one of your data processors and how you use or intend to use our services for your customers.

I hope that this article will help you collect your contacts in a proper and compliant to the GDPR way, but if you have questions or would like to ask us something, don't hesitate to contact us - we are available 24/7!

Anna Wybieralska