What You Need to Know (and Do) About GDPR

What you need to do to make your opt-in forms GDPR compliant.

How to make your opt-in forms GDPR-compliant.Can we talk about the new European data protection regulations (GDPR)?

Because I think we need to.

I’ve been trying to put the whole GDPR thing off as long as possible, but it’s time to dig in, guys. And in case you’re late to the party like me, the regulation goes into effect this Friday, May 25th.

We have to catch up real quick.

Now, I won’t be doing a deep dive on what GDPR means for the future of email marketing or anything like that. I just want to help you understand what it is and share the changes I’ll be making so that my opt-in forms are compliant.

Disclaimer: These are only my interpretations of the regulations. This post is not legal advice. Please make sure you consult with your own legal counsel to help you make the right decisions about GDPR.

First off, what is GDPR?

GDPR isn’t really about email marketing, and yet it is…

Here’s why:

The GDPR is really about regulating how the personal data of EU citizens is handled. And since email marketing contains data in the form of email addresses and other contact info, GDPR most definitely applies to email marketing.

The regulations will give EU citizens rights about their data regarding:

  • What will happen with it (before they submit it)
  • Providing explicit consent before it’s collected
  • Knowing what data will be collected
  • Knowing why you’re collecting their data and how you plan to use it
  • The right to modify, update or remove their data completely

What do we need to do to be compliant?

For email marketing, the regulations translate to:

  • Tell people what you will do with their email address before they sign up
  • Let people see the data you’ve collected about them
  • Give them a way to modify their data and unsubscribe
  • Remove all data you have if they request it

Next, how can you make your opt-in forms compliant?

It’s no longer enough to say “Hey! Grab this awesome freebie” and then send people emails. That’s not GDPR-compliant.

The reason is that people are not explicitly agreeing to receive your emails. All they’re explicitly agreeing to is the PDF, so that’s all you can send them. And nothing else.

From here on out, we need to be more transparent with our opt-in forms and let people know we’ll be sending them emails.

Now, you could add a checkbox that says something like this:

[ ] I agree to receive the weekly newsletter.

BUT HOLD UP. What you can’t do with that checkbox is have it pre-checked by default! People will have to manually check it, which we all know is a pain.

Here’s what I’m doing to make my forms GDPR-compliant:

I’m not a big fan of checkboxes and prompts, so I’m going to tweak the copy on my forms instead. I’ll make it clear that people are signing up for my newsletter first and foremost, and the PDF as a bonus. Plus, I’ll add a link to my privacy policy.

As an example, here’s one of my current opt-in forms:

See how there’s no mention of a newsletter or regular emails? It’s all about the PDF.

Here are the changes I plan to make:

Here’s what makes this GDPR-compliant (as far as I can tell so far):

  • People know they’ll be “signing up”
  • My newsletter is mentioned in the text.
  • The main call-to-action is to sign up for my newsletter – the freebie is a bonus.
  • There’s a link to my privacy + terms.

A few other things I’ll be doing:

  • Adding a “modify my subscription” link next to the “unsubscribe” link in emails (so that people can easily update their info)
  • Double opt-in forms. It doesn’t look like this is required for GDPR…just feels like a best practice thing to do from here on out
  • Sending re-engagement emails to current EU subscribers
  • Applying similar copy changes to landing pages
  • Experimenting with the above form changes vs. segmenting EU subscribers (I may prefer to leave the opt-in forms as is, deliver the PDF, and ask for consent to my newsletter in the delivery email.

That’s it!

Again, this is just my interpretation of the regulations and how I plan to be compliant. I’m sure I’ll be tweaking my forms, landing pages, emails, and website as GDPR rolls out and things become clearer…

…and I’ll keep you posted on it all.

Over to you! What changes will you make to comply with GDPR? Are you all set? Or, is your brain still feeling a bit woozy from it all?

I’d love to hear your thoughts, feedback, and tips. Let me know in the comments so we can all benefit and make sense of the new regulation.

I’m off to change my forms. 🙂

2 replies
  1. MIke
    MIke says:

    Hi Sandra,
    I’m glad you posted this. GDPR is still (December 2018) a little scary/difficult to pin down, especially when you really serve US customers/visitors, but know that you might have some visitors from GDPR countries. The info you provided is a good start and I realize it was written just prior to GDPR coming online. Is there anything more you can follow up with? I still see sites with no hints of GDPR on optin forms, for example. I think we all need continued guidance on this topic.

    • Sandra Clayton
      Sandra Clayton says:

      Hey Mike, I think it’s a safe play to go with “Sign up to get the free ebook” verbiage in opt-in forms. It’s also important to clearly mention that people will receive weekly/biweekly updates and can unsubscribe at any time, along with a link to Privacy. The way I’ve handled GDPR is to specifically ask EU subscribers for consent after they opt-in. If they don’t, I exclude them from my broadcasts and updates.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.