Tip 2: Add consent-gathering steps to customer touchpoints on your web properties.
To determine when and where to ask for consent, you could start by making a list of where and how data is collected on your web properties. Next, make note of how each data point is used. You are likely to see themes or clusters form around areas in the user journey such as when a visitor first lands on your site or during your checkout process. These clusters become good checkpoints to stop to ask for visitor consent to proceed. A few natural places to consider include the first page a user hits when they land on your site, signup forms, preference centers and the checkout process. Each site is unique, so look to add consent-gathering steps where it makes sense for your business.
Here are two common places you may consider getting consent:
You may also consider capturing and storing more robust consent information when someone hits the submit button. You may consider capturing information such as timestamp, IP address and the consent language the user saw when they opted in if you aren't already doing so.
Tip 3: Make your web properties GDPR-friendly for visitors who do not consent to use of their data.
In tip 2 we suggested you map out the data you are collecting and how it is used by your company. Now it's time to update your site functionality to stop collecting and processing personal data for visitors who wish to remain anonymous. Update your site functionality to only capture and process personal data for visitors who have given you express consent to do so.
Tip 4: Touch base with your EU contacts and customers to gain affirmative consent.
Now is a great opportunity to reach out to current contacts and customers in the EU to get affirmative consent that they still wish to get messages from your company. You should also confirm they agree to the ways you intend to continue using their data. It’s important that if you intend to continue marketing to EU subscribers beyond May 25, 2018, that you have a record of how they subscribed.
Check out our THRIVE course on how to set up a one-time reconsent conversation for EU contacts. (Available to Listrak Clients Only. If you don’t have a login to Thrive, reach out to your Account Manager or Support to get an access code.)
Tip 5: Get your internal processes, technology, and staff ready for GDPR Right to Know and Right to Be Forgotten requests.
Once you've put in the work to make your web properties and marketing GDPR complaint it's important you consider the role your own employees play in protecting personal data. Ensure everyone on your team with access to personal data understands their duties in protecting the privacy of your customers and contacts.
• Decide now how you will handle cases where a customer or contact asks to see a copy of their data.
• Decide now how you will handle cases where a customer or contact asks to have their data erased.
Ask yourself, “Who will take these requests?” “Who will validate the identities of the requesters?” “What steps will they take to validate the identity of the requesters?”
Also, consider whether or not you should build technology to automate the process of finding or erasing data.
Listrak has several processes and procedures in place to handle requests related to data access, data edits and data erasure. Check out our THRIVE course for instructions on where to submit data-related requests.
Taking the time to make sure your web properties and cross-channel marketing efforts are GDPR compliant is an opportunity to show your visitors, contacts, and customers that you care about their privacy and personal data. For help implementing some of these tips, check out our GDPR Course in Thrive now or contact your account manager.
If you have questions about GDPR, contact email@example.com.
Listrak does not provide legal advice, however, we feel it is important to provide details on how the European Union General Data Protection Regulation will affect your business. We advise you to consult with your company’s legal team for additional details.