GDPR - option to not capture / keep email address etc?

Grégoire_Miche2
Level 10

Re: GDPR - option to not capture / keep email address etc?

I like this idea: to be compliant, simply remove all forms from your web site !

Michelle_Miles3
Level 9 - Champion Alumni

Re: GDPR - option to not capture / keep email address etc?

Jenn, I also put in some notes and link to a consent example in my blog here: Marketing Strategies to Thrive in a GDPR World

Michelle Miles
Jenn_Pellerin
Level 2

Re: GDPR - option to not capture / keep email address etc?

Thanks Michelle! So what I've done for the moment is three separate fields:

1. Consent for processing (hidden field)

2. Consent time and date token

3. Consent notes (action they took - ex downloading white paper ABC)

On the bottom of forms, I have put "*Required: Content will be emailed to you. The information you provide will be used in accordance with the terms of our privacy policy." (Privacy policy is linked.)

After they fill out the form, the consent for processing is now "Yes". Field 2 and 3 also fill in.

They will not be added to any mailing lists - hoping this is the good way to go.

Michelle_Miles3
Level 9 - Champion Alumni

Re: GDPR - option to not capture / keep email address etc?

Hi Jenn -

I track data consent and email consent separately using the following fields:

- Email Optin, Email DateTimestamp, Email Optin Source, Email Optin IP Address

- GDPR Processing Rights, GDPR Processing Rights DateTimestamp, GDPR Processing Rights Source, GDPR Processing Rights Notes

A couple things to call out with that - I call it data rights, not consent. Because you could have rights through consent or legitimate interest.

Also, the source could be the same as the email opt-in source. I like keeping the source separate from notes, because then I can include normalized phrases that I can filter off of in smart lists to encompass different scenarios, ie "Retain for 30 days only", or "Limited Processing Rights: No Scoring or Enrichment"

For a whitepaper example, I think you could simply have the opt in language on the form ie:

<unchecked, non-required checkbox> I would like to receive more <type of communication/information> from <company name>. I understand and agree to the privacy policy. <link privacy policy>

Then you have full optin and data consent if you have a robust privacy policy. This info can then populate all fields. If the opt in is ignored, your data rights fields only would be populated, something like this:

- GDPR Processing Rights = Yes

- GDPR Processing Rights DateTimestamp

- GDPR Processing Rights Source = Legitimate Interest from Whitepaper Form Download

- GDPR Processing Rights Notes = No processing unless consent obtained, Retain for 30 days only

Then in the email with the whitepaper you can again invite the user to subscribe by directing them to a optin/subscription page and form. If not response, delete after 30 days. In the mean time, marketing suspend, and populate a marketing suspend reason with something to the effect of 'no email consent'.

Does this help?

I will be speaking in detail on this at Summit if you're interested.

Michelle Miles