This is part two on our GDPR compliance series and focuses on your marketing activity. The first part of our series focused on Magento and how to ensure your system was running in a GDPR compliant manner which you can read here. Onto the marketing!
Third Party Recommendations
The era of GDPR coming into force means the end of an era for automatically checked boxes.
You should ensure that you visit every page on your site and take note of any check boxes. If you visit a page with a check box and this check box has is already filled with a tick, you are forcing consent and therefore not operating within the GDPR guidelines. This goes for any check boxes you may have around your site like accepting terms and conditions or signing up for a newsletter.
If you find a check box on your site that is automatically ticked you should change this to be blank by default.
Double Opt In
If possible with your third party services, you should be operating under double opt in as an extra precaution and you have clear consent for all marketing activities. This means that when your customer signs up for a service or marketing, like Mailchimp, they are sent an email from that provider to confirm their subscription. This can result in a lower rate of customers signing up to services but does ensure that the customer has explicitly given consent to receive the service.
Clear Opt Out
As part of the new regulations, it should be quick and easy for a customer to opt out of any services their data may be a part of.
Whenever a service is used that uses customer data, place yourselves in the shoes of the customer and discover how easy it is to opt out. If it isn't easy or clear, this needs to be changed.
For example, check your Magento My Account section. It is easy for a customer to close their account? Is it easy for a customer to unsubscribe from your mailing list? Thoroughly check your website to make sure opting out is easy.
Confirmation of Existing Customers
In the past, you may have operating outside of GDPR guidelines. You may have had automatically ticked boxes or added customers to services without their explicit consent.
To ensure your customers are 100% complicit with you using their data, you should check with your services if it is possible to ask all customers to give their consent again. This may be an email sent to all customers asking them to opt in again to services they have signed up for by a certain date or you will delete their data.
This gives customers a great piece of mind that you care about their data and although you may lose customer data by doing this process, it will ensure you are only speaking to customers who have explicitly given consent to use their data.
You should always be able to answer these questions about the data you collect to ensure you have thought of GPDR in conjunction with the data you are collecting.
- What type of information are you dealing with?
- Where and when was this data gathered?
- What’s the purpose of this data?
- Who can you share this data with?
- What steps did customers take to opt-in?
- Are customers clearly aware of how to opt-out?
This concludes our series on GDPR compliance with Magento & third party marketing. If you haven't read the first part of our series, focusing on Magento & GDPR, you can read this part here.