Newsletters: GDPR Requirements
What is GDPR?
The GDPR website states “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.”
Protecting private data is something we are passionate about at Tribulant Software and a cause we can get behind 100%.
GDPR applies to all companies processing personal data of people in the EU, regardless of the company’s location. This means that even if you’re outside Europe, you need to take action.
The good news is that GDPR compliance for the Newsletter plugin is 100% free and does not require any additional plugins. Just a few simple tweaks to your existing forms and you’re set.
The Main GDPR Requirements
- 1. Request Consent: GDPR requires that users give explicit consent before submitting personal data.
- 2. Right to Access: Provide a way for users to request access to, and view the data you have collected from them.
- 3. Right to be Forgotten: Give users a way to withdraw consent and delete personal data collected from them.
How to Comply
1. Request Consent
Requesting consent is as easy as adding a checkbox custom field to your subscribe forms. Go to Newsletters > Custom Fields and add a new, required checkbox custom field with a label/option that says something like “I give consent to Company Name to collect and use my details via this form“. As a result, the subscribe form will only submit once the checkbox is checked and your subscriber has given consent. Make sure you add this required checkbox custom field to all your forms.
2. Right to Access
Your subscribers already have access to their subscriptions and profile on the Manage Subscriptions page. Make sure you put a
[newsletters_manage] shortcode in your newsletter template or content so subscribers can have access. Also make your Manage Subscriptions page prominent on your website.
3. Right to be Forgotten
We added a “Delete Account” button to the Manage Subscriptions page for subscribers to delete their subscriber account completely. This is turned on by default as you install this update but it can be turned on/off under Newsletters > Configuration > Subscribers > Subscriber Management as needed.
If you previously gained consent from your subscribers in a way that complies with the GDPR, you don’t need to re-obtain consent from them.
You can however re-obtain consent with the following steps:
- Create a new mailing list under Newsletters > Mailing Lists.
- Create a newsletter under Newsletters > Create Newsletter.
- In the newsletter, put a
[newsletters_subscribe_link list=X]shortcode for the new list.
- Your subscribers can now confirm and give consent to your new mailing list.
- Use your new mailing list with confirmed subscribers to send newsletters to.