In the last post, we covered general information about GDPR (General Data Protection Regulation) and how to make sure your existing subscriber list is legal. But there is another thing that GDPR is going to *change forever* (insert dramatic music) – the way you collect your subscribers through subscription forms. The subscription forms and pop-ups will now need to change to reflect the new regulations. Here are some practical tips (with examples!) on how to create GDPR-friendly subscription forms (Disclaimer: remember, this is *not* legal advice on how to adapt your business to GDPR and we do not assume liability for the accuracy of the information below – even though we do our best! Ask a legal professional if you have any specific questions).
There are a few main things that you need to remember regarding the new GDPR-compliant subscription forms:
1. Collect consent through affirmative action, not through tricking your customers/ readers into subscribing to your newsletters because they forgot to opt-out of something:
DON’T: pre-ticked boxes or OPT-OUT forms:
Example of a PRE-TICKED BOX (car-rental company):
Sneaky! In order to rent a car for my holidays, I needed to give my email address to fulfill the order. At the bottom of the order page, there is a little pre-ticked box with a fine-print signing me up for the car rental’s newsletter – something I probably wouldn’t be interested in, but there is a chance that I will overlook the little pre-ticked box and land on the subscribers’ list anyway…
Example of an OPT-OUT:
Sneaky sneaky! An airline I was recently buying tickets from was trying to use the email that I gave them to fulfill my order (send me the e-tickets) to send me their newsletter without my explicit consent.
Both examples above are illegal practices according to GDPR (even if the companies weren’t based in the EU – I am an EU resident and they need to comply with GDPR if they want to process my data).
WHY?
I did not *give* them my consent through *affirmative action* – both companies *assumed* I want to receive the newsletter from them and made it default. So in order not to receive these communications, I would have to opt-out.
RULE NO 1: the subscribers need to give you clear consent to receive emails by affirmative action, e.g. ticking the boxes themselves.
As pointed out by Tim Watson, Article 4(11) of GDPR defines consent as:
‘freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed’
Now, this ‘clear affirmative action’ is further specified in Recital 25:
‘Silence, pre-ticked boxes or inactivity should therefore not constitute consent.’
2. One purpose, one consent – create separate consent forms for each *type* of consent you are planning to send in your newsletter:
You need to state very clearly *each* purpose you will be sending the newsletter for – so, say – if you have a subscription form for ‘top marketing tips’, you also need to include a separate consent tick-box if you want to send offers for paid courses to the subscriber.
Also, you will need to add separate consent tick-boxes to send emails from your company subsidiaries:
Source: https://secure.tesco.com/account/en-GB/register?newReg=true&from=https%3A%2F%2Fwww.tesco.com%2Fgroceries%2F&_ga=2.70113298.367025957.1525764305-77532811.1525764305
3. Make it clear how to unsubscribe
In the same Tesco example, you can see clear instructions on how to unsubscribe even before you give up your email:
4. Include a link to the terms and conditions of the subscription
Yes, you need to have a separate privacy policy for the newsletter; hiding your subscription’s terms and conditions in some 50-page-long general terms and conditions does not cut it anymore.
How about quick sign-up boxes and pop-up forms?
Source: http://www.gf4b.co.uk/wp-content/uploads/2017/10/GDPR-Whitepaper-Forms.pdf
So, what conditions need to be met for short sign-up boxes/ pop-ups?
- they need to clearly state the purpose of the newsletter
- they need to have a sign-up button that will allow the subscriber to express their consent through a clear affirmative action (pressing the button!)
- they need to be written in a clear, understandable language
- they need to have a link to terms and conditions specifically for the newsletter (not buried somewhere in 20-page-long general terms of use!)
- they shouldn’t include incentives – e.g. if you want to give someone a freebie, you can, but you need to include a separate consent box if you want to send people a newsletter afterward
Conclusion:
DO:
- include a way to express clear affirmative action (by ticking a box or clicking a button)
- write your subscription forms in a clear language
- include a separate consent form for each purpose…and each sender (e.g. subsidiary company)
- include a link to the terms and conditions of the subscription
- include information about how to unsubscribe
DON’T:
- fool subscribers into subscribing to your newsletters by pre-ticking consent boxes or including an opt-out rather than opt-in
- hide the real purpose of the subscription in the subscription form (e.g. by providing an incentive to sign-up)
- hide the terms and conditions of the subscription in some general terms and conditions
Hope this clears things up a bit! If you have any questions, let me know in the comments!
/en/blog/gdpr-friendly-subscription-forms
Get started with email marketing
Create beautiful email newsletters for free with Get a Newsletter and reach your subscribers and customers in a heartbeat.
Leave a Reply