Making your marketing opt-ins GDPR compliant is easy, and totally worth it. Not only does it solidify the legality of your opt-ins, it can help improve the quality of each opt-in as well by informing customers up-front about what their consent is for.
Table of Contents
The content in this guide is intended to be educational and should not be construed as legal advice. We encourage all of our users & merchants to seek legal advice in order to verify that they are GDPR compliant.
1. What is GDPR Compliance?
GDPR (General Data Protection Regulation) is a law enacted by the European Commission (EU) in 2016 that was designed to protect the privacy of citizens in the EU that, among many other things, dictates requirements when asking for or collecting marketing consent.
Making sure to build your opt-in forms with GDPR requirements in mind will make sure all of your opt-ins in Octane AI are GDPR compliant.
Here are essential rules to consider for collecting GDPR compliant opt-ins:
1. Make it clear that the opt-in is for marketing/data collection.
Simply asking for an email, or promising a discount in exchange for information without any other context are examples of opt-ins that would be too non-specific for GDPR compliance.
Instead, you should make it clear that consent is being submitted for marketing communications and data collection.
2. Make it clear which marketing channels the opt-in is for.
Using "Messenger opt-in" to refer to a Facebook Messenger opt-in for example can be non-compliant with GDPR.
If the opt-in form has more than one field for information (such as email and SMS opt-in fields), each field should clearly label which opt-in channel they're for.
3. Make it clear if an opt-in is required or optional. If an email and SMS opt-in are on the same page, make at least one of them optional.
As long as at least one of the options is optional when you ask for email and SMS opt-ins, you'll ensure that you're compliant with SMS carriers in the United States and Canada as well.
4. Making sure there's no penalty if someone opts out.
This is especially important if you offer an incentive in exchange for an opt-in. Revoking an opt-in discount if someone unsubscribed for example would be non-compliant.
1.1. Creating a GDPR Compliant Opt-in Form
We'll use a visual comparison of a GDPR compliant pop-up versus a non-compliant pop-up that you can use as a cue for your own content.
In the second pop-up, both the SMS & email fields are required and the pop-up asks for information without stating what the information will be used for.
Importantly, you should always include an SMS opt-in disclaimer when collecting phone numbers (Octane AI provides one by default).
The Facebook Messenger opt-in checkbox should also be very specific about the checkbox giving a Facebook Messenger opt-in.
2. Requesting Customer Data in Shopify
GDPR allows your store's customers to request personal data about them that's being processed by a company.
If a customer requests their data from you, you can process these requests in Shopify. The customer's data, including any data Octane AI has on them (if available) will be emailed to the store owner.
Have any questions? Send an email to [email protected] or use the support icon to chat with our team.