Starting late May 2018, GDPR (General Data Protection Regulation) will be made effective, and several aspects need to be addressed regarding the consent form with which the individual will provide his/her personal data for further processing.
Let's look at each of these aspects and how you can use the Convert Experiments Visual Editor to make the consent forms GDPR compliant.
Consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
What you could do, is to use the Convert Visual Editor or Custom CSS code and try to separate the terms and conditions and opting in/out to emails by using:
- different, boxed sections for the various parts of the registration form,
- using different background colors.
In addition what could help more is to use:
- the word "email" (or any other form of communication e.g. sms, etc.) to clarify what the customer will receive once the opt-in button is clicked,
- "optional" tag next to opt-in/opt-out submission button.
All of these can be easily be done when using the Convert Visual Editor > Edit HTML, Move and Resize, Change BG Color functions, etc..
Pre-ticked opt-in boxes or opt-out boxes are invalid – use unticked opt-in boxes or similar active opt-in methods (e.g. a binary choice given equal prominence).
What is Opt-In?
When a company uses an opt-in consent strategy, the consumer must affirmatively give the company permission to send information about new products or sales or to share the consumer’s information with other companies in a business relationship with the company where that consumer has an opt-in agreement. Generally, a consumer must click on website boxes or send an e-mail request to the company or its affiliates in order to authorize consumer e-mail.
What is Opt-Out?
What is Soft Opt-In?
There is an exception called the soft opt-in. This means that consent is not required if you are sending a marketing message about similar products and services to your customers as long as:
- You give them the opportunity to opt-out when you receive their contact information; and
- You give them the opportunity to opt-out when you send them subsequent messages.
This processing is not based on consent, but rather the legitimate interests processing condition and can only be relied upon by the organization that collected the contact details, not third parties.
Give granular options to consent separately for different types of processing/communication wherever appropriate. Each channel is good to have a different opt-in checkbox.
Name your organization and any third parties who will be relying on consent – even precisely defined categories of third-party organizations will not be acceptable under the GDPR.
Easy to withdraw
Tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.
Keep records to demonstrate what the individual has consented to, including what you told them, and when and how they consented.
No imbalance in the relationship
Consent will not be freely given if there is an imbalance in the relationship between the individual and the controller. This is mainly for the relationship employer/employee and this consent is asked in employment contracts.