This blog post is in no way intended to serve as legal advice. It provides transparency to some of the actions True has taken to be a better marketing communicator. Please consult a legal professional to ensure you are GDPR-compliant.
With fines as high as $20 million or 4% of revenue for non-compliance, it’s no surprise that marketers around the world are making efforts to prepare for the General Data Protection Regulation (GDPR) taking effect on May 25, 2018. The legislation is the most comprehensive regulation ever implemented to address how companies collect and use data for EU residents — and True is proactively making changes to be compliant.
Although the GDPR is a European legislative policy, it can also affect companies outside of the EU if they market or communicate with people in the EU.
The legislation was created to give individuals within the European Union insight and control over the data companies collect about them. This legislation may also encompass citizens of other countries who are visiting, staying or residing within the EU during their stay. Therefore, American-based organizations like True may find themselves affected by the legislation.
True has worked with legal experts familiar with the regulation, and we have made several adjustments to our business practices to better align our communication efforts with the legislation.
Improving Transparency with Customers Under GDPR
One of the core tenets of the GDPR is that customers have the right to know how their information is being collected and what it is being used for. To be more transparent with our customers about how we collect and use their data, True has taken the following steps:
Honesty is key here — we want to let our visitors know why we are using cookies and what purpose this serves them. Tracking allows us to see what content is most engaging and valuable to our customers, so we let visitors know that cookies help to “get the best experience on our website.”
Taking Extra Steps to Earn Consent for Communications Under GDPR
The second tenet of the GDPR is that customers have control over how their data is used. To address this, True has made adjustments to our subscription forms to ensure customers have consented to the collection and use of their information for marketing purposes.
To verify that customers want to subscribe to future communications, we now use a double opt-in process before engaging in any continued marketing or communications.
What is involved in this double opt-in process? First, we ask customers for consent to send them marketing materials on the forms located on our website. Next, we send a follow-up confirmation email asking the customer to again confirm their consent by clicking an additional link.
In addition to the double opt-in process, we are implementing several additional best practices to ensure consumer consent:
- Ask customers to opt-in rather than opt-out to communications.
- Require customers to manually opt-in to communications by checking the opt-in box on forms rather than including an automatic opt-in or pre-checked box on contact forms.
- Provide clear options for people to unsubscribe from communications. We’ve streamlined the opt-out process to a one-step process rather than requiring customers to move through several pages.
Read part 2 of our GDPR blog series for a continued discussion of GDPR and how you can leverage the legislative changes to maximize marketing efforts.