GDPR is Here: How True is Responding to the Legislation

This blog post is in no way intended to serve as legal advice. It provides transparency to some of the actions True has taken to be a better marketing communicator. Please consult a legal professional to ensure you are GDPR-compliant.

With fines as high as $20 million or 4% of revenue for non-compliance, it’s no surprise that marketers around the world are making efforts to prepare for the General Data Protection Regulation (GDPR) became law on May 25, 2018. The legislation is the most comprehensive regulation ever implemented to address how companies collect and use data for EU residents — and True is proactively making changes to be compliant.

Although the GDPR is a European legislative policy, it can also affect companies outside of the EU if they market or communicate with people in the EU.

The legislation was created to give individuals within the European Union insight and control over the data companies collect about them. This legislation may also encompass citizens of other countries who are visiting, staying or residing within the EU during their stay. Therefore, American-based organizations like True may find themselves affected by the legislation.

True has worked with legal experts familiar with the regulation, and we have made several adjustments to our business practices to better align our communication efforts with the legislation.

Improving Transparency with Customers Under GDPR

One of the core tenets of the GDPR is that customers have the right to know how their information is being collected and what it is being used for. To be more transparent with our customers about how we collect and use their data, True has taken the following steps:

• We updated our website to notify visitors that our site uses cookies for tracking. Visitors are immediately prompted when they enter our website for the first time and given more information on how to disable the cookies on this and any site. This helps ensure our consumers are aware of data collection and tracking and its purpose.

Honesty is key here — we want to let our visitors know why we are using cookies and what purpose this serves them. Tracking allows us to see what content is most engaging and valuable to our customers, so we let visitors know that cookies help to “get the best experience on our website.”

• Next, we updated our privacy policy to reduce legalese and include more easily understandable language. One of the key issues that came up in Mark Zuckerberg’s hearing with Congress was that many people agree to privacy policies that they do not understand. We consulted with legal advisors for guidance to reduce complicated jargon in our privacy policy in an effort to clearly explain how we use the data we collect.

For example, we use third-party systems to store and process information. In our privacy policy, we explicitly disclose what third-party systems are used, how they are used and provide links to their privacy policies.

• Not only did we make our policy clearer for our customers, but we also made it more easily accessible. Although our website has always included a link to our privacy policy, some customers may not have known where to access it. To address this, we have included a link to our privacy policy on every form customers fill out in addition to the bottom of every webpage.

Taking Extra Steps to Earn Consent for Communications Under GDPR

The second tenet of the GDPR is that customers have control over how their data is used. To address this, True has made adjustments to our subscription forms to ensure customers have consented to the collection and use of their information for marketing purposes.

To verify that customers want to subscribe to future communications, we now use a double opt-in process before engaging in any continued marketing or communications.

What is involved in this double opt-in process? First, we ask customers for consent to send them marketing materials on the forms located on our website. Next, we send a follow-up confirmation email asking the customer to again confirm their consent by clicking an additional link.

In addition to the double opt-in process, we are implementing several additional best practices to ensure consumer consent:

• Ask customers to opt-in rather than opt-out to communications.
• Require customers to manually opt-in to communications by checking the opt-in box on forms rather than including an automatic opt-in or pre-checked box on contact forms.
• Provide clear options for people to unsubscribe from communications. We’ve streamlined the opt-out process to a one-step process rather than requiring customers to move through several pages.

While True has taken these steps to be compliant, these actions may not be suited for other organizations. To ensure your company is fully prepared for these legislative changes, refer to the Independent Commissioner’s Office GDPR guide and also consult with legal professionals to ensure your privacy policy and practices are in compliance.

Read part 2 of our GDPR blog series for a continued discussion of GDPR and how you can leverage the legislative changes to maximize marketing efforts.