background

Actionable GDPR re-consent/re-permission campaign guide - GDPR compliance for e-mail marketing

30 April 2018

With the General Data Protection Regulation (GDPR) coming into effect on May 25th, there is a lot of information and resources on what GDPR means, how it affects you - but not any actionable guides that can help you to comply with the regulation.

We all have them, in one form or another. An important list of e-mail addresses to existing and prospect customers. Today I will help you find out if you have what is called a lawful basis for processing your e-mails after May 25th and most importantly - what you can do to continue using your e-mail list after May 25th.

Lawful basis, what does it even mean?

After May 25th you will need to have a lawful basis for sending out email marketing, you can read about them more in details at the Information Comissioners Office website - in a nutshell, you will either need to have a valid consent, or a legitimate interest to be able to send out marketing to your subscribers.

In most cases consent will be the most appropriate form of lawful basis for processing.

Are your existing consents valid in GDPR?

Well, the answer is - it depends. Did you provide your individuals with information about why and how you would be using their data in a clear and precise way, a clear link to your privacy notice, where all your checkboxes unchecked by default?

If the answer is no, or, I don't know to any of the questions you need to refresh your existing consents if you would like to continue sending e-mails to these individuals without breaching GDPR.

What is a re-permission, also known as re-consent campaign?

It's as simple as sending an e-mail to your existing email list asking them if they would like to continue receiving e-mails from you and making sure that you keep the evidence of what you said and the individual consented to.

If done correctly, you will end up with an e-mail list that is more engaged, increased open rates and meet the highest compliance standards introduced by GDPR. Sure the list might be smaller but it will definitely be more relevant!

How to setup your first re-permission campaign

Konsento is a consent management software perfectly suited to solve your re-permission campaign. You simply create an agreement with your different consent options, then you send out an e-mail to your current e-mail list and insert a unique link per mail. Mailchimp calls this "User Merge Tags", Salesforce calls them "User Merge Fields". You must obviously make sure that the e-mail is compelling enough for the recipient to want to click the link.

This link will take the user to your re-permission or re-consent page that is branded with your logo, background, enticing header and tagline which makes the user want to read more, then tick the appropriate checkboxes and hit Accept (or Reject for that matter).

This might seem simple, and it is! But in the background Konsento is doing a lot of things. First of all the Consent is captured and stored with the relevant evidence that you will have to produce if the data processing authority comes knocking on your door. We also make sure to keep track of any changes made to the consent so that you will have a strong audit trail showing who did what at what point in time. All information can either be used in our easy to use web portal or programatically accessed using our advanced cloud based Consent API.

What are you waiting for, let's get started with your first campaign

Step by step guide to your next re-permission campaign

So you are ready to take control of your email list - great! Open up a new browser window, go to https://konsento.io and create your account, don't worry about putting in your credit card - your first consent is free of charge!

Step 2 Create your First Agreement Create Agreement

Which takes you to the Create Agreement form Create Agreement Form

If you don't really know exactly what you should have in your agreement you can use our sample agreement text and then modify it to fit your specific needs.

Add your granular consent options Create Agreement Options

We recommend that you add granular consent options to your agreement instead of "We will contact you.." you should give the option to the individual to say if they want to be contacted via email, phone, SMS, mail and so on.

Add extra information Create Agreement Notes You can if you want to attach a document that gives the user more information, more importantly, you can add internal notes that only you and your organisation can see. You can use it to for example, describe what you should do if a consent is withdrawn.

Context is a great way to group multiple agreements, let's say that you have a SignUp form which you change the text to, then create a new agreement and re-use the context. This way you can easily search for consents and agreements related to your SignUp form.

Make it yours - branding and design Create Agreement Branding You want the consent page to be inviting with a clear call to action - Konsento gives you full control over the header, tagline, logo and background image to make sure that your users know that they are interacting with your business.

Save it

Create Agreement Save

Now you just save the agreement and invite users to give their consent. You can send out the invitations using your own mailing system, or use Konsento, if you are using Konsento you can customize the email text.

Collect your first consent in your newly created re-permission campaign

The most common scenario is that you already have a good e-mailing marketing system in place - we don't want to force you to change so instead we made it easy for you to integrate Konsento with your current system.

Overview

You will refresh your consents in three simple steps.

  1. Create Agreement
  2. Create re-permission / re-consent campaign from your email marketing system.
  3. Collect consents.

So step 1 we have already done so lets move on to step 2. We will be using Mailchimp as an example, but the most commonly used systems has similar features that allows you to send out unique links to your email subscribers.

Go to your email marketing system and create a campaign and write an email that conveys the value of your brand, just like your other email campaigns. Remember that by sending out this re-permission mail you are actually letting your users opt-out so make sure that you write something good to get the open rates high.

Insert a link in the email that the user should click on to review and accept your use of their data. You can pre-populate the consent form by adding special data (url query parameters in "geek") to the link.

This is an example link created in Mailchimp: https://app.konsento.io/consent/public-review/newsletter-and-special-offers/?email=|EMAIL|&name=|FNAME| |LNAME|&meta_campaign_id name=*|CAMPAIGN_UID|*

After Mailchimp works it's magic the link can look like this: https://app.konsento.io/consent/public-review/newsletter-and-special-offers/?email=hello@konsento.io&name=Fredrik Burman&meta_campaign_id name=12353

It's a bit long, but let's break it down.

newsletter-and-special-offers is the agreement that you just created. You can get the full path by just clicking on the "share link" in the Konsento Agreement list.

?email=*|EMAIL|* You are pre-populating the consent form with the e-mail address of the individual.

&name=*|FNAME|* *|LNAME|* You are pre-populating the consent form with the name of the individual.

&meta_campaign_id=*|CAMPAIGN_UID|* You can add meta_data to the consent, in this case we will store a meta field called "campaign_id" in Konsento. This is a great way to link a user or any other important data in your system with Konsento, this will make it easy for you to search for given consents in Konsento. You can add however many meta fields you like, just make sure that they start with meta_.

You can make it even easier by adding a "consent now" button to your email

If you don't have a long agreement text it is better for you to add a consent now button, just create the consent link as described earlier and add &give_consent=true to it.

Full example: https://app.konsento.io/consent/public-review/newsletter-and-special-offers/?email=|EMAIL|&name=|FNAME| |LNAME|&meta_campaign_id name=|CAMPAIGN_UID|give_consent=true

When the user clicks the button they are accepting the information in your email, Konsento will record a consent and display a thank you page, which you can add a custom thank you message to.

Sounds good, what does it look like for the end-user?

The user is taken to a Konsento page that is branded with your logo, background image, header and tagline and can review the information that you present to them, i.e. the agreement.

Create Agreement Review

At the bottom they can select their options, and as you see the consent form is already populated

Create Agreement Review

The individual just clicks the "I'm not a robot" and then Accepts (or rejects) the consent. Konsento will record the consent and the available evidence such as IP address, browser version, timestamp.

You can then view a list of the given consents in the Konsento web portal:

Create Agreement List Web

Or even better, using our advanced consent API, checkout the API docs

A sample response from the Consent API

{
  "status": "ok",
  "data": {
    "consent_id": 1965,
    "created": 1525083799,
    "updated": 1525083799,
    "status": 2,
    "process": 0,
    "consent_given": "2018-04-30T10:23:19.163457Z",
    "consent_withdrawn": null,
    "name_of_individual": "Fredrik",
    "recipient_email_primary": "hello@konsento.io",
    "recipient_email_secondary": null,
    "meta_data": {"internal_id":"123551"},
    "options": {
      "1": "Yes, I am happy to receive emails",
      "4": "I would prefer not to receive calls"
    },
    "log": [
      {
        "id": 9282,
        "created": "2018-04-30T10:23:19.164393Z",
        "log": {
          "text": null,
          "actor": "hello@konsento.io",
          "action": "consent-given",
          "status": 2,
          "options": {
            "1": "Yes, I am happy to receive emails",
            "4": "I would prefer not to receive calls"
          },
          "evidence": {
            "actor": "hello@konsento.io",
            "hostname": "",
            "ip_address": "127.0.0.1",
            "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36"
          },
          "meta_data": {"internal_id":"123551"},
          "timestamp:": 1525083799.140959,
          "consent_given": 1525083799.163457,
          "consent_withdrawn": ""
        }
      }
    ],
    "agreement": {
      "id": 41,
      "name": "Newsletter and special offers",
      "valid_for_days": 730
    },
    "organisation": {
      "id": 217,
      "name": "Konsento Demo"
    }
  }
}



That's how easy it is to run a re-permission / re-consent campaign and make sure that you can still use your valuable email list after May 25th

You are more than welcome to contact us if you have any questions: support@konsento.io.



Author: Fredrik Burman, CEO Konsento.

Konsento helps photographers, associations, companies and sports clubs create and manage privacy notices, membership agreements, consents and keep a record of your personal data processing activities. Do you want to know how Konsento can help you? Contact fredrik@konsento.io

Get Started Today!

Ensure and manage GDPR compliance - the easy way

Get started now - Free Trial

Then plans starts at €9 / mo + a one-time setup fee