This article is for email marketers using consent as a lawful basis for processing personal data under the General Data Protection Regulation (GDPR). Learn about consent requirements and how you can update Smarketly forms with checkboxes to require GDPR-friendly consent.
The General Data Protection Regulation
Under the General Data Protection Regulation, an organization must be able to justify each type of data processing activity it conducts, using one of six lawful bases of processing.
In email marketing, which involves the processing of contacts’ personal data (such as email address and name), consent often makes sense as the lawful basis used to justify data processing.
Organizations using consent as a lawful basis for data processing need to be able to prove consent was freely given, and be prepared to share a record of consent with regulators, if asked. Additionally, data subjects must be able to withdraw consent at any time.
Legal Disclaimer: The information in this guide does not constitute legal advice. This is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.
Lawful consent under the GDPR needs to be both informed and explicit.
Organizations have an obligation to present information about their data processing “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.”
- An individual must have the opportunity to make an actual choice to provide consent. For example, a pre-checked checkbox on a form does not qualify as consent under the GDPR, because it removes the affirmative action of giving consent. Individuals must check the box themselves to provide proper consent.
- The choice to provide consent must be clearly distinguishable and separate from other initiatives. This means individuals can’t be required to give consent as a condition for receiving a resource, product, or service.
You can obtain GDPR-friendly consent from contacts by using the Checkbox element in a form that contacts must check in order to provide consent.
Consent Forms Using Checkboxes
You can use checkboxes in a lead capture form on your website to get consent from new leads.
Your GDPR-friendly lead capture form should:
- Provide a clear explanation of what information a contact can expect to receive by submitting your form.
- Provide a checkbox to get consent for each business activity you employ that involves the processing of personal data. (Remember that each activity must be clearly distinguishable and requires separate consent.)
Here’s a standard example of a lead capture form that obtains consent through the use of checkboxes:
Note: You can use this example as a starting point for your own consent form, but you should consult with your legal team regarding the exact language it uses.
The Checkbox Element
In Smarketly, checkboxes on a form are represented by the Checkbox element. In the Drag & Drop Builder, you will have to add a new form to your page before you can add a checkbox to it.
Then, drag-and-drop the Checkbox element into the relevant position on your form, duplicate it, customize the texts you'll use for each checkbox option and mark the checkbox fields as required.
Click “Next” in the top right-hand corner to finish.
Use a Cookie Notification Bar When Driving Paid Traffic
You should display a prominent message when a landing page loads for the first time, informing your users what actions they can take to consent to your using of cookies.
Here’s a guide by Facebook on cookies, consent, and more. You should definitely give it a read.
In case you’re looking for a tool to use to show a cookie consent notification, look no further, this one is free.