In my last post here, I covered how to comply with the European regulations about General Data Protection on your blog.
Unlike the blog situation, if all you have is a squeeze page or landing page on a website, which may not even be your own (for example a Leadpages or Autoresponder site), then how to comply with GDPR has other ramifications.
As I’ve said before, I’m not legally entitled to give you advice on this and all I can do is sum up what I’ve read from people who have taken legal advice.
Let’s look, first of all, at the difficult way and easiest way to obtain someone’s consent to send them emails.
Obviously this introduces further complications viz:
Note: you cannot show a ticked checkbox already. It has to be unticked and the user has to be able to tick it to give consent.
GetResponse has decided to comply with GDPR by providing the ability for you to include this checkbox when you use one of their landing page templates.
The simpler way is to use what is called the ‘clickwrap’ method where you make the consent statement part of the clicking the Submit button process.
This is called ‘implied agreement’ because, simply by clicking the submit button, the user agrees to receive information from you.
Note: you have to tell the user what type of information they will receive from you in order to comply with GDPR on your squeeze page
This is a summation of the legal argument from the people at PageFair:
If a purpose is sufficiently specific and clear, individuals will know what to expect: the way data are processed will be predictable.’ The objective is to prevent ‘unanticipated use of personal data by the controller or by third parties and in loss of data subject control [of these personal data]
Basically, what you ask people to sign up for has to be specific, transparent, and predictable. People have to know what they’re signing up for — and sign up anyway.
Someone might not expect, for example, if they sign up for a free PDF to start getting daily emails and promotions from you.
Now the legal eagles amongst you might say this is skating on thin ice, and I’d agree with them.
But, consider this…
…the main thrust of GDPR is:
a) to protect the individual’s rights to the use of their personal data
b) to enable them to withdraw those rights at any time
c) to enable them to delete personal data you may hold about them at any time
If all you’re doing, on a squeeze page or landing page, is collecting someone’s email address (and, perhaps, their name) then you make it simple for them to withdraw their consent and delete personal data by allowing them to unsubscribe at the bottom of every email message you send.
This is what Aweber, who are sticklers for email compliance, have to say about this:
Another rumor floating around is that you need to add checkboxes to your signup forms in order to be GDPR compliant. Some are even calling these “GDPR-friendly signup forms.”
This is false. Checkboxes are not required, and are completely optional.
Nowhere in the GDPR does it state that you need to add checkboxes to your signup forms.
What it does say, however, is that you need to clearly communicate how you will be processing subscribers’ personal data, whether using a descriptive sentence or two, or using a checkbox, if you so choose.
Remember: you’re not a big company collecting personal data which may or may not be passed on to marketing departments or third parties to use. You’re just collecting an email address to send out useful information.
So, as long as you tell the person who is signing up what they can expect from you, there is implied consent when they hit the submit button. So here’s what I’m putting on my opt-in pages and pop-up forms:
Yes, I want to receive Peter’s incredible free resources, offers and training messages
And if you want to make doubly sure you have their consent, here’s what to do…
One way to ensure that you have people’s consent to receive marketing messages from you is to enable double opt-in for subscribers.
When they opt-in to your list the first email they will receive in the Inbox is a message requesting confirmation that they want to receive information from you.
Here’s a sample from Aweber:
This is the standard Aweber text. However, it doesn’t give more explicit information about what the new subscriber is about to receive.
Here’s a more informative confirmation as suggested by YourWriterPlatform:
You’ll see that Kimberley is much more explicit about what the subscriber is going to receive. You don’t have to do this but it may help if someone ever challenges the consent they have given for you to send them information in your messages.
If you want to play safe, double opt-in is the way to do it.
For the moment I’m sticking with single opt-in.
Because I’ve found that, with double opt-in, a lot of gmail users (and there are a LOT of gmail addresses used for opt-ins) don’t receive the confirmation email because it lands under their Promotions tab and they may not see it.
So, I’m keeping to single opt-in and skating the legal thin ice by covering myself with the implied consent on the squeeze page coupled to the stats that I have about my subscribers.
Both Aweber and GetResponse are fully GDPR compliant in the way they handle subscribers data, meaning that you can easily see the date a subscriber signed up and the form they used. This enables you to confirm that a subscriber did, indeed, consent to receiving your emails should there be any disagreement.
I strongly suggest that you use similar wording to mine in a footer in all your email messages.
Here’s mine and feel free to copy it and reword it for your own needs:
Reminder: This is NOT unsolicited mail
You are getting messages from me because you requested information about one of my educational videos or training products. As always with non-spam newsletters, you are free to unsubscribe at any time and you and your personal data will be removed from this list. There is a link to use at the bottom of this e-mail.
That would be a shame as you will no longer get free updates, tips and news from me if you decide to leave. And, as a subscriber, you can always reply to this email (yes, I’m a real person) whenever you need help.
Add me on Facebook: https://facebook.com/peterjcomeau
Contact me on Skype: petercomeau
By adding these to the footer of all your emails in your autoresponder (and I suggest you set up a Template to automate this) you are covering yourself against Spam and GDPR complaints with every message you send.
GDPR stands for General Data Protection Regulation. It is legislation to protect the privacy of EU citizens, particularly with regard to the way personal data is collected and stored. In this article I’m going to show you how to comply with GDPR on your WordPress blog.
If you have visitors to your websites or squeeze pages from EU countries then there are things that you need to do to comply with the requirements of GDPR before 25 May 2018.
Now don’t panic!
If you are just collecting email addresses and building a list in an autoresponder then a simple consent statement on your opt-in pages and in the footer of your emails may be all you need.
Some people are recommending using a check box and statement on squeeze pages but this makes the whole process very cumbersome and may not be entirely necessary. I’m not legally entitled to advise you on this but I can refer you to this legal argument that indicates that it isn’t, strictly, required here:
The other method, and this is implicitly the correct way to obtain someone’s consent, is to use double opt-in. Remember that, if you do this, you can’t withhold whatever it is that the subscriber has signed up for even if they don’t consent.
So you should always take people to your download page whether or not they consent to receive messages from you. Again, it’s a messy way of doing things and I’m personally not doing this but sticking with single opt-in.
For more information on GDPR compliance on squeeze pages, I’ve gone into it in more depth here:
And if you’re using cookies at all, and remember that Facebook Pixels, Google Analytics and other trackers do place cookies, or if you are running affiliate promotions, then you need a cookie statement too.
That’s a little bit more complicated, which is why I’m showing you how to comply with GDPR in this video:
Watch the video to see how you can use a couple of free plugins for WordPress blogs that will give you GDPR compliance for personal, I.e, non-commerce, WordPress blogs.
Hope you find this useful
Read more about GDPR compliance on your squeeze pages here: how-to-comply-with-gdpr-on-your-squeeze-page/
You may also want to upgrade your WordPress blog to https:// – see how to do that here