Peter Comeau
Share the love...

Archive Monthly Archives: May 2018

comply with gdpr

How To Comply With GDPR On Your Squeeze Page

In my last post here, I covered how to comply with the European regulations about General Data Protection on your blog.

In this post I’m going to look at how to comply with GDPR on your squeeze page or landing page.

Unlike the blog situation, if all you have is a squeeze page or landing page on a website, which may not even be your own (for example a Leadpages or Autoresponder site), then how to comply with GDPR has other ramifications.

As I’ve said before, I’m not legally entitled to give you advice on this and all I can do is sum up what I’ve read from people who have taken legal advice.

Obtaining consent to send people emails

Let’s look, first of all, at the difficult way and easiest way to obtain someone’s consent to send them emails.

A lot of people are playing safe by including a checkbox on their landing page that asks people to accept their Privacy Policy (and includes a link to a GDPR compliant Privacy Policy) before clicking the Submit button. (When I say ‘Submit button’ I’m talking about any button that someone has to click to submit their email address, no matter what text you use on that button).

Obviously this introduces further complications viz:

  1. It’s another obstacle to get over before people sign up (thus potentially reducing your opt-in conversion rate)
  2. It’s a complication to link the Submit button to the check box (in other words, how to you make the Submit button non-operational UNTIL the checkbox is ticked)

Note: you cannot show a ticked checkbox already. It has to be unticked and the user has to be able to tick it to give consent.

GetResponse has decided to comply with GDPR by providing the ability for you to include this checkbox when you use one of their landing page templates.

Use a ClickWrap method

The simpler way is to use what is called the ‘clickwrap’ method where you make the consent statement part of the clicking the Submit button process.

This is called ‘implied agreement’ because, simply by clicking the submit button, the user agrees to receive information from you.

Note: you have to tell the user what type of information they will receive from you in order to comply with GDPR on your squeeze page

This is a summation of the legal argument from the people at PageFair:

If a purpose is sufficiently specific and clear, individuals will know what to expect: the way data are processed will be predictable.’ The objective is to prevent ‘unanticipated use of personal data by the controller or by third parties and in loss of data subject control [of these personal data]

Basically, what you ask people to sign up for has to be specific, transparent, and predictable. People have to know what they’re signing up for — and sign up anyway.

Someone might not expect, for example, if they sign up for a free PDF to start getting daily emails and promotions from you.

Now the legal eagles amongst you might say this is skating on thin ice, and I’d agree with them.

But, consider this…

…the main thrust of GDPR is:

a) to protect the individual’s rights to the use of their personal data

b) to enable them to withdraw those rights at any time

c) to enable them to delete personal data you may hold about them at any time

If all you’re doing, on a squeeze page or landing page, is collecting someone’s email address (and, perhaps, their name) then you make it simple for them to withdraw their consent and delete personal data by allowing them to unsubscribe at the bottom of every email message you send.

This is what Aweber, who are sticklers for email compliance, have to say about this:

Another rumor floating around is that you need to add checkboxes to your signup forms in order to be GDPR compliant. Some are even calling these “GDPR-friendly signup forms.”

This is false. Checkboxes are not required, and are completely optional.

Nowhere in the GDPR does it state that you need to add checkboxes to your signup forms.

What it does say, however, is that you need to clearly communicate how you will be processing subscribers’ personal data, whether using a descriptive sentence or two, or using a checkbox, if you so choose.

Remember: you’re not a big company collecting personal data which may or may not be passed on to marketing departments or third parties to use. You’re just collecting an email address to send out useful information.

So, as long as you tell the person who is signing up what they can expect from you, there is implied consent when they hit the submit button. So here’s what I’m putting on my opt-in pages and pop-up forms:

Yes, I want to receive Peter’s incredible free resources, offers and training messages

And if you want to make doubly sure you have their consent, here’s what to do…

Single or Double Opt-in

One way to ensure that you have people’s consent to receive marketing messages from you is to enable double opt-in for subscribers.

When they opt-in to your list the first email they will receive in the Inbox is a message requesting confirmation that they want to receive information from you.

Here’s a sample from Aweber:


This is the standard Aweber text. However, it doesn’t give more explicit information about what the new subscriber is about to receive.

Here’s a more informative confirmation as suggested by YourWriterPlatform:

You’ll see that Kimberley is much more explicit about what the subscriber is going to receive. You don’t have to do this but it may help if someone ever challenges the consent they have given for you to send them information in your messages.

If you want to play safe, double opt-in is the way to do it.

How about single opt-in?

For the moment I’m sticking with single opt-in.


Because I’ve found that, with double opt-in, a lot of gmail users (and there are a LOT of gmail addresses used for opt-ins) don’t receive the confirmation email because it lands under their Promotions tab and they may not see it.

So, I’m keeping to single opt-in and skating the legal thin ice by covering myself with the implied consent on the squeeze page coupled to the stats that I have about my subscribers.

Both Aweber and GetResponse are fully GDPR compliant in the way they handle subscribers data, meaning that you can easily see the date a subscriber signed up and the form they used. This enables you to confirm that a subscriber did, indeed, consent to receiving your emails should there be any disagreement.

In your email messages

I strongly suggest that you use similar wording to mine in a footer in all your email messages.

Here’s mine and feel free to copy it and reword it for your own needs:

Reminder: This is NOT unsolicited mail

You are getting messages from me because you requested information about one of my educational videos or training products. As always with non-spam newsletters, you are free to unsubscribe at any time and you and your personal data will be removed from this list. There is a link to use at the bottom of this e-mail.

That would be a shame as you will no longer get free updates, tips and news from me if you decide to leave. And, as a subscriber, you can always reply to this email (yes, I’m a real person) whenever you need help.

I also include links, above this, to my Facebook page, Skype address and Blog page – the latter is especially useful as it contains my Privacy Policy and I tell people that, like this:

Add me on Facebook:

Contact me on Skype: petercomeau

Website and Privacy Policy:

By adding these to the footer of all your emails in your autoresponder (and I suggest you set up a Template to automate this) you are covering yourself against Spam and GDPR complaints with every message you send.



How To Comply With GDPR On Your Blog

What is the GDPR policy and how to comply with GDPR on your blog?

GDPR stands for General Data Protection Regulation. It is legislation to protect the privacy of EU citizens, particularly with regard to the way personal data is collected and stored. In this article I’m going to show you how to comply with GDPR on your WordPress blog.

If you have visitors to your websites or squeeze pages from EU countries then there are things that you need to do to comply with the requirements of GDPR before 25 May 2018.

Now don’t panic!

If you are just collecting email addresses and building a list in an autoresponder then a simple consent statement on your opt-in pages and in the footer of your emails may be all you need.

Some people are recommending using a check box and statement on squeeze pages but this makes the whole process very cumbersome and may not be entirely necessary. I’m not legally entitled to advise you on this but I can refer you to this legal argument that indicates that it isn’t, strictly, required here:

do my signup forms need a consent checkbox - how to comply with GDPR

The other method, and this is implicitly the correct way to obtain someone’s consent, is to use double opt-in. Remember that, if you do this, you can’t withhold whatever it is that the subscriber has signed up for even if they don’t consent.

So you should always take people to your download page whether or not they consent to receive messages from you. Again, it’s a messy way of doing things and I’m personally not doing this but sticking with single opt-in.

For more information on GDPR compliance on squeeze pages, I’ve gone into it in more depth here:

comply with gdpr

Now, if you have a blog and you’re collecting email addresses there, whether it’s on a contact form, using squeeze pages, pop-ups and so forth, or even in comments, then you need to update your privacy policy.

And if you’re using cookies at all, and remember that Facebook Pixels, Google Analytics and other trackers do place cookies, or if you are running affiliate promotions, then you need a cookie statement too.

That’s a little bit more complicated, which is why I’m showing you how to comply with GDPR in this video:


Watch the video to see how you can use a couple of free plugins for WordPress blogs that will give you GDPR compliance for personal, I.e, non-commerce, WordPress blogs.

Hope you find this useful

Read more about GDPR compliance on your squeeze pages here: how-to-comply-with-gdpr-on-your-squeeze-page/

You may also want to upgrade your WordPress blog to https:// – see how to do that here