The countdown is on: the new EU basic data protection regulation goes into effect on May 25th!
Note: Please note that we cannot provide general legal advice and can only make recommendations.
FAQ 1: What requirements do newsletter registration forms have to meet to be GDPR-compliant?
Good news – no changes here! The registration form must fulfill the same requirements as before GDPR. A check list of the most important things:
- exact description of what the person concerned agrees to (i.e. exact type and purpose of data collection)
- right of withdrawal and storage time of data
- Consent must be voluntary and explicit and not linked to any other benefits
- The consent with the respective text must be saved and displayed in the form as well as in the Double-Opt-In mail – this also has to be recorded (when you’re using a CleverReach form, CleverReach records all subscription data)
- Data economy: Only the email address may be entered as mandatory information (at least for the newsletter form).
- Exact, transparent and easy-to-understand explanation of what happens to the data (where they are stored, that CleverReach has been commissioned as a service provider and an agreement on order data processing exists)
- The exact purpose and type of data collection
- right of withdrawal
- Storage time and location
- any tracking measures, if opens/clicks are evaluated in a personalized way. The person concerned must know that their open and click behavior is tracked (if used)
Right to obtain information on data and deleting/blocking
We recommend contacting your legal advisor for further information.
Hard facts about GDPR, explained by an expert, can also be found as a (video) interview with our Chief Legal Officer Konrad Frerichs.