In May 2018, The European Union (EU) is instituting a new privacy law that will affect businesses that use personal data of EU citizens (even organizations outside the EU). This is called the General Data Protection Regulation (GDPR).
GDPR introduces new regulation that may affect Privy users.
- The Privy platform will allow users, even those on the free plan, to handle email opt-ins in a GDPR compliant manner. When it comes to email submissions and GDPR, Privy collects the opt-in time stamp, IP address and campaign of each of your contacts who register through a Privy powered form. If you need to respond to an individual’s deletion request, we also make it incredibly quick and easy for you to access that customer’s data in your Privy account, and if requested, delete it with the click of a button.
- GDPR is centered around processing, storing, using, transmitting and deleting personal information of EU citizens.
- If consent is the basis for processing, the regulation requires that EU citizens take an affirmative action to explicitly consent to the specific use of their information.
- If a customer of yours asks, you will need to be able to share with them the personal information you have stored, and be ready to delete that information in a timely manner.
How Privy helps you achieve GDPR compliance
Any visitor to your site who is presented with a Privy form, can only submit their personal information by intentionally taking the action of typing in their information and submitting the form. We suggest you use our new GDPR friendly templates, which include consent text next to the form submission buttons.
Additionally, we store each of your contact's permission data as soon as they submit their information on your form. This includes the Privy campaign they registered for, the timestamp of the moment they opted in to your list, as well as the IP address of the device used at the time of opt-in.
Furthermore, if a customer of yours reaches out to you under GDPR guidelines and requests that you delete their information, we make it very easy for you to do so, by deleting their record from your account, and thus, the Privy database.
Additional recommended actions
All Privy forms are capable of properly handling opt-ins, timestamps, and storage of data in a compliant manner, when used in conjunction with the following suggestions. We recommend that on your Privy forms you also state that by registering for your form, the contact agrees and understands that you will do any of the following:
- Store their contact info in your marketing database
- Send them marketing emails
- Track interactions with your website for your marketing campaigns
Additionally, we suggest you include a check-the-box in the space allotted so the contact can explicitly and affirmatively consent to the collection and uses of their personal data as described above.
This article is provided as a resource to help you understand what Privy has done to assist its customers in their efforts to ensure GDPR compliance. This is not legal advice, and abuse or use of the Privy platform other than as described herein can still lead to non-compliance with respect to GDPR. We suggest all customers seek legal advice with respect to their obligations as data controllers under the GDPR.
Looking for the Privy Data Processing Addendum? Click here.