Differentiating between GDPR relevant contacts and non-GDPR relevant contacts

SOLVE
Highlighted
Occasional Contributor

Hi there,

 

I like to bring a global website to live and differentiate between web visitors from GDPR relvant countries and those that do not fall under GDPR.

My idea is to work with smart rules and to display two different kind of forms depending on the country of IP address. I want to avoid setting up every page twice and to differentiate by pages.

 

I am not sure what will happen if i turn on the GDPR toggle and enable it for all pages. Will that also lead to sending out double-opt-in emails after somebody has submitted a form that does not contain any GDRP relevant "notice and consent" field?

 

HubSpot supports answer to this is: if I turn on the GDPR toggle the double-opt-in email will be send out as a response to every single form submission, regardless if the form contains a GDPR "notice and consent" field or not. Is this really true?

 

How did you differentiate between different authorities and data protection regulations?

 

Thanks!

 

Holger

Reply
0 Upvotes
1 Accepted solution

Accepted Solutions
Top Contributor | Platinum Partner

Hi @Holger_Z ,

 

Before activating the GDPR toggle including double opt-in email, I would advice you first to get a legal basis and consent from your existing contacts. So the double opt-in would be less of a bother to them.

 

What we generally advise is:

1. First check the contacts that already have a legal basis for processing their data (which can be the value 'not applicable' in the case of contacts from non-GDPR countries). 

2. Then check the status of subscriptions of your existing contacts. Who has opted in to what and who has not?

3. Make sure you get a consent and opt-in from your existing contacts without subscriptions and/or legal basis. For example by sending a consent email. 

4. Decide what you want to do with contacts that did not opt-in. General advise: delete from the account. Our experience tells us that 10% of your contacts will remain if your consent email is setup right. In this email you could prepare your recipients that they will receive a double opt-in email later on.

5. After cleaning up the account, make sure you set GDPR options like you want them to (cookie banner, GDPR field in forms, etc). You could consider enabling the cookie banner and double opt-in for specific pages only, that would probably make it easier to control the different audiences.

 

I think it's really wise to differentiate pages for visitors between countries based on IP. For leads I would do the same, but then use the Legal basis property for it. In that way you make sure every contact in the account has a value for Legal basis. You can use 'Not applicable' for contacts outside the GDPR countries.

Community - Legal basis property.png

 

You could set this in a workflow as well for your exisiting contacts Smiley Happy

 

It's probably not aswering your question for 100%, but I hope my answer helps you to figure your issue out!

 

 

Best,

 

Nynke

Did my post help answer your query? Help the Community by marking it as a solution
1 Reply 1
Top Contributor | Platinum Partner

Hi @Holger_Z ,

 

Before activating the GDPR toggle including double opt-in email, I would advice you first to get a legal basis and consent from your existing contacts. So the double opt-in would be less of a bother to them.

 

What we generally advise is:

1. First check the contacts that already have a legal basis for processing their data (which can be the value 'not applicable' in the case of contacts from non-GDPR countries). 

2. Then check the status of subscriptions of your existing contacts. Who has opted in to what and who has not?

3. Make sure you get a consent and opt-in from your existing contacts without subscriptions and/or legal basis. For example by sending a consent email. 

4. Decide what you want to do with contacts that did not opt-in. General advise: delete from the account. Our experience tells us that 10% of your contacts will remain if your consent email is setup right. In this email you could prepare your recipients that they will receive a double opt-in email later on.

5. After cleaning up the account, make sure you set GDPR options like you want them to (cookie banner, GDPR field in forms, etc). You could consider enabling the cookie banner and double opt-in for specific pages only, that would probably make it easier to control the different audiences.

 

I think it's really wise to differentiate pages for visitors between countries based on IP. For leads I would do the same, but then use the Legal basis property for it. In that way you make sure every contact in the account has a value for Legal basis. You can use 'Not applicable' for contacts outside the GDPR countries.

Community - Legal basis property.png

 

You could set this in a workflow as well for your exisiting contacts Smiley Happy

 

It's probably not aswering your question for 100%, but I hope my answer helps you to figure your issue out!

 

 

Best,

 

Nynke

Did my post help answer your query? Help the Community by marking it as a solution