Feb 27, 2018 5:55 PM
Is there a recommendation for best-practice to get consent from contacts that we already have in the system? Is it mandatory to ask everyone to consent going forward even if they gave their info in the past?
If it is mandatory to get people to re-consent under GDPR, and since open rate for emails is not very high, how do you prevent losing a big chunk of the contact list?
Mar 12, 2018 7:38 AM - edited Mar 12, 2018 7:39 AM
Here my interpretation of Art. 5 which says: "Personal data shall be: processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); [...]" and Art. 6 explains that as:
(1)Processing shall be lawful only if and to the extent that at least one of the following applies:
That means existing data only may be used if one of the consents mentioned above has already taken place. It must be an active Opt-In (not neccessarily a Double Opt-In as long as you have the proof that the consent checkbox has been marked and a timestamp which Hubspot does provide). Silence, already ticked boxes and inactivity of the data subject do not constitute effective consent. A pure "opt-out solution", as many companies strive for, is therefore by no means sufficient.
btw: see it as quality > quantity improvement.
Mar 12, 2018 12:13 PM - edited Apr 25, 2018 11:12 AM
That's the tricky part. I had a conversation with our DPO and propably we will make it that way: We will send an email to inform that we store personal data that we garthered at (we name the specific) source. Being a responsible company we would like to inform and give the chance to give consent, change data or request delete. I guess that 99% of the people don't give a f**k and don't respond. If they don't, it's an opt-out which is fine.
Contacts with performance of a contract or when we have a legal obligation have been sorted out. That's by far the majority in our case. They have to opt-in for marketing mailing but we have legal obligations to store certain data (e.g. tax regulations).
* edited *
Mar 22, 2018 1:32 PM
HubSpot has released its GDPR product roadmap. Find out more here:
|Did my post help answer your query? Help the Community by marking it as a solution|
Mar 28, 2018 8:45 AM - edited Mar 28, 2018 8:47 AM
@PracticalNet is there any personal data on those accounts or just the info@ address?
Art. 1 GDPR Subject-matter and objectives
Art. 4 GDPR Definitions
For the purposes of this Regulation:
Mar 28, 2018 9:05 AM
No personal data, thats why we chose this as the first line of communication. Also we dont understand why we need an opt out button if we email info@ or sales@ because it is a freely given email address from their website. What we dont really get is the PECR view of all this
Mar 28, 2018 9:08 AM
Be careful not to mix up GDPR and Anti-Spam regulations. As a sender, you are obligated in most countries of the world to give the recipients the possibility to opt out from your mailing lists at no cost, easily, and in each advertising email.
Mar 28, 2018 10:08 AM
If they didn't opt-in it's spam.
If natural persons didn't give consent it's data protection violation. Be careful: legitimate interests as mentioned in Art. 5 and in Recital 47 doesn't mean that you can cold-spam someone.
They Facebook story right now didn't help either. Everyone gets more sensible and with GDPR people get legal power. Personally I like that. Go more for inbound marketing. 😉
Apr 25, 2018 10:54 AM
As I understand it, sending an email asking them to OPT-OUT is NOT legal. You have to ask them to opt-in. You need proof (documentation) that they opted in to receive emails from you about topics other than the one they originally completed a form for (such as blog or download ebook).
Yes you'll probably lose 80% of your list. The people who don't open your emails.
Apr 25, 2018 11:20 AM
yes you are right. I after reading my oldest post I get your point. It was a bit confusing and I edited it. Thanks.