Below we have listed the most frequently asked questions and answers on the new general data protection regulation.
Please note:
We do not provide general legal advice and can only recommendations for which we assume no liability.
We recommend consulting your legal advisor on this topic, since you are responsible for acting in accordance with GDPR.
Question: What does a newsletter registration form have to contain in the future to be GDPR-compliant?
A registration form must meet the following requirements (as with current case law):
a) exact description of what the person concerned agrees to (i.e. exact type and purpose of data collection)
b) right of withdrawal and storage time of data
c) Consent must be voluntary and explicit and not linked to any other benefits
d) The privacy policy must be confirmed to ensure the person concerned has noticed it.
e)The consent with the respective text must be saved and displayed in the form as well as in the Double-Opt-In mail - this also has to be recorded (when you’re using a CleverReach form, CleverReach records all subscription data)
f) Data economy: Only the email address may be entered as mandatory information (at least for the newsletter form).
Question: Does a link with the data protection declaration have to be displayed in the form and/or actively confirmed via a tick?
Yes (see point d) of the previous question).
Question: What exactly does the privacy policy have to say…. is there a model version?
This is hard to generalize, as each customer has different requirements. Accordingly, we cannot provide standard texts. From our point of view, however, the following information should be part of the declaration:
a) Exact, transparent and easy-to-understand explanation of what happens to the data (where they are stored, that CleverReach has been commissioned as a service provider and an agreement on order data processing exists)
b) The exact purpose and type of data collection
c) right of withdrawal
d) Storage time and location
e) any tracking measures, if opens/clicks are evaluated in a personalized way. The person concerned must know that their open and click behavior is tracked (if used)
f) Right to obtain information on data and deleting/blocking
Question: Since we use your tracking functions - do we have to mention this already in the registration form or is this sufficient in the data protection declarations?
From our point of view, it is sufficient to refer to this in the data protection declaration.
Insurance through your legal advisor is recommended.
Please note that we do not provide general legal advice and can only make recommendations for which we assume no liability.
We recommend consulting your legal advisor on this topic, since you are responsible for acting in accordance with GDPR.
Any questions? Submit inquiry