How to Make your Promotions Fully GDPR Compliant: Examples

Randi Jensen
Randi Jensen
For many companies and agencies, complying with the EU's General Data Protection Regulation (GDPR) is the stuff of nightmares. But is it really that bad? The key is to be crystal clear on how users' data will be used. Practices like hiding information in lengthy legal texts that nobody reads or understands, negative opt-outs, or asking to check a box if they do NOT want to receive information are no longer acceptable. Learn about these issues and everything you need to know when collecting data through promotions.

In Easypromos we’re GDPR compliant. As part of the process, we have prepared and offer several tools that will help you make your promotions GDPR compliant. Keep reading to learn about good practices and useful advice.

Regarding consent, the GDPR states:

…the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

This means, that when you collect data through our app-based promotions, you need to make it clear to the users who the company behind is and what the data will be used for. And you need to ask for explicit consent to process this data.

Easypromos offers several ways of doing this:

  • Disclaimer field which is displayed underneath the entry form that you can use to show the users a short summary of your privacy policy or to highlight the most important aspects of your data collecting, for example what you will use specific data or content for. E.g. photos/videos/written content. This doesn’t exclude the need for a Privacy Policy and Terms and Conditions.
  • Our apps provide a space to insert the Privacy Policy that, when filled out, automatically generates an acceptance checkbox with a link to the policy. This checkbox appears in the registration form. It is crucial that the privacy policy is clear and easy to understand. Long and complicated legal texts are no longer valid.
  • Option of inserting an opt-in checkbox for example to ask for consent to send commercial communication with the possibility of enabling double opt-in via email. The double opt-in is not obligatory but recommended. Easypromos saves the opt-in information.
Example of GDPR compliant promotion

It’s also recommended that you ask for explicit consent to each type of communication you want to send to the users: commercial emails, monthly newsletter, SMS, ordinary post etc. meaning one checkbox for each type with the explanation of what it involves.

If in the future you would like to also send SMS to your user list but only have consent to send emails, then you should ask for explicit consent to send SMS. It’s not only necessary to be transparent when collecting the data but throughout the whole relationship.

Other tips to make your promotions GDPR compliant

Now we’ve covered how to ask for consent from your users. Here are some things that are not allowed under GDPR regulation:

  • Only ask for data that you need. Excessive or unnecessary data collection can constitute a breach of the GDPR.
  • Opt-in to receive commercial communications cannot be mandatory.
  • It can not be mandatory to consent to data being shared with a third-party.
  • “Opt-out consent” is not legal: Tick the box if you don’t want to receive emails.
  • The consent checkboxes can not be ticked by default.

This new data regulation applies to all companies based in the EU and companies from outside the EU that collect and process data from users in the EU.

If you have any questions, apart from this information, to how to make your promotions GDPR compliant, you can contact us at any time.

Request a demo