How to Make your Promotions Fully GDPR Compliant: Examples

Randi Jensen
Randi Jensen
The GDPR is coming! Many companies and marketers have nightmares about the new General Data Protection Regulation from the European Union that will be applied from May 25, 2018. But really, it's not that scary. The key is that it has to be clear to the users what their data will be used for. It is no longer valid to hide it in long legal texts that nobody reads nor understands, and neither is it valid to do the negative opt-out checkbox.

In Easypromos we’re ready for the GDPR. As part of the process, we have prepared and offer several tools that will help you make your promotions GDPR compliant. Keep reading to learn about good practices and useful advice.

Regarding consent, the GDPR says:

…the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

This means, that when you collect data through our app-based promotions, you need to make it clear to the users who the company behind is and what the data will be used for. And you need to ask for explicit consent to process this data.

Easypromos offers several ways of doing this:

  • Disclaimer field which is displayed underneath the entry form that you can use to show the users a short summary of your privacy policy or to highlight the most important aspects of your data collecting, for example what you will use specific data or content for. For example photos/videos/written content. This doesn’t exclude the need for a Privacy Policy and Terms and Conditions.
  • Space to insert Privacy Policy which automatically places an accept checkbox with link to the policy in the entry form. Remember, your Privacy Policy should be easy to understand. Long and complicated legal texts are no longer valid.
  • Option of inserting an opt-in checkbox for example to ask for consent to send commercial communication with the possibility of enabling double opt-in via email. The double opt-in is not obligatory but recommended. Easypromos saves the opt-in information.

It’s also recommended that you ask for explicit consent to each type of communication you want to send to the users: commercial emails, monthly newsletter, SMS, ordinary post etc. meaning one checkbox for each type with the explanation of what it involves.

If in the future you would like to also send SMS to your user list but only have consent to send emails, then you should ask for explicit consent to send SMS. It’s not only necessary to be transparent when collecting the data but throughout the whole relationship.

Other tips to making your promotions GDPR compliant

Now we’ve seen an example of how to ask for consent from your users. Here are some things that are no longer permitted with the application of the new regulation:

  • Only ask for data that you need. Excessive or unnecessary data collected can constitute a breach of the GDPR.
  • It can not be mandatory to opt-in to receive commercial communications.
  • It can not be mandatory to consent to data being shared with third-party.
  • “Opt-out consent” is not legal: Tick the box if you don’t want to receive emails.
  • The consent checkboxes can not be ticked by default.

This new data regulation applies to all companies based in the EU and companies from outside the EU that collect and process data from users in the EU.

If you have any questions, apart from this information, to how to make your promotions GDPR compliant, you can contact us at any time.