Workflow is the secret to GDPR consent management compliance, not double opt-in

workflow-gdpr-consent-management-complianceThe General Data Protection Regulation (GDPR) has been enforceable for several weeks now. Leading up to its May 25 deadline, many marketers were (and still are) evaluating their consent capture and tracking methods, ensuring it was up to par with this new regulation. Where many fall short of compliance is by relying on double opt-in methods. Let us first state this: The information a double opt-in collects on its own is not enough to prove consent. When a user opts-in to your company’s newsletter by filling out a form, the link to complete the sign-up in the confirmation email does not provide the information needed to prove consent under the GDPR.

Double opt-in can be good for email list health, but you need comprehensive consent management workflows to ensure GDPR compliance. (HINT: It starts before a confirmation email.)

We’ve discussed how a consent management workflow tool is what your business needs in order to be compliant with the GDPR. The goal of double opt-in is to maintain a healthy list of active email subscribers and reduce graymail. Double opt-in simply confirms the correct email address for a user’s subscription to your service(s), it doesn’t track a user (or data subject’s) consent preferences, what version of a privacy policy they’ve accepted, or how any of it was presented. Take a look at MailChimp’s depiction of what a double opt-in is below:

As depicted in the graphic, double opt-in confirms a subscription, not a user’s privacy consent preferences. Article 7 of the GDPR covers more than tracking initial consent (a subscription or sign up)—it’s also about tracking revoked consent. What the GDPR requires is that a business provide proof that a user opted into your services—and also when a user opts out. Relying solely on double opt-in for consent does not record the latter, which puts your business at risk of non-compliance.

A true consent management tool tracks the entire journey of your users' consent with your services.

A consent management tool automatically tracks the entire journey of your user’s consent with your services: opt-in, opt-out, and preferences on notifications and alerts. Currently, many businesses manage all of these preferences and activities manually, if at all. The GDPR requires that a business provide an area—or portal—for users to update their consent preferences. While many organizations are building these “portals” in house, they are falling short on the tracking component.

To remain GDPR compliant, make sure your users' consent preferences are updated across all of your platforms—You need workflow.

Not only do businesses need to track user consent preferences, but they need to automate workflows to update those preferences across all of their platforms. Meaning, their CRM, segmented email lists, etc. For example, if a user updates their email preferences to only receive certain updates (mind you, you also need a dedicated area for a user to do this), how are you making sure those preferences are also updated in your CRM? A consent management workflow tool makes this process a single, fluid step. It marries the portal for a user’s preferences with all integrated tools, like your CRM, so these preferences are immediately updated everywhere and you have a database with all of this information tracked and easily accessible.

Not sure if you have a consent workflow set up? We can help.

Reach out to us today for a free consultation on if your consent management workflow is in line with the new GDPR. You can also check out our GDPR consent management survival guide infographic.

 PactSafe for Email Marketing Opt-in

Don’t miss out!

Want the latest news, tips and best practices for high-velocity acceptance? Subscribe to our newsletter.