Articles on: Compliance

How to set up GDPR Compliant

The GDPR is a regulation that mandates enterprises to protect EU citizens' personal data and privacy when conducting business within the EU. Noncompliance could cost businesses a lot of money. Here's everything you need to know about GDPR when using AVADA Marketing Automation.

What is GDPR

The General Data Protection Regulation (GDPR) was passed by the European Commission in 2016 and took effect on May 25, 2018. By implementing restrictions around personal data, it aims to guarantee the privacy of all EU citizens, especially when those people interact with companies situated outside of the EU.

GDPR compliant signup forms are essential because GDPR requires informed and freely provided consent before sending marketing emails to a contact. The GDPR will also make it easier for multinational companies to comply with regulatory standards, which were previously complicated by the fact that separate sets of laws applied to different EU countries.

It's critical that you understand how the GDPR will affect you and what you'll need to do to prepare.

Essentials of GDPR for eCommerce

The GDPR applies to every business that processes personal data of EU citizens or residents, from Facebook to your online store.

If you've ever collected a European person's email address, name, phone number, or other personal information, or plan to do so in the future, then you need to comply with the GDPR. Here are the essentials of GDPR for eCommerce businesses.

Provide protection over the user's personal data

If a user agrees to you keeping and processing their personal data (for example, through targeted marketing or advertising communications), you must ensure that the information is sufficiently protected. When it comes to the definition of "personal data," the GDPR is very broad: any data that can be used alone or in conjunction to link to or point to a person.

This includes your visitor's:
Email address
Physical address
IP address
Demographic data (location, age, etc.)

Businesses are required under the GDPR to designate a Data Protection Officer (DPO), who is responsible for making sure that personal data is kept secure.

It simply indicates that DPOs are required for organizations that process vast amounts of personal data, implying that smaller eCommerce stores are not included. However, having someone in charge of data protection in your organization is still critical.

You can keep doing what you've always done if the user has agreed to the message and communication channel you're presenting. However, if they haven't given their agreement, you won't be able to send them marketing materials or advertise to them. If you don't have the visitor's obvious consent to receive these types of marketing messages, you won't be able to send them email messages - or face stiff penalties.

Delete, correct, or restrict user's personal data when requested

The third and final of the GDPR's three key areas for eCommerce is user requests to have their personal data removed, updated, or restricted. At its foundation, the GDPR gives European people and residents more total control over how their personal data is being used.

As a result, if an EU subscriber or shopper whose personal data you hold requests that it be erased or changed in any manner, you must comply within a reasonable timeframe.

If a user requests that their personal data be changed or deleted, you should do it as soon as possible. You won't have to worry about this part of GDPR after doing that.

How to set up GDPR compliance with AVADA

AVADA Marketing Automation makes sure that all of our users are fully covered with GDPR compliance and can send emails or SMS campaigns all around the world. Here are the steps to set up your store to be GDPR ready with the app.

1. Update Privacy Policy on Shopify store

If you are using AVADA Marketing Automation, you will have to update your Shopify store to make sure your users understand their personal data rights before opting in.

1.1. First, go to your Shopify admin panel, then click on Settings -> Legal. In the Privacy Policy box, you can write your own version of privacy policy or click on the button Create from template to use a sample from Shopify. You should also copy and paste these texts:

Email and SMS Marketing Terms and Conditions:
We are using an email and text messaging platform, which is subject to the following terms and conditions. When you opt-in for our text marketing and notifications, you by default agree to these terms and conditions.

By entering your email address in the checkout and initializing a purchase, subscribing via our subscription form, you agree that we may send you emails (for your order, including abandoned cart reminders) and marketing offers (emails or SMSs). You acknowledge that consent is not a condition for any purchase.

Your email address, name, phone number, and purchase information will be shared with our email marketing platform AVADA Marketing Automation. This data will be used for sending you targeted marketing messages and notifications. If you send the text messages, your phone number will be passed to a text messages operator to fulfill their delivery.

If you wish to unsubscribe from receiving email marketing messages and notifications reply, you can use the unsubscribe link we provided you with in any of our email messages. For text messages, you can reply STOP or other keywords to unsubscribe. You understand and agree that other alternative methods of opting out will not be accounted as a reasonable means of opting out.

For any questions please contact through the email address you received the email messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above or contact our support team. <

Next, click the Save button at the top or bottom of the page to confirm the changes.

1.2. Now that you have updated your Shopify store's privacy policy, you also need to set up to receive consent in the checkout process.

Go to Settings -> Check out. First, tick on the Optional under the Shipping address phone number section.

Then, go to the Checkout language and click on Manage checkout language.

Find Checkout marketing on the page with the CTRL+F shortcut. Paste the following text in the field box under the Accept marketing checkbox label:

Sign up for exclusive offers and news via text messages and/or email.

Next, using CTRL+F, locate the Phone label setting on the page.

Add the following to the Phone Label and Optional Phone Label fields:

Phone number for updates and exclusive offers.

Then look for Checkout shop policies and paste the following information under Privacy Policy:

By checking the sign-up box for text message offers and clicking Continue to Shipping, I consent to receive recurring automated marketing text messages at the number provided, and I agree that texts may be sent using an auto dialer or other technology. Consent is not a condition of purchase. Message and Data rates may apply. For more information see Terms of Service & Privacy Policy.

Then, confirm your changes by clicking on the Save button. Now you have updated your Shopify store's checkout process to comply with GDPR

2. Setup GDPR Compliant Form to collect customer data

After you install AVADA Marketing Automation on your site, you can start building your list with the Forms available in your account. To make sure that your forms include GDPR compliant language, you need to edit your form through the following steps.

2.1. At the dashboard, select the Forms tab then try editing a form by clicking on one and go to the Design step.

2.2.. In this tab, you will see that you can edit the component of your form through the left side panel. Double click on the Forms and you can see the elements to include inside the form.

2.3. Click on the GDPR Policy Checkbox to enable a box that includes a checkbox with GDPR language to receive consent from subscribers like the image below.

The content of the checkbox is like this:

By clicking the checkbox, you agree to receive our newsletter emails. All your information will be held under the General Data Protection Regulation (GDPR) (EU/UK) and you can unsubscribe any time.

2.4. You can click on the checkbox to edit it or click on the General drop down -> Form, and find a section called the GDPR policy.

You can customize the copy and the link of this section so subscribers can learn more about GDPR on their official website. You can also change the text colors to match your form style.

As you can see in the image, the form also has a little message at the bottom (By entering your email address, you agree to receive our newsletter emails and you can unsubscribe any time.) This makes sure that even with or without the checkbox, you have some kind of consent to receive email addresses.

And that is how you make sure that your AVADA Marketing Automation forms have the necessary GDPR compliance to collect and store user's data. Also, you can set up double opt-in to further ensure the consent of subscribers and the health of your email list.

3. Set up Unsubcribe option in email/sms

Unsubscribing is a basic right and law-required action to include inside email campaigns. AVADA Marketing Automation fully understands the necessity of the unsubscribe option, so we have this section to make sure you understand that as well.

AVADA Marketing Automation requires all emails to have an unsubscribe link. This is due to the CAN-SPAM Act and important for maintaining a strong sender reputation.

If you don't give recipients the option to opt out and choose whether or not they want to receive your emails, they're more likely to designate them as spam in their inbox service. Spam complaints, on the other hand, are serious and can have a substantial impact on your email deliverability.

By default, all email designs by AVADA Marketing Automation, whether in workflows or campaigns, have an unsubscribe link. But, if you want to manually add one, here is how:

In any email design, you can select the Footer section from the left panel and see an unsubscribe link inside each element. Simply drag the element into the email and you can edit the text for the unsubscribe link

SMS Opt-out

SMS is an essential part of AVADA Marketing Automation workflow, and you can add one by simply dragging and dropping an SMS component from the sidebar into any drop point. However, SMSs also need to follow GDPR compliance and allow subscribers to opt out of the sequence by removing their phone number.

You can see the opt-out or unsubscribe language in an SMS in the image above. This is the text that someone will see showing how to unsubscribe from SMS messages, similar to an unsubscribe link in an email. It's worth noting that some countries and carriers require opt-out language.

The text can be edited, but by default will be: "Send STOP to unsubscribe this SMS". You can edit the text, but make sure that you set up the word of unsubscribe first. If you keep the default words, when an SMS subscriber texts STOP to your number, they will opt out of receiving automated messages.

Manually unsubscribe users through the audience tab

In case you want to manually unsubscribe one or more of your users, head to the Audiences tab in the left panel, as the image below suggests.

Step 1. Click on any contact you want to opt out of the email list.

Step 2. Inside a contact's information, click on the three dot button and you will see two options. Click on Change status.

Step 3. Here you can see whether the contact subscribed to your email and SMS or not. Just click on the Unsubscribe or Subscribe button to change the status of them from subscribed to unsubscribed and vice versa.

Updated on: 02/08/2021

Was this article helpful?

Share your feedback


Thank you!