GDPR — What We Chose to Do at Openprise
Before GDPR went into effect, Openprise took steps towards compliance.
- Asked People to Opt-In: We sent an email to the leads in our database that would be subject to GDPR. It asked people to actively opt-in in order to stay in touch with us. As you might expect, we didn’t get a massive response, but we did get some. That was great. When we looked at the lead scores of all those two didn’t respond, we didn’t feel too bad. Very few were MQLs.
a) Privacy Classification. This is a field we already had which distinguishes the GDPR, the CASL, the fine-to-use, and the non-deterministic (read: “we have no idea where they’re located”).
b) Sub-DateTime. This hidden field collects a time/date stamp for whenever the form is submitted
c) Sub-ForgetMe. This field only appears if the lead has a Privacy Classification value of GDPR (see above).
Using Privacy Classification as the method to determine which form values are seen, if the value is anything but GDPR, the user doesn’t see the Sub-ForgetMe field. If the Privacy Classification value is GDPR, the user sees the extra field:
If they select “I want to be forgotten per GDPR,” they then get a special landing page:
Otherwise they, and any non-GDPR users, get the usual subscription confirmation page.
The Sub-ForgetMe field enables us to:
- Mark the lead for deletion
- Ensure that their GDPR Opt-In value is FALSE
- Ensure that they are:
○ Marketing suspended
○ Marked NO for all the various subscription options
This way we have redundant systems (unsubscribe, marketing suspended, specific subscription fields) to ensure that between the decision to opt-out and the time the records is anonymized or deleted, we do not send to that person no matter what.
So far in testing it’s worked well. We haven’t got a large enough EU audience (yet) to have done more than test.
*We kept the sad puppy graphic from our old unsubscribe page. He still works.