[Q & A Recap] How to Approach the GDPR & Resources to Help You Navigate International Waters


Join our newsletter!

Receive the latest data collection news in your inbox.

In May 2018, FormAssembly’s Director of Marketing Ashley McAlpin co-hosted a webinar with Cloud for Good’s CEO, Tal Frankfurt, and Marketing Manager, Jenn Tate. The three facilitated an informational session on how to best approach new regulations and were joined by FormAssembly CEO and founder, Cedric Savarese, for a GDPR question and answer segment. Read below for some highlights and helpful answers to common GDPR questions.

Q: If we get a business card from an EU resident at a conference, can we market to that individual?

A: Under GDPR, you must be clear about what the person is opting into. They may not understand how you want to market to them if they’re submitting their business card for a contest or giveaway. Under the GDPR, the best practice is to send the individual an email and ask them about particular the particular marketing campaign you want to engage them in.

Q: What does the GDPR mean for me as a FormAssembly customer?

A: The GDPR is a shared responsibility between the data controller and data processor. If the GDPR applies to you, FormAssembly acts as the data processor and enters into an agreement (The Data Processing Addendum) which contractually binds us to protect the rights of data subjects.

Q: If our resources are free and someone creates an account to access materials, they are added to our email list. Do we need a separate opting in option?

A: According to GDPR, when people opt into something, they opt in to something specific. The best practice is to ask them if they want to opt in to things like newsletters as well. If your content is gated, you can include a checkbox on the front end to provide an option for them to opt in to other marketing materials.

Q: How do you allow individuals to access their stored information?

A: It is a requirement under GDPR to share the data that you have, and you need to be able to share that data in a way that is legible online in a common format. You need to be able to process those requests (which is possible with a simple FormAssembly form). You will also need a way to confirm their identity through photo identification or proof of residence.

Q: Do we need to send an email to our EU account holders to let them know to opt-in again for account access?

A: If someone has already opted has already opted in to your marketing communications, your organization is all set! You don’t need to worry about having them opt-in again.

Q: If I’m confident that the GDPR doesn’t apply to me, should I still sign the FormAssembly addendum just in case? Is there any downside for my organization if I do so?

A: If you’re confident that the GDPR doesn’t apply to you, it’s not encouraged to sign the Data Processing Addendum. You are welcome to review the document, but there are statements within the agreement that you make regarding your own compliance to the GDPR regulations. You may want to be aware of what these are prior to signing.

Q: Does the GDPR affect nonprofit organizations?

A: Under the GDPR, it does not matter whether you’re a nonprofit or for-profit organization. Nonprofit status does not exclude you from GDPR compliance, nor does it protect you from fines associated with being out of compliance.

FormAssembly would like to thank Cloud for Good’s Tal Frankfurt and Jenn Tate for partnering with us for an informative webinar and question and answer session! You can listen in to the complete Q&A recording by downloading below.
Ready to learn more about whether the GDPR applies to you? Listen to the complete webinar.

Don’t just collect data
— leverage it