Although the GDPR went into effect on May 25, our goal at FormAssembly is to continue providing valuable resources to help you maintain compliance. In the last of our three-part webinar series, FormAssembly’s Director of Marketing Ashley McAlpin co-hosted alongside our CEO and founder, Cedric Savarese. They were joined by Ian Gotts, CEO and Founder of Elements.Cloud, who helped shed light on linchpin topics like understanding informed consent and transparency under the GDPR.
Getting Permission to Hold Personal Data
“The whole area of tracking personal data is probably the biggest change to the way customers are expecting their data to be held, but also from the company’s perspective – the way we now have to operate,” Gotts said.
Under the GDPR, there are six lawful bases that allow for data processing. The three most commonly used bases include contract, consent, and legitimate interest. Gotts shared several noteworthy “do’s and dont’s” of consent and emphasized the need to make consent a clear and affirmative act on the part of the user.
Gotts also shared three top mistakes that he’s seen in the days before and since GDPR. These errors include sending unnecessary emails, bombarding consumers with legalese, and fighting for customer attention, yet losing.
The Right to Transparent Information
“One of the things that the drafters of the GDPR understood and made very clear in the law is that there’s no such thing as consent without information,” Savarese shared.
Savarese explained why it’s important to establish transparency at the point of data collection. It’s critical to disclose certain information to customers such as the purpose of processing, company contact details, the duration of processing, and the data protection officer’s name (if one is in place). Moreover, it is better to disclose this information in a format or location that the consumer will easily see and read.
Savarese also emphasized the need to think critically about the full life cycle of data. Under GDPR, organizations must disclose to the user how long data will be kept. Additionally, the GDPR regulations hone in on automatic profiling and how that may impact personal freedoms. For companies who use automatic decision making, GDPR simply underscores the need to disclose such a process with the user in a transparent way.
Choosing Compliant Solutions
With the GDPR in effect, it’s more important that ever to select data solutions that promote compliance and accountability. FormAssembly’s robust information and security policies are designed to meet requirements of the GDPR in addition to other regulations, like PCI Level 1 and the US HIPAA regulation.
Under the GDPR, a basic checkbox to indicate user consent may no longer be a suitable option. That’s where the Elements.Cloud Data Privacy Manager comes in, to help organizations overcome obstacles presented by new regulations. Available on the Salesforce AppExchange, the Data Privacy Manager is simple to implement and integrates seamlessly with marketing automation and FormAssembly.
Ready to learn more about informed consent and transparency? Take some time to watch the full recorded webinar!