Table of Contents

GDPR Compliance

The General Data Protection Regulation (GDPR) was adopted in the European Union in April 2016, and became enforceable in May 25th 2018. This regulation is designed to provide EU citizens with better control over their personal data, and requires any company which stores and uses the personal data of EU citizens to take steps to protect that data and e.g. make it available for the user to download.

Personal data is any information relating to a person who can be identified directly or indirectly, such as ”(...)a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Furthermore, personal data may only be collected if a user consents to it - a consent is a ”freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Consents must consist of clear, concise and granular positive opt-ins such as:

  • Consent to receive newsletters
  • Consent to using previous purchases to show personalized suggestions
  • Etc.

Or in other words; the user must be informed about precisely which data you want to use, why you are collecting it, and what you want to use it for, and must actively elect to give consent to that activity – a consent cannot be collected using e.g. pre-ticked boxes or other methods for default consent.

In DynamicWeb:

  • Opt-ins are called consent activities and are created using the Data Processing app
  • Consents for an activity is collected using either the Extranet or the Forms for Editors apps and an be viewed using the Data Processing app
  • Consents can be checked and updated when using our Email tool – or by using the ConsentManager class
  • User data can be made available for download using the Data Portability app

Bear in mind that you don’t have to use these tools to be GDPR compliant – consents collected via other sources (e.g. phone calls) – can simply be stored in a set of custom fields. The Data Processing app is simply a convenient tool for storing consents which are obtained using our system.

If you store email-consents in custom fields, you will have to uncheck these custom fields on unsubscribes.

Improve this doc
To top