How to Keep GDPR Records of Consent for Your Subscribers
By Brandon Olson August 1, 2018
The GDPR (General Data Protection Regulation) requires that you can prove the nature of consent between you and your subscribers. That means you must keep comprehensive records of how subscribers joined your list if you want to comply with the law.
But keeping records of consent for your subscribers can seem daunting, no matter what your email list size.
Fortunately, it doesn’t have to be difficult or time consuming.
Below are two simple ways you can keep records of how you collect subscribers’ personal data.
Disclaimer: This blog post is for informational purposes only, and you should not consider it legal advice. We recommend that you seek legal and other professional counsel to determine exactly how the GDPR might apply to you.
Two key data points to record for GDPR consent
To prove you are GDPR compliant, you must be able to prove what a subscriber has consented to when signing up for your list. There are two parts to this:
- the sign up source (i.e. the webpage they visited to sign up)
- a copy of the form or mechanism they used to sign up at the time they subscribed
AWeber automatically records the sign up source within your subscribers’ records, so we have you covered there.
But it’s a bit more complex to record a copy of the sign up form. Why? Because you may have more than one sign up form on your site, or you may change your form from time to time, making it difficult to show exactly what the sign up form looked like at the time of signup.
The best way to record a copy of your sign up forms will depend on a few factors:
- Do you have have multiple email sign up forms?
- Do you regularly change your email sign up forms?
- Do you run split tests on your email sign up forms?
How you answer these questions will impact the way in which you keep records of your sign up forms.
Related: Your GDPR + Email Marketing Playbook: How to Prepare for the EU Data Law
“I only have a single sign up form, and NEVER change it or run split tests on my form.”
If you have a single sign up form that never changes, you should be able to manually record it since all subscribers join your list the same way.
Simply take a screenshot of the form using any commonly available software (like the Snipping Tool for Windows or Skitch for Mac) or a built-in feature on your Mac or PC.
Once you’ve created a record of your sign up form, save the file in multiple places, such as your computer, an external hard drive, and a cloud-based storage service like Google Drive or Dropbox.
“What if I change the signup form later?” No problem. All you have to do is repeat the process above to make a new manual record, and add the details to your documentation. Be sure to retain the old record, too.
Related: 6 Myths about the GDPR and Email Marketing Debunked
“I have multiple signup forms, I change my form regularly, or I run split tests on my forms.”
It would be a lot of work to manually record and manage multiple or changing signup forms, while also verifying which subscribers came through specific versions of the forms.
In this case, we recommend using a service like optinopoli to automate the recording process. We discovered this service when were looking for ways to make GDPR consent recording easier for our AWeber customers. In our research, we haven’t been able to find any other tools that automate the recording process in this way. (If you know of one, please tell us in the comments below!)
How to auto-record signup forms
optinopoli, which integrates with AWeber, is a signup form tool designed to help you collect subscribers on your website and grow your list.
Unlike other sign up form builders, it has the ability to automatically record the version of the sign up form used by each of your subscribers.
Related: 9 Inspiring Sign Up Form Ideas to Grow Your Email List
Here’s how it works to record your forms:
For each new subscriber coming through an optinopoli™ form on your website, the app sends you a notification via email. These notifications are optional, but you’ll need to leave it on to take advantage of the auto-recording facility.
I recommend setting up a filtered folder in your inbox make managing all of the notifications easier (and to save your inbox from getting clogged!). You can receive and store these notifications in there.
Another alternative: Create a separate email account where these notifications can be sent and stored.
Within the notification, you’ll see a link for the sign up form used. If you click the link, you’ll see the exact form used by the subscriber displayed in a new browser window.
If you’re running a split test on your forms, the app will also record any variations of the form. You’ll get the record of the actual form used by the subscriber.
Pro tip: Set the lead notifications to go to a cloud-based email account, such as Gmail, where the emails can be safely and permanently stored in the cloud.
Once you’re set up with optinopoli, be sure to test your new form and lead notification. Make sure your notification contains the link to the auto-recorded signup form.
Following the steps outlined above enables you to keep comprehensive records of consent for your subscribers. Questions? Ask me below!
Evan H. Farr8/2/2018 2:43 pm
Doesn’t this new law only apply to American businesses if we solicit and serve clients in Europe?
Brandon Olson8/2/2018 2:59 pm
Hi Evan. The GDPR applies to any data controller or processor who collects, records, organizes, stores or performs any operations on personal data of those who live in the EU — even if you don’t reside in a European country. I wrote more about it here and here.
Ryan Gunness8/2/2018 2:56 pm
I have not done this yet but thought of it after reading this post. You could add a custom field called “formid” to hard code an id # for each form you use. Then using a cloud base speadsheet like google sheets you could have a sheet with these fields id,date live, date removed, formcode,screen shot, notes. This will save the “formid” with the subscriber for easy refence, maybe even just add the formid to “Ad Tracking” example instead of Ad Tracking=webform_1 you could do Ad Tracking=webform_1+fid2, fid would be the form id in this case. Hope this all makes sense 🙂
Anabell8/5/2018 11:54 pm
The GDPR applies to any data controller or processor who collects, records, organizes, stores or performs any operations on personal data of those who live in the EU — even if you don’t reside in a European country
Lewis White8/19/2018 2:31 am
So, am I right in saying that all I have to do is:
1. take a screen shot of my one signup form and
2. Copy the html on a text file and save them both in Google drive and on a usb stick for future reference?
Great article by the way…
P.S. What happens if I collect subscribers via the Atom app? How do I copy the HTML?