GDPR: Your path to compliance
In this article:
- Step 1: Data Collection - Forms and Double Opt-in
- Step 2: Data Storage and Processing — Exporting Contacts and Updating Data
- Step 3: Unsubscribe and Email Preferences
- Data Processing Addendum (DPA)
- I have more questions
As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will toughen obligations when dealing with the personal data of citizens from the European Union (EU).
It will affect all organizations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.
This new legal framework will have profound implications in how marketers manage their relationship with prospects and customers.
It will come into effect on May 25, 2018, and penalties for violations will be significant.
In this article, you'll learn how to use Kajabi's current set of GDPR-friendly features.
Check back frequently! We will be updating this guide as the deadline gets near.
Step 1: Data Collection - Forms and Double Opt-in
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since Kajabi helps you create your own Pages and Forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
Add a custom field to your Opt-in Form that makes giving consent unambiguously clear to the user. To do this:
- Create a new Form or edit an existing Form.
- Scroll down to the Fields section.
- Create a new Field.
- Use unambiguous language so that the user clearly understands exactly what their consent means.
- Make this field required:
Learn more about Opt-in language examples and the ideology behind consent here.
Another useful feature that will ensure your Forms are GDPR compliant is Double Opt-in.
To set this up:
- Create a new Form or edit an existing Form.
- Check the "Send double opt-in email to new contacts" box.
- Edit the language of the Double Opt-in email in your Email Templates tab:
The most important thing to remember is to provide clear, unambiguous language on your Opt-in Forms that will effectively communicate to your users that they are giving consent to use and store their contact information.
Consent checklist published by the UK Information Commissioner’s Office can be used to ensure your consent is in compliance with GDPR or not.
Step 2: Data Storage and Processing — Exporting Contacts and Updating Data
Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.
Kajabi is working on functionality to ensure our platform is fully GDPR compliant by the May 2018 deadline. Kajabi already lets you export contact data from your People tab in a user-friendly format. The whole process takes seconds.
This will help in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your Kajabi account.
How to export contact information
To export a CSV of all the contacts stored on your site:
- Go to your People tab from the dashboard.
- Click Bulk Actions.
- Select Export All:
How to modify and update contact data
Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.
To edit a contact's information in the Kajabi admin:
- Open the People tab and search the name or email address of the Member you want to edit.
- Click on the Member's name.
- Select the Edit Details tab under the Member's name:
Step 3: Unsubscribe and Email Preferences
When you send emails to prospects and customers using Kajabi Email Campaigns, they include an unsubscribe button, which allows customers to easily let you know that they want to withdraw consent to receiving marketing emails from you. This feature also helps you comply with the EU E-Privacy legislation governing direct marketing.
On the other hand, our email preferences functionality allows Members to choose which marketing emails they want to receive.
If a Member would like to subscribe or unsubscribe to marketing emails within Kajabi:
- They can click their Avatar in the top right of the page.
- Select Settings.
- Check or uncheck all of the email settings boxes:
As you can see, there are many GDPR-friendly features you can use on your path to be compliant.
This new legal outlook is a great opportunity for marketers to revise how they're approaching their leads, customers, and what they can do to treat these relationships with the highest care.
We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.
Be sure to check out our blog post on GDPR here.
Data Processing Addendum (DPA)
We have published our DPA here.
No action is rquired on your end. You can print out and file this policy if you'd like, however, we do not need to receive a signed copy from you.
What about contacts already on my list?
The contacts already opted-in on your list do not put you jeopardy of breaching GDPR. Existing contacts are not required to opt-in again, however, many Kajabi users are taking this opportunity to refine their list and shed some dead weight.
This is a great opportunity to send an Email Broadcast to your entire list with a double opt-in embedded for added consent security.
A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is easily understood and easily accessible to your users.
View an example of a GDPR compliant privacy statement here.
Kajabi uses the following cookies on the Site:
||Kajabi session cookie Tracks your active admin session so you don’t need to re-login|
||Kajabi affiliate token Tracks which affiliate has referred an offer purchase|
||Admin bar hidden Tracks whether the user wishes their admin previewing bar to be hidden|
How can I add a cookie disclaimer script to my homepage?
This is not a native available feature in Kajabi. For this reason, I recommend using https://cookieinfoscript.com/.
Copy the generated script and paste it just before the closing
</body> tag in the
theme.liquid of your homepage. To learn how to edit the code on your site click here.
I have more questions
Help us out by letting us know what you'd like answered about GDPR below! This is not a place for feature requests. Please refrain from submitting ideas or complaints through this form.
Disclaimer: This article is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.
Was this article helpful?
Need Help? Live Chat with Us.