GDPR: Your path to compliance

Learn how to be GDPR compliant on Kajabi( Last updated May 14th, 2018).

In this article:


As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will toughen obligations when dealing with the personal data of citizens from the European Union (EU).

It will affect all organizations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.

This new legal framework will have profound implications in how marketers manage their relationship with prospects and customers.

It will come into effect on May 25, 2018, and penalties for violations will be significant.


In this article, you'll learn how to use Kajabi's current set of GDPR-friendly features.

Check back frequently! We will be updating this guide as the deadline gets near.


Step 1: Data Collection - Forms and Double Opt-in

Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”

Since Kajabi helps you create your own Pages and Forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.

Add a custom field to your Opt-in Form that makes giving consent unambiguously clear to the user. To do this:

  • Create a new Form or edit an existing Form.
  • Scroll down to the Fields section.
  • Create a new Field.
  • Use unambiguous language so that the user clearly understands exactly what their consent means.
  • Make this field required:

Learn more about Opt-in language examples and the ideology behind consent here.

Double opt-in

Another useful feature that will ensure your Forms are GDPR compliant is Double Opt-in.

To set this up:

  • Create a new Form or edit an existing Form.
  • Check the "Send double opt-in email to new contacts" box.
  • Edit the language of the Double Opt-in email in your Email Templates tab:

Clear communication

The most important thing to remember is to provide clear, unambiguous language on your Opt-in Forms that will effectively communicate to your users that they are giving consent to use and store their contact information.

Consent checklist published by the UK Information Commissioner’s Office can be used to ensure your consent is in compliance with GDPR or not.


Step 2: Data Storage and Processing — Exporting Contacts and Updating Data

Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.

Kajabi is working on functionality to ensure our platform is fully GDPR compliant by the May 2018 deadline. Kajabi already lets you export contact data from your People tab in a user-friendly format. The whole process takes seconds.

This will help in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your Kajabi account.

How to export contact information

To export a CSV of all the contacts stored on your site:

  • Go to your People tab from the dashboard.
  • Click Bulk Actions.
  • Select Export All:

How to export a list of Members.

How to modify and update contact data

Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.

To edit a contact's information in the Kajabi admin:

  • Open the People tab and search the name or email address of the Member you want to edit.
  • Click on the Member's name.
  • Select the Edit Details tab under the Member's name:

How to edit member details.


Step 3: Unsubscribe and Email Preferences

When you send emails to prospects and customers using Kajabi Email Campaigns, they include an unsubscribe button, which allows customers to easily let you know that they want to withdraw consent to receiving marketing emails from you. This feature also helps you comply with the EU E-Privacy legislation governing direct marketing.

On the other hand, our email preferences functionality allows Members to choose which marketing emails they want to receive.

If a Member would like to subscribe or unsubscribe to marketing emails within Kajabi:

  • They can click their Avatar in the top right of the page.
  • Select Settings.
  • Check or uncheck all of the email settings boxes:

How a Member can opt-in to marketing emails.


As you can see, there are many GDPR-friendly features you can use on your path to be compliant.

This new legal outlook is a great opportunity for marketers to revise how they're approaching their leads, customers, and what they can do to treat these relationships with the highest care.

We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.

Be sure to check out our blog post on GDPR here.

Note:
Make sure you bookmark this article or check back frequently! We will be updating this guide with more information and tips on how to be GDPR compliant in Kajabi. Stay tuned!

FAQ

What about contacts already on my list?

The contacts already opted-in on your list do not put you jeopardy of breaching GDPR. Existing contacts are not required to opt-in again, however, many Kajabi users are taking this opportunity to refine their list and shed some dead weight.

This is a great opportunity to send an Email Broadcast to your entire list with a double opt-in embedded for added consent security.

GDPR Privacy Policy Example

A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is easily understood and easily accessible to your users.

View an example of a GDPR compliant privacy statement here.

GDPR requires that I use cookies on my site. How can I add those?

Your Kajabi site is already using cookies. You can view which ones are active by reveiwing our cookie policy.

Use of Cookies: Cookies are pieces of information that a website transfers to an individual’s computer hard drive for record keeping purposes. Cookies make using our Site easier by, among other things, saving your passwords and preferences for you. These cookies are restricted for use only on our Site, and do not transfer any personal information to any other party. Most browsers are initially set up to accept cookies. You can, however, reset your browser to refuse all cookies or indicate when a cookie is being sent. Please consult the technical information relevant to your browser for instructions. If you choose to disable your cookies setting or refuse to accept a cookie, some parts of the Site may not function properly or may be considerably slower.

Kajabi uses the following cookies on the Site:

Cookie Name Purpose
_kjb_session Kajabi session cookie Tracks your active admin session so you don’t need to re-login
kjba Kajabi affiliate token Tracks which affiliate has referred an offer purchase
_abv Admin bar hidden Tracks whether the user wishes their admin previewing bar to be hidden

If you are using additional cookies you will need to document that in your own personal cookie policy.


This is not a native available feature in Kajabi. For this reason, I recommend using https://cookieinfoscript.com/.

Copy the generated script and paste it just before the closing </body> tag in the theme.liquid of your homepage. To learn how to edit the code on your site click here.

DPA: Data Processing Addendum

We have published our DPA here: https://newkajabi.com/policies/dpa/

No action is rquired on your end. You can print out and file this policy if you'd like, however, we do not need to receive a signed copy from you.


I have more questions

Help us out by letting us know what you'd like answered about GDPR below! This is not a place for feature requests. Please refrain from submitting ideas or complaints through this form.


powered by Typeform

Disclaimer: This article is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.