User consent registration
Registering consent of opt-ins are mandatory under GDPR (most of the time). There’s a difference between registering consent for cookies and tracking scripts and other service, e.g e-mailmarketing. We will have a look at both.
E-mailmarketing, opt-ins and user consent registration
Registering consent for e-mailmarketing is not new. Opt-ins are required by many maildelivery solutions, like Mailchimp, for many years. They went unnoticed and unused for many years, but are now implemented more noticable since the GDPR became active. For many countries this didn’t change the privacy laws concerning e-mailmarketing and alike, it just shifted focus.
Because e-mailmarketing by design needs an e-mail address (personal data), the consent can be linked to the unique ID (e-mail address) by way of adding a checkbox to a form which clearly states the nature of the marketing efforts. Only when checked is the person allowed to be e-mailed. This explicit consent can be registered by WordPress, Mailchimp or any other service by adding a column with date & time of consent, next to the e-mail address used to give consent. All respected solutions will have this built-in and can be used and integrated with Complianz.
After consenting to a newsletter, all newsletters should contain the possibility to revoke consent by unsubscribing. Or the user can ask the person responsible for registering consent to remove, access or change their consent. This should all be clearly stated in your Privacy Statement. Consenting to cookies is a bit different. The most important difference is described below:
Registering cookie consent
The main difference is that when a user consents to all or a category of cookies, the user is identified by unique ID in their local browser storage (a functional cookie). This will not be identifiable as a unique person (linked to personal data) . This means you can’t change/revoke/access someones consent, other than the user who gave consent.
Or the user can remove the cookies in the browser all together, which removes any registration and consent status.
Another GDPR guideline is data minimization, which in short means: if data is not needed to serve the specific purpose, it should be removed for this purpose. Best practice for consent registration of cookies is to deny any personal data and leave full control in the hands of the website visitor. This being said; you’re still responsible to assist the website visitor in revoking their consent.
Complianz does not process personal data, because of GDPR guidelines, but it covers user consent registration!