From what I understand of the General Data Protection Regulations (GDPR), personal information on European citizens will need to be physically stored in EU data centers. It seems to me that contact information (names, phone numbers, email addresses, etc.) stored in Constant Contact qualifies as personal information.
I cannot find any reference to the GDPR on the Constant Contact website or community forums.
What is Constant Contact doing to ensure that its customers will be GDPR-compliant when these regulations take effect in 2018?
Solved! Go to Solution.
Because Constant Contact has always been a permission-based email marketing system, we've already got many tools that will help our customers who may have GDPR obligations and we'll be adding more. We have developed a guide that goes over GDPR and covers tools they can use right away. Click here for the guide. This guide can also be found in our Help Center. As more information and tools become available we will update our customers here and elsewhere.
I sent the GDPR template to myself to myself to check it works. I clicked on the 'yes, continue sending me emails' button.
My question is when do the "Implied Permissions" folder and "Express Permission" folder appear in my content management?
These are the contact options currently showing:
Yes, as @JonB3 mentioned, you do need to go to the My Settings page and "Enable advanced email permissions" under the Contact Settings area.
You will then be able to see the "Implied" and :"Express" folders on the Contact Management page. I will pass that feedback along to the powers that be to make sure that step is added to the instructions for GDPR!
You can also find more detailed information about GDPR on our blog
At this time there is not a way to automatically separate European subscribers from non-European subscribers. That said, you can do an advanced search for information such as country or "email address ends with" .uk or other European country codes. Click Here for more information on the advanced search feature.
This solution leveraging the GDPR template email appears to work fine for acquiring consent with any contacts already in the account.
How is CC expecting to allow their web forms that collect info to be GDPR complaint? Currently when someone submits contact info on a web form, they are immediately marked as "express" per the below comment.
"When the Advanced Email Permissions option is turned on, we'll mark all of your incoming subscribers through web sign-ups and Text-to-Join as Express to help save you time." - Reference
This works for Canadian compliance, but not for GDPR as that requires us to validate "proof of opt-in and consent" by means of a 2nd email after the initial web form is submitted. We had hoped to use the GDPR template email with an Email automation tied to specific lists so that anyone who fills out the form is automatically send an email with an opt-in button. Unfortunately this won't be useful if everyone coming in through the web form is already marked as "express".
Additionally, as i'm sure you're already aware, there is a big need to include required checkboxes on every form to verify privacy/terms and conditions. Currently the only custom field options are for text and date. Is there any way a required (default unchecked) checkbox can be added as a type and maybe even accept hyperlinks?
These are great questions! You are correct; our GDPR template helps with contacts that were already in your account. If you’re looking to have a second email to show a proof of opt-in and consent for new contact sign-ups I suggest enabling Confirmed Opt-In for your account. This setting will trigger an automatic confirmation email to contacts joining through a signup form. As for the checkboxes on your sign up forms, I apologize this is not a feature that is currently available. I do however want to note changes are still being made to help keep accordance with GDPR as we get closer to the date. In fact, here is a link to our GDPR blog where you can find more information about these changes.
I've managed to go to my settings and enabled advanced email permissions. However, Expressed permissions are not showing. Also, when I sent a preview test email to an email address I own and clicked on the 'Yes, continue to send me emails' button, my opt in is nowhere to be found....I am assuming that it will show up under 'Expressed permissions' once someone can kindly tell me how to get it up on my contacts list.
Would really appreciate some help. Many thanks!
Thank you for reaching out to the Community! That is a great question. Your Expressed Permission section will show up under your Contact Management page when you have contacts opt in from your GDPR email campaign. When sending a test email, this will not record as an opt in because it is a test. If you do a live send to yourself and click the option to opt in, you will then be added to the Expressed Permission section.
If you follow these steps and are still having issues, please email privacy(at)constantcontact(dot)com and our team can assist you further. Thank you!
Please can you put the GDPR opt in button that you have in your GDPR email template onto the left hand bar, so that this can be integrated into a standard email that we can send out. Thank you.
Thank you for reaching out to the Constant Contact Community. It's my pleasure to assist you today.
That's a great piece of feedback and I'm happy to submit it on your behalf! You may also submit your feedback directly to our developers on our Feedback forum.
In the meantime, please feel free to reach out if you need further assistance. Thak you for choosing Constant Contact. Have a great day!
With GDPR changes coming, looking to send an e-mail campaign that gives some data we have a "last chance" to register with us, with the option of opting-in if they still want to hear from us (as may not be ready to engage with us fully and register)
Does anyone know how to create this? I saw this email from a company that uses CC and directs you to a link where it just confirms you've clicked and want to continue hearing from them. Something like this would be ideal...
Thanks for reaching out to the Community! I'd be happy to help you.
Also, additional Information about the new General Protection Data Requirements (GDPR) can be found at this link.
Please let us know if there is anything else we can do for you.
I'm trying to find the best way to keep new contact I add to the database GDPR compliant. Firstly I get most of my contacts from events where my company get people's business card but not necessarily their express permission to contact them. The best way I thought would be to use your GDPR template as an automated email to any contacts that get added to any of our EU contact lists.
However I have found this to be unsatisfactory.
The typical way this is set up the new contacts that are added will receive this email and the way I see it can do one of three things:
1) Click that they want to receive emails from us and their contact will be updated to 'express permission' but I don't have a way of knowing who has done this except physically going to check if they have. Then I have to actual do something like make a tag for this, and tag each of these as with my made 'express permission' tag, so when sending an email I define the lists further by only ones with an express permission tag.
2) Click the tiny unsubscribe link at the top or bottom of the email, this can't be placed in the body of emails which I found after much HTML headbanging. This is ideal for people who don't want to receive my emails but I feel it should be easier and clearer and addable to the body of the email (looking back on old community posts this is something that has been requested for years).
3) What I assume most people will do and probably ignore the email. So I don’t have their express consent to still contact them but they are still on my database. This is not great fro GDPR. I also don’t know I don’t have their consent without actually going to check that they still haven't given express permission. They also could still receive emails if I don't go and tag them with a 'not yet consented' tag and make sure I define them out.
All of these aren't really great and I feel the whole process should be way more intuitive and automated.
For example just having the 'express consent' and 'implicit consent' be actual automated tags and therefore definable when sending an email would help a great deal instead of having to make these tags and then constantly going back to see if contacts with these tags need to be changed.
If i could get your advise that would be greatly appreciated
We understand that making sure you are compliant with GDPR is important and we are here to help! That is correct that you can add your new contacts to your account and follow-up with the GDPR email template so they can confirm their permission. Any contact who clicks the button in the template is immediately documented as giving his/her express consent to receive emails from you and his contact record appears in the Express Permission folder in the Contacts tab. (Note: you'll need to Enable Advanced Permissions in My Settings.)
In addition, adding these contacts to a specific Email List or Tag allows you to know specifically which contacts have confirmed their permission. You'll also know of any contacts who haven't given their express permission as those will remain in the Implied Permission folder.
We do apologize for any inconvenience this may cause and your concerns have been forwarded appropriately and tracked for our programmers. We appreciate your feedback!
Hi Nichelle M,
Thanks for your response. It still just feels like an unsatisfactory and completely minimal tool to use for GPDR compliance. I understand that you may not be the person to discuss this with so if you could do the thing where you pass this on to the developers that would be great. I'll also post this in the feedback forum as well.
Apologies, I'm going to do a numbered list again on ways the express and implied permission tool is unsatisfactory and could be improved:
1) This is not really trackable, to see if someone has clicked the button to give express permission you have to physically keep going back and checking. Also on the reporting of the email itself you can't see this data.
2) It is not definable at all. It would be amazing and actually maybe make this tool useful if when sending an email you could define your lists to 'Only send to express permission contacts'.
3) To do anything like the two above you have to probably make a tag for each and keep going back into you contacts and the express and implied permission lists and select them all and make sure they are all tagged correctly.
4) GDPR requires proof of consent, I can't really see how this fulfils this. There isn't a way to see things like the date they gave express permission or how they gave it. I mean I can just change this field for all my contact and it still is the same as if they gave consent.
In essence I don't really get what this tool does at the moment. This needs to be a much more powerful part of CC with at least it being an automatically updated field that is definable when sending an email that would start make it useful. I understand that this is just a issue for EU contact but I don't see how making at least the change I just recommended would affect global users if it was just an optional tool to define recipients further.
Thank you for reading and taking my concerns on board, I look forward to hearing back from you.
Thank you for reply and the feedback that you provided. I do apologize if our GDPR tool feels unsatisfactory. We do appreciate any feedback and suggestions that our customers send our way so that we may direct it to our developers. In regards to your fourth point, the main factor of the GDPR regulation is to have expressed consent from your contacts. It is irrelevant to how they gave expressed consent. As long as you have them within the Expressed Status page of your database, you should be able to contact them under the new regulation. With that being said, I have submitted the requests to our developers so that they may review the requests and hopefully implement them in future updates. Thank you once again for the feedback and please let us know if you need assistance with anything else.
Thank you to replying to my message and thank you for passing these on to the developers.
My main concern with my fourth point was that a central tenant of the consent with GDPR is being able to prove that there is consent and evidence of how that consent was given. There doesn't seem to be any accounting for this with the current tool. As you said I just need to have my contacts within the Expressed Consent section of my database, but I can manually change that on all of my contact myself whether they have given consent or not (a feature as I agree with as consent in this case can be given in a number of ways not necessarily encompassed within the parameters of an email service like this). But there is no way in this tool to record consent and have evidence of it i.e. date given, method given, any kind of data trail. So it doesn't really cover the regulations of GDPR.
Apologies for all the long messages and feedback. I don't suppose there is any way I can take these issues further than just voicing them here, or any one else I can discuss this with?
I absolutely understand your concerns and I appreciate your feedback. In this case I am going to suggest sending an email to our privacy team. They are best equipped to address any GDPR specific questions that you have. They can be reached at privacy(at)constantcontact(dot)com.
In the meantime, please let us know if you have any additional questions. Thanks!