New Feature: Marketing Opt-In for GDPR Compliance
- Jason@DPD
- May 24, 2018
- 5 Comments
This post has been updated on May 31 to address vendor feedback changes.
In addition to our previous policy changes for GDPR, this morning we’ve released a new “marketing opt-in” feature that displays a checkbox on the cart during checkout. If checkout is completed with this box unchecked, your buyer will not be sent to marketing integrations configured on your store.
In the Cart
The field is displayed on the DPD cart under the name and email fields:
On the Purchase Log
Their opt-in status is displayed on the purchase detail page and in the purchase log:
Setting up the Marketing Opt-In Field on your store
From today forward, in compliance with GDPR regulations that go in to force tomorrow, the Marketing Opt-In feature is enabled on all DPD stores. This is a legal requirement of GDPR. You can disable it if you wish.
To change the appearance of the field is easy:
- Log in to DPD
- Go to Theme in the left menu
- Edit your current theme
- Edit Cart page options
- Change the field options
As you can see in the screenshot above, you can configure the following options:
- Enabled (shown) or disabled (not shown)
- The text label beside the checkbox. You can change this to whatever you like.
- Default state for the checkbox (checked or unchecked)
Important Notes:
If you turn off the marketing opt-in checkbox on your store, we will send your customer data to 3rd party marketing integrations without their explicit approval. It is your responsibility as a vendor to get approval for sending marketing communications in compliance with GDPR.
Disabling the marketing opt-in field on your store or setting it to “checked” by default can expose you to legal peril if you are using marketing integrations or intend to send marketing communications in the future, even if you’re not using a marketing integration now. You should thoroughly research the legality of removing the marketing opt-in checkbox before disabling it. The default “shown” and “unchecked” options are GDPR compliant. We can not give legal advice on if you should change these values.
Vendors using Zapier with 3rd party marketing integrations and mailing lists will need to update their “Zaps” in Zapier to only add marketing_optin = true
to their marketing integrations to honor the flag and be compliant.
Marketing Opt-in does not affect transactional emails like product updates, purchase emails, or session activation emails.
Marketing Opt-in only affects the marketing email integrations (MailChimp, Sendy, etc.)and it does not affect conversion tracking, analytics, extra order process email, or any of the others.
But I don’t want this!
You can disable marketing opt-in on your cart page and DPD will work how it always has in the past.
But I don’t sell to the EU! I’m a US company!
There is no way to guarantee you have no EU customers. An EU citizen could be on vacation in the US and the law applies. An EU citizen could be using a VPN. An EU citizen could be using a work network with a US IP address. It is impossible to block all EU citizens from using your website, which is available globally. The EU can come after US companies for not being compliant with GDPR. The only way to be legal is to have this option on your cart.
by Gavin
May 24th, 2018
These options are not in the themes settings.
4: Edit Cart page options
4: Change the field options
by Jason@DPD
May 25th, 2018
Gavin please send us a support ticket and we’ll be happy to take a look at your store.
by Gerben
May 25th, 2018
I think it is great you guys are supporting this. I don’t do any marketing (unsollicited email / spam etc) so I don’t need the checkbox, but it is great you guys are supporting GDPR.
by Dylan
May 30th, 2018
I think you have completely misunderstood the GDPR and like many others you are just covering your backs the easiest way possible without actually considering how you are damaging US businesses.
It GDPR specifically says “The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens”
As a US company offering goods in US $ not marketing to ANY EU citizens this is enough to satisfy the GDPR mandate. it does not say anywhere that we have to “guarantee” like you imply in your post. It’s enough to be a US company selling goods in US dollars not marketing to EU customers.
This is a big let down GetDPD. You have clearly chosen the fastest way to exempt your self from the responsibility without considering the damage you are doing to US businesses with this new feature.
by Jason@DPD
May 31st, 2018
Dylan,
We’ve updated the feature based on vendor feedback like yours and it now works just like DPD has always worked in the past (automatically sending customer info to integrations in the background) if you disable marketing opt-in on the cart.