New Feature: Marketing Opt-In for GDPR Compliance
- May 24, 2018
- 5 Comments
This post has been updated on May 31 to address vendor feedback changes.
In addition to our previous policy changes for GDPR, this morning we’ve released a new “marketing opt-in” feature that displays a checkbox on the cart during checkout. If checkout is completed with this box unchecked, your buyer will not be sent to marketing integrations configured on your store.
In the Cart
The field is displayed on the DPD cart under the name and email fields:
On the Purchase Log
Their opt-in status is displayed on the purchase detail page and in the purchase log:
Setting up the Marketing Opt-In Field on your store
From today forward, in compliance with GDPR regulations that go in to force tomorrow, the Marketing Opt-In feature is enabled on all DPD stores. This is a legal requirement of GDPR. You can disable it if you wish.
To change the appearance of the field is easy:
- Log in to DPD
- Go to Theme in the left menu
- Edit your current theme
- Edit Cart page options
- Change the field options
As you can see in the screenshot above, you can configure the following options:
- Enabled (shown) or disabled (not shown)
- The text label beside the checkbox. You can change this to whatever you like.
- Default state for the checkbox (checked or unchecked)
If you turn off the marketing opt-in checkbox on your store, we will send your customer data to 3rd party marketing integrations without their explicit approval. It is your responsibility as a vendor to get approval for sending marketing communications in compliance with GDPR.
Disabling the marketing opt-in field on your store or setting it to “checked” by default can expose you to legal peril if you are using marketing integrations or intend to send marketing communications in the future, even if you’re not using a marketing integration now. You should thoroughly research the legality of removing the marketing opt-in checkbox before disabling it. The default “shown” and “unchecked” options are GDPR compliant. We can not give legal advice on if you should change these values.
Vendors using Zapier with 3rd party marketing integrations and mailing lists will need to update their “Zaps” in Zapier to only add
marketing_optin = true to their marketing integrations to honor the flag and be compliant.
Marketing Opt-in does not affect transactional emails like product updates, purchase emails, or session activation emails.
Marketing Opt-in only affects the marketing email integrations (MailChimp, Sendy, etc.)and it does not affect conversion tracking, analytics, extra order process email, or any of the others.
But I don’t want this!
You can disable marketing opt-in on your cart page and DPD will work how it always has in the past.
But I don’t sell to the EU! I’m a US company!
There is no way to guarantee you have no EU customers. An EU citizen could be on vacation in the US and the law applies. An EU citizen could be using a VPN. An EU citizen could be using a work network with a US IP address. It is impossible to block all EU citizens from using your website, which is available globally. The EU can come after US companies for not being compliant with GDPR. The only way to be legal is to have this option on your cart.