How to Make Your Form GDPR Compliant
GDPR has been around for a while now, and we wanted to help make you aware of all the tools we’ve provided you to help make your campaigns GDPR compliant. So, if you’re expecting to receive donations or registrations from customers from the European Union, this article is for you!
As a reminder, GDPR is this new set of rules that the EU put into place to help protect more of European citizens’ private information. We’ve already done a few bits about GDPR, which you can find here and here.
GDPR may sound scary but we’re here to help you make your campaign a shining beacon of GDPR compliance so that you can sleep soundly and avoid the wrath of Brussels. Here’s what you need to do.
Use Donor/Customer Portal
This is one of the biggest helps to you we’ve built for GDPR: we turned on the Donor Portal as default for every account. This allows your customers to edit their registration or donation information, including (and this is very important for GDPR) the option for EU customers to ask for their data to be forgotten. They will need to claim their account after donating, and then will be able to delete their own data.
We have a link you can send your customers and donors that will allow them to request data deletion but won’t allow them to edit their information. To access that option, you will need to log into your account, head to your Organization Details, and find the link that is labeled Account Manager URL. Just send that link to someone, and they will be able to request data deletion. Here’s where you’ll find that link:
Take Advantage of the Terms and Agreements Field
If you haven’t used our Terms field on one of your pages, now is a good time to get familiar. Check out what you need to know about the Terms right here. As part of GDPR, your organization will need to clearly tell your customers how you plan on using their data. You can put that info into a Terms field, so that each one of your customers will have to agree to your policy when registering or donating. You will want to consult with your organization’s lawyers to make sure your Terms and Agreements field covers all the bases that the law requires.
Be Sure to Account for all Personal Data Outside Our System
This is just a friendly reminder for you. The data you collect on our page belongs to you, not Webconnex, and as a result, if someone sends you a data deletion request, you will want to make sure that you are processing everything correctly on your end. The tools listed above help you clear stuff out of our system, but wherever else your customers’ data ends up in your flow of information, it’s ultimately your responsibility to ensure it’s deleted properly.
So there you go! A few tips to help you out with our system if you encounter a data deletion request. Again, this only applies to customers and donors who are from the EU. If you have any questions about how we can help you with this, don’t hesitate to contact our support team.