Explicit consent is now required when collecting data from EU residents. Before you can create a profile for contacts who submit personal information, like name, email address and other personal data you have to be clear about what you are doing with that data and allow contacts to opt-in to your process.
To help meet this new standard, we have added a form option that allows contacts to explicitly consent to share their data with you and receive emails from you when they submit a form. Anyone who markets to, or processes the information of EU residents should include this on EVERY Hatchbuck form.
Using this field will automatically tag each contact that agrees to your terms with the tag "Agreed to Tracking" allowing you to quickly filter for those that have consented and also tracking time and data stamp for future reference. You will not need to add this tag yourself. We do this for you on the back-end.
As a best practice you may want to consider using a double opt-in alongside of the GDPR consent box. While a double opt-in is not required by GDPR, it might be a good idea to use this as an additional measure to protect yourself and to obtain consent. If you choose to use the double opt-in, Hatchbuck will send an email to all contacts who submit their first form asking them to verify their email address.
Segmenting by Consent & Taking Action
Segment your list based on the marketing permissions received from your opt-in email and online form. To find contacts that either have consented or have not, you will filter using the Contact filter for 'Form Activity' and either do or don't have the tag "Agreed to Tracking"
- EU Contacts that you have sent the Opt-in email to and HAVE filled out a GDPR-friendly form and HAVE checked the GDPR complaint box, WILL be tagged with "Agreed to Tracking."
- EU contacts that you have sent the Opt-in email to and HAVE NOT filled out the form and HAVE NOT checked the GDPR compliant box, will not be tagged. These contacts should be unsubscribed immediately. Continuing to send to this group can result in a violation of the GDPR with serious consequences.