On 25th May 2018 the EU's new privacy laws will begin, ushering in a new level of protection for citizens of the European Union. At it's core the GDPR aims to provide more protection to individuals from surveillance and to provide some respite from the bombardment of marketing messages that pervades modern digital lives.
As such Do Gooder supports the changes and we have made modifications to our systems – both technical and procedural – across the world to comply by default with the GDPR requirements.
Many of the principles of the GDPR are baked into Do Gooder's progressive core already, while others are additional and we have made changes to meet those where necessary.
What happens to my existing campaigns?
All EU targeted campaigns will revert to GDPR compliant consent settings (no default opt-in) radio buttons. This will also occur if our system identifies an EU/Canadian resident in a non-EU/Canadian targeted campaign as well. Subscription consent settings for campaigns in other regions will remain as is, although checkboxes are replaced with radio buttons by default.
Account level settings relating to whether a subscription is deemed to be organisation-wide or specifically for a single Do Gooder campaign have been set based on your most recent campaigns settings. See below for what this means and we urge you to check to make sure the setting aligns with your approach going forward. Legacy subscriptions are not assumed to be either type and should be managed by your own database systems and processes.
Forget me not (not)
The GDPR gives EU citizens the right to request you delete their data from your database (and backups). They mean actually deleted too, not just marked for deletion. So we do that if asked by a supporter (with appropriate checks to ensure they are the person they purport to be) and the request isn't in breach of the public interest. You'll need to do the same to be compliant of course.
The GDPR requires us to provide any data collected in the course of interacting with Do Gooder to you or a supporter on request. We will export records relating to the individual (or your account if you're requesting it) in an accessible format.
Now for the exciting stuff! The features below represent a major upgrade to Do Gooder providing compliance with the GDPR and a foundation for a platform that continues to drive supporter acquisition and retention while respecting the right to privacy.
GDPR compliant subscriptions
All EU targeted campaigns will automatically default to an opt-in subscription widget with additional information provided regarding how the email address will be used. We've packed in best practice features like using radio buttons with warnings to maximise conversion rates while still ensuring you get informed consent.
We also provide information on how we process, store and share data on your behalf in a second screen within the popup. All of this is stored in an unobtrusive link under the submission button - both prominent enough for those who care to find and out of the way as to not decimate your conversion rates.
Account level settings
We've added just two settings at the account level.
The first one is an important one that you should set ideally just once – certainly while you have live campaigns. Your global setting for subscriptions determines whether you treat that subscription as organisation-wide or specific to each campaign. The setting is recorded in the supporter's data when they subscribe and also informs default text on labels.
The second setting is an account-wide data usage notice which will save you time setting the policy for every campaign. You can still override it within the campaign or even at the action level (see below).
Campaign Privacy Settings
Most privacy settings are made at the campaign level so we've created a new Privacy Tab just for this purpose. Included here are the privacy-friendly subscription settings which must be set regardless of whether you expect or intend to target EU/Canadian countries. (we geo-sniff location to ensure you don't breach GDPR rules). More relaxed options are available for other regions of course but we encourage everyone to consider their subscription policies by defaulting to these options.
Finally a campaign wide data usage notice is an optional setting you can use if you want to vary your account-wide notice (assuming you've set one).
Action level customisation
We understand that sometimes an action will collect sensitive personal data, perhaps photos or videos, that have a special use or need different privacy provisions. That's why we've added the option for you to customise data usage popups at the action level too. Set a custom data notice in the Advanced Tab of an action and you can be sure your supporters are ok with you using their selfie photo or data for specific uses.
What about cookies?