Relating GDPR to real-life cases can help bring it to life and concrete these legal technicalities. The following will explain and look at the GDPR impact of these features:
- Account creation
- Abandoned cart email
- Push notifications
When a new user creates an account with the client they will give their details including full name, email address, phone number and date of birth.
Upon registration this causes several GDPR implications:
- Consent will be required to send communications including email, SMS and phone the individual
- The customer needs to be clearly told how their data will be processed
- The customer needs to be clearly told how they can withdraw their consent to be contacted and how to delete, alter or rectify their information.
- A double opt-in email could be used to be ensured the customer consents to processing.
A user may add something to their cart, only to close the tab or forget to purchase. Through Exponea you can send an email reminding the user to checkout before the item goes out of stock.
GDPR implications of this use case:
- The user might not have an account yet meaning contacting them falls under legitimate interest.
- For legitimate interest to be valid, a test considering the purpose, necessity and a balancing act must have been carried out. You must have proof and a record of this test.
- In the email itself, an opt-out link should be included, otherwise, the email may appear intrusive.
We love to stay up to date and sometimes having a reminder about a new sale is exactly what your customer wants. This can be easily implemented through a push notification in Exponea.
- Before sending a push notification, ensure the browser asks for permission to send the customer push notifications from your website.
- Once the customer has accepted push notifications, let them know where they can adjust their preferences.
- These preferences need to be tracked and recorded.
Like emails, push notifications also require consent. Make sure to collect, record and maintain valid consent from your customers.
More use cases like these will be included in the upcoming GDPR Academy.