Pro Modules
GDPRIf you want to help improve compliance with GDPR requirements, we have a built in module in our Accelerator platform which makes this easy. There is some debate over exactly what is and is not required, and enforceability questions--and I'm no legal expert. But here's the system I've developed.
Account Registration
The main thing you want to do is collect permission to communicate with members when they create an account, and document that permission. In the old days, it was just good practice to do that--but now GDPR legally obligates you to prove you have done that. And it is somewhat specific on what info you need to collect.To explain how our GDPR module works, let's take our regular registration process. They've requested an account, you've sent them a confirmation email, and they've clicked the link to come to your confirmation page (welcome.verify). There they have to enter their account information create their account. It looks something like this:
! Verify Email
Want to create an account at {site}? Just enter your email and a password below, to confirm your account.
[form]
[messages]
[t]
[r][c]Email: [c][text email]
[r][c]Password: [c][password password] [submit LOGIN]
[t]
[command verify {=email}]
[command nextpage welcome.verify.thanks if={=verify}]
[form]
Want to create an account at {site}? Just enter your email and a password below, to confirm your account.
[form]
[messages]
[t]
[r][c]Email: [c][text email]
[r][c]Password: [c][password password] [submit LOGIN]
[t]
[command verify {=email}]
[command nextpage welcome.verify.thanks if={=verify}]
[form]
You can easily add a line to this page that says, "by creating an account you consent to receiving emails from us", which is getting consent. But that doesn't document you got consent.
Here's how you add GDPR tracking:
! Verify Email
Want to create an account at {site}? Just enter your email and a password below, to confirm your account.
[form]
[messages]
[t]
[r][c]Email: [c][text email]
[r][c]Password: [c][password password] [submit LOGIN]
[(gdpr "By creating an account you consent to receiving emails from us.")]
[t]
[command verify {=email}]
[command nextpage welcome.verify.thanks if={=verify}]
[form]
Want to create an account at {site}? Just enter your email and a password below, to confirm your account.
[form]
[messages]
[t]
[r][c]Email: [c][text email]
[r][c]Password: [c][password password] [submit LOGIN]
[(gdpr "By creating an account you consent to receiving emails from us.")]
[t]
[command verify {=email}]
[command nextpage welcome.verify.thanks if={=verify}]
[form]
In the output, it creates a small checkbox (unchecked) which they must check off to create the account, along with the text in the GDPR function (which you can change to whatever you want). It also then saves the following information about this form submission:
Timestamp
Member Id
IP Address
Page of Form
Content of Text
These are stored on pages named gdpr.YYYY.MM based on the year and month of the transaction. So if you were ever called to provide documentation, you have the information specified in GDPR.
Note that GDPR requires other things beside consent documentation, but this plugin at least helps with that one aspect in a simple and unobtrusive way.