General Data Protection Regulation (GDPR) is legislation that will update and unify data privacy laws throughout the European Union effective May 25, 2018. ONEcount has enhanced our platform to provide clients with the means to ensure GDPR compliancy across all points of data collection.
The three key features of GDPR compliance include:
- Opt-in/Consent Capability – the user willingly submitting their information and as an act of consent.
- Age of Consent Confirmation – the user verifying he/she is at least 16 years of age.
- The users ‘Right to be Forgotten’ – language on the page informing the user that he/she has the option of removing his/her record and all relevant information from the publisher’s database (including third-parties) by request.
Below, please find a walkthrough of the tools provided by ONEcount to help ensure all data collection forms are GDPR compliant.
QUESTION BUILDER – Country Selection
As of May 25th, 2018, GDPR compliance will be strictly enforced by the countries of the United Kingdom. This may expand to additional countries at a later date.
To accommodate this, ONEcount has included a check-selection box next to each listed country to designate said country as one who enforces GDPR compliance. This check-box column will ONLY appear if the question has a Question Tag type set to “Country” and the question is a multi-choice question (as opposed to a text box or text area).
1. In selecting a country as GDPR, you are indicating to ONEcount that the consent questions, which you will add to a form during form-creation, will only be visible on a form should that user select their country as one that has been checked as GDPR.
QUESTION BUILDER – Consent
GDPR requires both an opt-in to the terms & conditions of your site as well as an age-of-access consent from the user. ONEcount is equipped to handle these two consent questions through new additions to our Question Builder. We have created two new question tags that must be applied to these questions in order for the system to work, “GDPR Consent” and “GDPR Age.” Implementation is described below.
Many current implementations include only a “Yes” option, with no “No.” Please note that if you choose that approach and you make the GDPR questions required, a user will not be able to submit the form without Consenting to both tracking and age. This means a user will not be able to update their profile information or subscription information (GDPR requirements for a “Preferences Center”) without consenting to your terms of service.
Below, please find the two examples of these questions.
EXAMPLE 1 – OPT-IN CONSENT
Consent-type questions are built with the same workflow as any other question created in ONEcount.
NOTE: The language of these questions is entirely customizable by the client and should be reviewed with the client’s legal teams prior to use to avoid any issues.
Question Text: I have read and agree to the Terms & Conditions.
Response Type: Radio
Question Alias: GDPR Consent
Report Header: TBD
Question Tag: CDPR Consent
Lookup Question: No
Possible Answers: YES or NO
EXAMPLE 2 – AGE CONSENT
Question Text: I certify I am at least 16 years of age* and am allowed to view this content.
Response Type: Checkbox
Question Alias: GDPR Age
Report Header: TBD
Question Tag: CDPR Age
Lookup Question: No
Possible Answers: YES or NO
*Age of consent in the UK is 16 years old. This can vary should GDPR expand to other countries with age-consent differences.
FORM BUILDER – Creating a GDPR compliant form
ONEcount has allowed for GDPR compliance to remain at the form-level. The workflow remains the same as creating all other ONEcount forms, however clients now have the ability to add their GDPR consent questions to the form should this form need to be compliant.
In the screenshot above, this example form is GDPR-compliant and requires a user to provide (or not provide) his/her consent before submission.
- The workflow for form building remains the same as all other ONEcount forms. However, the COUNTRY question will designate whether or not the consent questions populate on the form automatically should a user select a country from the list that honors GDPR compliancy. The question validations (explained below) also need to be configured properly for the form to populate correctly.
- Consent questions. Each of these consent questions have validations that need to be set. Click on each consent question field for the Question Options block to appear. Repeat this action per each question.
- Question Options allows the client to apply validations to individual questions. Per these consent questions, it’s important to remember to select the GDPR Only validation. In doing so, the question will only appear if the user selects a country in the drop-down menu that has been flagged as GDPR compliant. The two validations on this example are REQUIRED and GDPR Only.
Clients can click through to the next page and review their form before saving.
RIGHT TO BE FORGOTTEN – Configuration
ONEcount has added the Right to be Forgotten to our Configuration Manager. This is accessible in the Utilities Tab à Config Manager à Text Configurations à GDPR Texts. See below.
1. The Right to be Forgotten text. This will be present at the bottom of the form as a way for the user to contact you (the client) to have their data removed from your database. This text is configurable by the client and should be reviewed with your legal team to ensure full compliance.
2. Allowing the Right to be Forgotten text to be present on forms should a user select a GDPR compliant country. True = Yes. False = No
3. Denying the Right to be Forgotten text to be present on any forms, regardless of whether a GDPR-compliant country is selected. True = Yes. False = No
FORM EXAMPLE – GDPR Country Selection
1. The user enters his/her email address.
2. The user selected a GDPR compliant country from the list selection. Therefore, the 2 consent questions are automatically added to this form because of our Question Options validation. If this user did NOT select a GDPR compliant country, the questions would not appear on the form.
3. Opt-in consent question – required via the Question Options.
4. Age of consent question – required via the Question Options.
5. Right to be Forgotten text is added automatically to the bottom of the form as designated in the Config Manager. If the user did NOT select a GDPR compliant country, this text would not appear on the form.
FORM EXAMPLE – GDPR Country NOT Selected