Dotdigital blog

GDPR: 7 changes we’ve made to dotdigital to empower you

The new General Data Protection Act (GDPR) is upon us! Read about changes to the Dotdigital platform and services designed to help you boss it.
A very stressed redheaded woman is screaming on a grey background

Of course, we’re talking about the GDPR.

Do you feel like countless articles, webinars, and networking events later you still don’t have a good grip on the subject? Have you done the math and fretted over what that 4% fine for non-compliance could mean to your business and your budget?

In a recent Direct Marketing Association survey, 59% of its respondents agreed that over half of the marketing email communications they received were irrelevant. That’s not the best news.

At Dotdigital, we want you to continue to love your job, chat to your customers, and feel safe that you’re engaging with them in the right way. We believe, if used correctly, the GDPR will drive positive change and encourage a better marketer-customer dialogue.

So, we’ve made some changes to the Dotdigital platform to give you new functionality.

And if you need a bit of extra help, we’re offering professional services that could help make the road to compliance that little bit easier.

Here’s an overview of what’s new for you:

1.    Content Insight

One way we empower our clients to better the dialogue with their contact base is with Consent Insight. Consent Insight goes beyond GDPR requirements and allows you to develop a multi-faceted view of a contact’s consent as well as segment and target by them, for relevant marketing communications that will make customers open, read and click.

With Consent Insight, every dotdigital customer can store, at no extra cost, the consent text that every individual contact agreed to. To allow for a greater demonstration of consent, we’ll store the consent text, the date and time the contact consented, the URL that they consented on, their IP address and full user agent.

We’ll be using Insight data to store consent information. This means that the consent data will show when you view a contact. You can also segment by consent data and include it in campaigns with advanced personalization.

Find out more here.

2.    Double opt-in program templates

Whilst not mandatory, we do recommend double opt-in. This shows that you verify the identity of the receiver of your emails and is further proof that they want to receive communications from you. Plus, sending to a double opted-in list increases unique opens by 72.2%. Double opt-in is switched on by default for all new dotdigital clients.

To help our users with re-permissioning, we’ve created designated program templates. Combined, they create a skeleton process for obtaining and storing consent.

Man hiding under laptop

3.    New functionality for contact records

Like something from Eternal Sunshine of the Spotless Mind, all contacts have the right to be forgotten.

Besides the right to be forgotten, all your contacts will also have the right to submit a Subject Access Request (SAR). This will require you to share what information you have stored against their name.

The GDPR also states that you should respond to such requests without undue delay. We hope you don’t get too many deletion requests, but if you do, at least the platform changes keep it simple, saving you time:

“I’ve received a contact deletion request”

To delete a contact, simply go to your contacts and click into the individual contact you wish to delete. Select the ‘contact actions’ dropdown in the top-right corner and you’ll see the option to delete the contact there.

“What if I’ve accidentally deleted the wrong contact?”

Any contacts you delete will be moved to the recycle bin for 30 days. So, if you made a mistake, you have 30 days to recover the data. After 30 days, their details will be permanently deleted.

4.      Easy exporting

“I’ve received a Subject Access Request, what do I do?”

A contact may ask to know what data you hold against their name. To better facilitate SARs, we’ve made it easier to export individual contact data. Go into their Contact Summary and on the right top hand side of the screen you’ll see the ‘Contact actions’ dropdown. Select ‘Export contact’ and a download will start, containing only necessary data and excluding any behavioral insights you may hold.

5.    SSL/TLS for all custom-domains

Article 32 of the GDPR states that data processors (like dotdigital) should implement appropriate technical and organizational measures to mitigate risk by, amongst other things, encrypting personal data. If you use Dotdigital-branded domains, data in transit to and from these domains are as secure as before.

We’ve introduced SSL/TLS for all custom-domains, so you can enjoy the brand recognition of your own domain whilst having confidence that all data is being encrypted whilst being sent to and received from the Dotdigital platform.

This way all your email links, unsubscribe pages, landing pages, surveys, preference centers (and so on) are covered under this update too.

6.    Data availability and recovery

Ok, so this isn’t exactly a new feature. But you might not know it’s there – so it’s worth detailing.

Article 32 also discusses maintaining the availability of data, and the ability to recover from a technical incident.

In addition to having redundancy built-in to every level of the Dotdigital platform, we regularly back up data to a secondary facility, meaning that in the unlikely event of a major incident affecting the primary facility, we would be able to recover services to the secondary facility – restoring availability.

These secondary facilities are located so that they will not be affected by an incident impacting the primary, whilst still being in the same region for reasons of data sovereignty (so European client data will not leave the EEA)

Establishing initial consent is easy. But making sure that consent remains valid is harder to achieve without constant monitoring.

Our consent maintenance programs take the legwork out of consent monitoring, providing peace of mind and freeing up your time.

And we’ve got two of them.

This supercharged starter package offers an automation-based solution to ensure you’re only marketing to fully permissioned contacts. Our program monitors engagement and gives you options for dealing with contacts whose consent is degrading over time.

This package provides everything in the consent maintenance program, PLUS the creation of up to 3 reconsenting campaigns. GDPR – but make it fashion!

To find out more, and get a quote for your specific requirements, speak to your account manager or give us a call.

We’ve created a handy guidebook, so you can share these changes with your whole team. Download it; print it out; stick it on your wall; get it tattooed on the inside of your eyeballs, we don’t care – as long as you have everything you need.

A man rests his head on his laptop against a grey background

Disclaimer (the boring, but very important bit)

For the data provided by our customers within the Dotdigital platform, is a data processor (as defined by the GDPR) and the client is the data controller. This means that as a company we are responsible for handling client data (i.e. your account and user data) in line with the GDPR. Clients however, are ultimately responsible for ensuring they are GDPR compliant with respect to their clients or customer data (i.e. contact data you will be uploading in your address books in the Dotdigital platform). Whilst we are committed to building a platform that encourages good-practice in line with GDPR, we cannot provide legal advice and cannot be held responsible for client compliancy. This document is intended as a guide and should not be considered legal advice.

Back to top

Recommended reading