Jonas from MailerLite

Jonas6 min readNew features and updatesMay 3, 2018

MailerLite GDPR features for email marketing (Part 1 of 3)

MailerLite GDPR features for email marketing (Part 1 of 3)

The GDPR (General Data Protection Regulation) is the set of guidelines that you must adhere to if you handle personal data of European Union users.

Not familiar with GDPR? Learn how it affects email marketing here: GDPR and How Compliance Can Improve Your Email Marketing

We developed features for MailerLite that will help make GDPR compliance easier for you and your subscribers. In this post, we will cover some features that will help you comply with the following GDPR requirements:

  • Right to be forgotten
  • Proof of subscriber consent
  • Identifying EU users

Right to be forgotten

The right to be forgotten is a GDPR mandate that allows subscribers to ask you to delete all of the data associated with them.

If someone makes a request to be forgotten, you can’t simply unsubscribe them or delete them from your list. Even when you remove a subscriber from your list, the system keeps a history of the user. You must delete all their data permanently.

This means that you need an easy way to delete EVERYTHING about the subscriber.

How MailerLite helps with the right to be forgotten

When you use the Delete function in the subscriber section of MailerLite, the information is not entirely removed. The reason for this is simple. If that person later resubscribes, his or her history is still there so you don’t have to rebuild their profile.

MailerLite created a new feature called Forget that completely wipes a person’s data from our system. This function was built specifically for GDPR compliance of the right to be forgotten. Here’s how it works:

In your subscriber page, there is a new button called Actions.

Subscriber forget feature

When you choose the option, Forget, the subscriber’s data will be completely removed. Everything will be permanently deleted including reports, clicks, profile data, etc.

This will allow you to comply with GDPR. That said, it is a major step to completely remove a subscriber, which is why we implemented an additional confirmation.

Everyone makes mistakes. The last thing you want to do is delete a happy subscriber’s information by accident. As a safety measure, you will need to type in the word “FORGET” to confirm the deletion.

When you click the Forget button after typing in “FORGET”, the user’s data is completely wiped from the system within 30 days.

Most email service providers make permanently deleting users a manual process. But who has time to fill out forms every time a subscriber makes a request?

We decided to build an automated Forget feature to make it easy for you to comply with this GDPR rule. The feature is now live. But our hope is that you will never have to use it!

Proof of subscriber consent

Obtaining active and explicit consent from subscribers is a huge deal for the GDPR. If you start sending emails to people who don’t want them, they can cause you a lot of problems within the GDPR framework when they complain.

While you might have heard that you need to revalidate all of your subscribers to comply with GDPR, that might not be the case.

If you’ve been growing your subscribers using opt-in forms that clearly explained how you would use their information, you most likely do not need to reconfirm their consent.

But you will need to have a record of their consent. The burden of proof is on you to provide the documentation proving that a subscriber agreed to share their data.

Here is a checklist of the proof points that you should have:

  1. A timestamp of subscriber consent (time, date, location)
  2. The source of the opt-in (website, social media, etc.)
  3. A screenshot of the opt-in form used to obtain consent

If you are not sure that you have this information, MailerLite might be able to help you find it.

How MailerLite helps strengthen proof of consent

When you use MailerLite signup forms to acquire subscribers, we capture IP address, location, date, time, and the source of the consent form. This information will solidify your documentation of where, when and at what time your subscribers consented.

MailerLite now displays this information in your subscriber profiles. It is important to note that you can only get this valuable proof from users who subscribe through MailerLite forms.

The good news is that this data is available for both your new and old subscribers.

Moving forward, we will capture the date of the double opt-in (when subscribers confirm their subscription) for another proof point. But this function only works for new subscribers.

The final proof point is a copy of the opt-in form used to get consent. We recommend taking screenshots of your forms. This way you will have a separate record saved in your files if you ever need it.

If you don’t have the necessary information to prove consent, we created a GDPR revalidation template that will help you renew consent.

Identifying EU users

While most of you have subscribers all over the world, the GDPR only applies to citizens of the European Union. How can you segment EU citizens so you don’t have to worry about GDPR compliance for your entire list?

If subscribers signup with a MailerLite form, our location tracking capabilities can determine if the person is signing up from an EU country. We can then segment them into a special GDPR group.

It’s important to note that there is a chance an EU citizen is living abroad in a non-EU country. In these cases, it is impossible to identify them as EU citizens. But GDPR states that you only need to make a reasonable effort determine a person’s status.

How MailerLite helps identify EU users

From 14 May 2018, we launched a new rule in the subscriber filter called Location where you can sort your subscribers by location.

We also included a special list of all 28 EU countries to help you easily sort GDPR subscribers. By using this filter, you will know how many subscribers you have in the EU.

Again, this feature only works with subscribers that come through a MailerLite form. The location-based ID will not work for subscribers imported from a file or other sources.

Once you identify EU users, you can target them with GDPR-specific emails and requests.

What’s up next for MailerLite and GDPR?

These features are just a few of the GDPR improvements that we have planned for this month.

Next week we will share additional functionality around web forms that will make your life a little bit easier during this confusing time of GDPR compliance.

And the week after that, we will present the Data Processing Agreement that users will be able to sign and download.

We want you to have all the GDPR tools necessary to make it an easy transition.

Jonas Fischer

I'm Jonas, Content Manager at MailerLite. I’m not the 4th Jonas Brother, but I do write content (which is similar to being a teen heartthrob). After writing for a bunch of companies over the years, I discovered my professional passion—helping add some humanity to B2B marketing. Email is the perfect place to start!