GDPR enhancement – double opt-in form

Sion Stedman

Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every sign-up form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing sign-up forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

But anyway, one way to achieve a double opt-in process is as follows:

  1. Create Form A – the form that people will actually submit.
  2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
  3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional.)
  4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
  5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
  6. Add Form A to whichever landing page or web page it is required.

So the flow for the person will be:

  1. Complete Form A. Form A tells them to check their inbox.
  2. They receive Email A. They click on the button in this email, confirming their double opt-in.
  3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
Phew!

Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

------------------------------
Sion Stedman
Idox Software Ltd
------------------------------
0

Comments

10 comments

  • Comment author
    Sion Stedman
    Hi Sean

    Thanks for taking the time to reply to this. Nevertheless, I must respectfully disagree when you describe setting up this process as 'simple'. Nothing would be simpler than having a single form that handles the entire double opt-in process.

    Currently, whether we do things with my method or your method, two forms are required. Also, in a great many cases, it's no advantage to be able to point multiple Form As to the same Form B, as people need to be sent to different landing pages/sent different confirmation emails depending on what it was they were signing up to in Form A. I was also advised to use my method by Act-On Support, as I understand this is what works best with Labs Forms, and ultimately Labs Forms are the future with Act-On.

    I still believe it would be worth Act-On developing a 'double opt-in form'. I'm a little surprised Act-On is not coming forward with this of their own accord, when it was known what GDPR would require of organisations handing EU data. To have such a feature would help make the product attractive and user-friendly for all Act-On customers, but particularly new customers. It would be a USP to talk about in your marketing when it comes to 'Act-On's fuss-free double opt-in process, helping you be GDPR compliant with ease'. (That said, I'm not sure any marketer in the world can make GDPR exciting!)

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software
    ------------------------------

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Permanently deleted user
    Hi Sion, 
    Thanks for your note, indeed GDPR and excitement probably don'y go hand in hand. I have escalated your comments to our product team for review. I will be in touch shortly, cheers. 
    David

    ------------------------------
    David Fowler
    Head of Compliance & Deliverability, Act-On Software
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-16-2018 17:20
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Hi Sean

    Thanks for taking the time to reply to this. Nevertheless, I must respectfully disagree when you describe setting up this process as 'simple'. Nothing would be simpler than having a single form that handles the entire double opt-in process.

    Currently, whether we do things with my method or your method, two forms are required. Also, in a great many cases, it's no advantage to be able to point multiple Form As to the same Form B, as people need to be sent to different landing pages/sent different confirmation emails depending on what it was they were signing up to in Form A. I was also advised to use my method by Act-On Support, as I understand this is what works best with Labs Forms, and ultimately Labs Forms are the future with Act-On.

    I still believe it would be worth Act-On developing a 'double opt-in form'. I'm actually a little surprised Act-On is not coming forward with this of their own accord, when it was known what GDPR would require of organisations handing EU data. To have such a feature would help make the product attractive and user-friendly for all Act-On customers, but particularly new customers. It would be a USP to talk about in your marketing when it comes to 'Act-On's fuss-free double opt-in process, helping you be GDPR compliant with ease'. (That said, I'm not sure any marketer in the world can make GDPR exciting!)

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sarah Daily
    @Sean Chu, would you just duplicate form A for your form B since they aren't filling it out?​ Also, are both forms connected to the same list? Just trying to work out the details so I set this up correctly.

    ------------------------------
    Sarah Daily
    Digital Marketing Manager, The Enrollment Management Association
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software
    ------------------------------

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sarah Daily
    @Sean Chu, is there any documentation to support the many different ways to accomplish this? I'm not familiar with query strings so a step-by-step would be really helpful.

    ------------------------------
    Sarah Daily
    Digital Marketing Manager, The Enrollment Management Association
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 02-14-2018 10:33
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sarah,

    Yes you can copy Form A for the second form. Alternatively, you can also post to the same form and just put a hidden field on the form that is only populated by query string (on the email CTA link).

    This process can be accomplished many different ways so I'm sure others can chime in as to how they are fulfilling the double opt-in for some other ideas.

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software
    ------------------------------

    Original Message:
    Sent: 02-13-2018 12:57
    From: Sarah Daily
    Subject: GDPR enhancement – double opt-in form

    @Sean Chu, would you just duplicate form A for your form B since they aren't filling it out?​ Also, are both forms connected to the same list? Just trying to work out the details so I set this up correctly.

    ------------------------------
    Sarah Daily
    Digital Marketing Manager, The Enrollment Management Association

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sven Foligowski
    Dear Sion, I totally agree with you. I really don't get it why the guys from Act-On make things so complicated for us, their customers. Even though they had the webinar about new features for Q1 - NO WORD about GDPR or any kind of product updates for it.

    And as I tried to escalate it bottom-up, it quickly ended with David Fowler sending me an email with the link to their GDPR landing page, with no content about concrete actions planned on it. Seriously, I've never thought that this could be as frustrating as it is right now. Large companies can not wait any longer until Act-On decides to get their things done.

    ------------------------------
    Sven Foligowski
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-16-2018 17:20
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Hi Sean

    Thanks for taking the time to reply to this. Nevertheless, I must respectfully disagree when you describe setting up this process as 'simple'. Nothing would be simpler than having a single form that handles the entire double opt-in process.

    Currently, whether we do things with my method or your method, two forms are required. Also, in a great many cases, it's no advantage to be able to point multiple Form As to the same Form B, as people need to be sent to different landing pages/sent different confirmation emails depending on what it was they were signing up to in Form A. I was also advised to use my method by Act-On Support, as I understand this is what works best with Labs Forms, and ultimately Labs Forms are the future with Act-On.

    I still believe it would be worth Act-On developing a 'double opt-in form'. I'm actually a little surprised Act-On is not coming forward with this of their own accord, when it was known what GDPR would require of organisations handing EU data. To have such a feature would help make the product attractive and user-friendly for all Act-On customers, but particularly new customers. It would be a USP to talk about in your marketing when it comes to 'Act-On's fuss-free double opt-in process, helping you be GDPR compliant with ease'. (That said, I'm not sure any marketer in the world can make GDPR exciting!)

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sion Stedman
    Ultimately we are responsible for the data we collect using Act-On. But Act-On nevertheless owes it to its customers to create tools that enable them to easily implement GDPR-compliant processes. In this respect, I have found Act-On to be rather USA-centric – that is, without much consideration for the challenges customers handling EU-based data are facing. The issues I have outlined above are issues Act-On should have brought forward solutions to of their own accord, not relied on customers to raise. GDPR takes effect in less than 90 days. I doubt there is time now for customers to implement anything Act-On might come up with.

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 02-16-2018 03:02
    From: Sven Foligowski
    Subject: GDPR enhancement – double opt-in form

    Dear Sion, I totally agree with you. I really don't get it why the guys from Act-On make things so complicated for us, their customers. Even though they had the webinar about new features for Q1 - NO WORD about GDPR or any kind of product updates for it.

    And as I tried to escalate it bottom-up, it quickly ended with David Fowler sending me an email with the link to their GDPR landing page, with no content about concrete actions planned on it. Seriously, I've never thought that this could be as frustrating as it is right now. Large companies can not wait any longer until Act-On decides to get their things done.

    ------------------------------
    Sven Foligowski
    ------------------------------

    Original Message:
    Sent: 01-16-2018 17:20
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Hi Sean

    Thanks for taking the time to reply to this. Nevertheless, I must respectfully disagree when you describe setting up this process as 'simple'. Nothing would be simpler than having a single form that handles the entire double opt-in process.

    Currently, whether we do things with my method or your method, two forms are required. Also, in a great many cases, it's no advantage to be able to point multiple Form As to the same Form B, as people need to be sent to different landing pages/sent different confirmation emails depending on what it was they were signing up to in Form A. I was also advised to use my method by Act-On Support, as I understand this is what works best with Labs Forms, and ultimately Labs Forms are the future with Act-On.

    I still believe it would be worth Act-On developing a 'double opt-in form'. I'm actually a little surprised Act-On is not coming forward with this of their own accord, when it was known what GDPR would require of organisations handing EU data. To have such a feature would help make the product attractive and user-friendly for all Act-On customers, but particularly new customers. It would be a USP to talk about in your marketing when it comes to 'Act-On's fuss-free double opt-in process, helping you be GDPR compliant with ease'. (That said, I'm not sure any marketer in the world can make GDPR exciting!)

    ------------------------------
    Sion Stedman
    Idox Software Ltd

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Vicky Hawkes
    HI - just to clear this up, as I understand it double opt-in is not a requirement of GDPR. It's best practice, but there is no specific requirement to have it.

    Simply put, consent needs to be an affirmative opt-in, given with the owner's full knowledge and clarity on how it will be used ie it can't be implied, and the reasons for collecting/storing it cannot be vague.

    ------------------------------
    Vicky Hawkes

    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software
    ------------------------------

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sven Foligowski
    Dear Vicky, in some countries within EU e.g. Germany a double opt-in is already a legal obligation. So I think it's just a matter of time until it will be integrated into GDPR. I also think it's a more transparent and honest approach towards your users/ prospective customers, which in the long term encourages their trust in your brand.

    ------------------------------
    Sven Foligowski
    Online Marketing Manager, Asseco Solutions AG
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 02-26-2018 05:48
    From: Vicky Hawkes
    Subject: GDPR enhancement – double opt-in form

    HI - just to clear this up, as I understand it double opt-in is not a requirement of GDPR. It's best practice, but there is no specific requirement to have it.

    Simply put, consent needs to be an affirmative opt-in, given with the owner's full knowledge and clarity on how it will be used ie it can't be implied, and the reasons for collecting/storing it cannot be vague.

    ------------------------------
    Vicky Hawkes

    ------------------------------

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Vicky Hawkes
    HI Sven - I expect a lot of brands would disagree! Anyway, I just brought it up because I think it's important that those of us in other EU countries are 100% clear on what we have to do - and what we don't.

    ------------------------------
    Vicky Hawkes

    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 02-26-2018 05:55
    From: Sven Foligowski
    Subject: GDPR enhancement – double opt-in form

    Dear Vicky, in some countries within EU e.g. Germany a double opt-in is already a legal obligation. So I think it's just a matter of time until it will be integrated into GDPR. I also think it's a more transparent and honest approach towards your users/ prospective customers, which in the long term encourages their trust in your brand.

    ------------------------------
    Sven Foligowski
    Online Marketing Manager, Asseco Solutions AG
    ------------------------------

    Original Message:
    Sent: 02-26-2018 05:48
    From: Vicky Hawkes
    Subject: GDPR enhancement – double opt-in form

    HI - just to clear this up, as I understand it double opt-in is not a requirement of GDPR. It's best practice, but there is no specific requirement to have it.

    Simply put, consent needs to be an affirmative opt-in, given with the owner's full knowledge and clarity on how it will be used ie it can't be implied, and the reasons for collecting/storing it cannot be vague.

    ------------------------------
    Vicky Hawkes


    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0
  • Comment author
    Sion Stedman
    Hi @Vicky Hawkes

    Whilst double opt-in is not a legal requirement in itself in all EU countries, whenever people are signing up to receive future marketing communications, it is by far the best process to collect evidence that:

    1. a person has given you consent to contact them, and
    2. the email address submitted actually belongs to them

    – both of which are requirements of GDPR. So one might say double opt-in is effectively mandatory in these circumstances.

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 02-26-2018 05:48
    From: Vicky Hawkes
    Subject: GDPR enhancement – double opt-in form

    HI - just to clear this up, as I understand it double opt-in is not a requirement of GDPR. It's best practice, but there is no specific requirement to have it.

    Simply put, consent needs to be an affirmative opt-in, given with the owner's full knowledge and clarity on how it will be used ie it can't be implied, and the reasons for collecting/storing it cannot be vague.

    ------------------------------
    Vicky Hawkes

    ------------------------------

    Original Message:
    Sent: 01-12-2018 16:34
    From: Sean Chu
    Subject: GDPR enhancement – double opt-in form

    Hi Sion,

    I would be happy to address your concerns regarding complexity of setting up double opt-ins. Believe it or not, double opt-ins have been around for quite some time and you may not even notice it due to the simplicity of the setup and execution (think of any user registrations).

    Here are the steps on how to setup the most popular method of double opt-ins only requiring 2 forms and 1 message:

    1. Create your opt-in form (Form A).
    2. Create your 2nd opt-in form (Form B - this does not need a landing page!)
    3. Create a Form Post URL (Content > Form Post URLs) for Form B.
    4. Create a confirmation message in Form A with a hyperlink using Form Post URL and a query string using your Form B data field name and a personalization field with Form A's email address.
    From a end-user's perspective, they will see the following:

    1. Visits Form A.
    2. Submits Form A.
    3. Receive confirmation email.
    4. Clicks confirmation link which automatically posts a submit to Form B.
    5. The prospect is automatically direct to your Form B confirmation page and has been double opted-in!
    There are many advantages to this setup as you can really use the Form Post URL for Form B as many times as you want for as many other forms as you want. Please let me know if you have any questions regarding using this method.

    Best Regards,

    ------------------------------
    Sean Chu
    Sr Solutions Engineer, Act-On Software

    Original Message:
    Sent: 01-06-2018 08:00
    From: Sion Stedman
    Subject: GDPR enhancement – double opt-in form

    Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…

    But anyway, one way to achieve a double opt-in process is as follows:

    1. Create Form A – the form that people will actually submit.
    2. Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
    3. Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional).
    4. In the Landing Page A JavaScript, enter the magic piece of JavaScript (it is the same piece of code for any double opt-in process – see Act-On University for details).
    5. Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
    6. Add Form A to whichever landing page or web page it is required.

    So the flow for the person will be:

    1. Complete Form A. Form A tells them to check their inbox.
    2. In their inbox they receive Email A. They click on the button in this email, confirming their double opt-in.
    3. They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
    Phew!

    Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.

    Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).

    In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    0

Please sign in to leave a comment.