Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every sign-up form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).
New Act-On users in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. This means that we need to retrospectively apply a double opt-in process to all existing sign-up forms that we've managed to create in our two years as Act-On users. And we have ten child accounts in which to do this…
But anyway, one way to achieve a double opt-in process is as follows:
- Create Form A – the form that people will actually submit.
- Create a form with hidden fields and a Submit button – this will be Form B. The confirmation email added to Form B, if one is required, is the email that people should be sent after completing the double opt-in (that is, confirmation that they have completed whatever they signed up to in Form A) – this is Email B. Form B should also be set to take people to a landing page that they see after confirming their opt-in. This is Landing Page B.
- Create a blank landing page and embed on it nothing but Form B – this is Landing Page A. (People submitting Form A will never see Landing Page A – it is purely functional.)
- Go back to Form A and add a confirmation email – this email is the double opt-in confirmation email, Email A. Email A needs to feature a button that links to the page URL of Landing Page A. Form A should then be set to display a message advising people that they will receive the opt-in confirmation email.
- Add Form A to whichever landing page or web page it is required.
So the flow for the person will be:
- Complete Form A. Form A tells them to check their inbox.
- They receive Email A. They click on the button in this email, confirming their double opt-in.
- They are taken to confirmation Landing Page B (and, if a confirmation email has been set, they also receive Email B).
Phew indeed. The current process works, and gives GDPR-compliant results. But it is not user-friendly for the average marketing colleague, and unfortunately represents a point where Act-On crosses over into requiring an understanding of coding and process management.
Ideally, a new type of form would be developed – the 'double opt-in form'. This could be a wizard or at the very least something that handles a double opt-in process all in a single form, simply selecting the assets named above (Email A, Landing Page B and if required Email B, without the need for Form B and Landing Page A).
In the Privacy & Compliance Act-On Community discussion, David Fowler has been keeping users up to date on developments in making the Act-On software itself GDPR-compliant. However, are there plans to enhance Act-On's tools as above to enable users to easily implement GDPR-compliant processes?
Idox Software Ltd