Are you looking for a decent guide that tells you about GDPR compliance?
That’s tough to find. Especially for any brand that’s expanding its marketing channels.
If you’ve followed the news for the past couple of years, you know how even big brands like Facebook and Google have been taking on a lot of heat because of data collection and privacy issues. But how does that translate to other marketing channels?
Most importantly, how does GDPR affect push notifications?
PushEngage is the #1 push notification software in the world. And we’re very serious about protecting the data and privacy of everyone using our push notification service.
In this article, we’re going to talk about the different features that make PushEngage’s push notifications GDPR-compliant by default.
Sounds good? Let’s dive in.
What Is GDPR?
General Data Protection Regulation (GDPR) is a new data privacy regulation passed by the European Union (EU) that will have a significant impact on businesses around the world.
The full regulation is over 200 pages long and it speaks about the different data rights of the average consumer. In the context of your business, GDPR protects the rights of your consumers towards their own data. And if you’re found to be in breach of GDPR compliance, you could potentially get fined for up to 4% of annual revenue or 20 million euros (whichever is greater).
NOTE: There’s no WordPress plugin that makes your entire website GDPR compliant. We strongly recommend that you consult an internet law attorney to determine compliance. Nothing in this article is legal advice in any way, shape, or form. Throughout this article, we talk only about how PushEngage makes only your push notifications GDPR-compliant.
How Does GDPR Affect Push Notifications?
According to GDPR, you must obtain explicit consent before collecting or processing any personal information of an EU resident or citizen.
Now, push notifications are a lot like emails but even more constrained. You can ONLY send out push notifications to your subscribers. Unlike emails, you can’t send a single push notification randomly to someone who’s not subscribed.
Where GDPR meets push notification software is that you’re collecting subscribers. So, in a sense, you are collecting consumer data.
Of course, it’s not the same as an email opt-in. With an email opt-in, you have to capture the email address, but you can capture a LOT of additional data. Take a look at this one by HubSpot:
But with push notifications, you capture the combination of the device and the IP address to generate a key that is unique to the customer’s device. That’s what happens when people opt for your push notifications by clicking ‘Allow’:
Additionally, PushEngage can store the geolocation of your subscribers so that you can create personalized push notification campaigns. This includes the country, state, and city at the time of subscription.
But as you can probably understand, this is entirely based on consent. When someone opts for push notifications, they give you consent to send them marketing notifications. So, push notifications are somewhat compliant with GDPR by definition because they operate on a consent-first paradigm.
Beyond this, you might be able to create opt-in auto-segmentation depending on the software you use. For instance, with PushEngage, you can automatically segment your subscribers by page visits. But you can also segment them by giving them options inside the opt-in:
In these cases, what you’re doing is essentially creating subscriber segments based on their interests.
But again, you are collecting subscriber data. So, how do you become GDPR compliant with your push notifications?
That’s up next. Keep reading.
How Does PushEngage Help with GDPR Compliance?
The best part about using PushEngage is that you don’t have to do anything at all to send GDPR-compliant push notifications. Again, we’re talking strictly about your push notifications being GDPR-compliant and not your entire website. But hey, that’s one less thing to worry about because PushEngage was built to be GDPR-compliant by design.
Let’s take a look at each feature that makes PushEngage GDPR compliant by default.
Automatically Anonymize or Disable Personal Data Tracking
In PushEngage, every subscriber is just a randomly generated token based on a combination of the device and their IP address. The actual device or the IP address isn’t stored on PushEngage’s servers. And most definitely, PushEngage doesn’t store any actual identifying information such as a subscriber’s name or their contact information.
Even the geolocation data is stored against the token instead of any personal identifiers. So, every subscriber is automatically anonymized. No personal data is tracked.
Enable Legal Disclaimers
We’ve already seen how you can customize your push notification opt-in. And that none of it is tracked.
But your website visitors may not know about the fact that data tracking is disabled. So, you can add a legal disclaimer to your push notification opt-in. Head over to Settings » Subscription Settings » Opt-in Management. Then, enable the subscription overlay and add a legal consent notice:
You can use the default notice for your site, but we recommend you have an attorney draft the legal consent notice for you.
Easy Opt-out of Data Tracking
Any of your subscribers can opt out of receiving push notifications from you with one click. All they have to do is unsubscribe from your push notifications:
In fact, you can opt-out of data tracking as our customer at any time. Under GDPR rules, you can choose to deactivate your PushEngage account at any time. You can see all the personal data we have on you in your PushEngage dashboard and you can modify it whenever you want to. If you like, you can delete your PushEngage account and all your personal data permanently.
And we’re very confident that you won’t do it, but if you want, you can also migrate from PushEngage to another push notification service provider any time you please. There’s no vendor lock-in at all.
That’s all for this one, folks!
We hope this article and our features help you understand GDPR compliance a little bit better.
At PushEngage we’ve always been a champion of the consumers’ rights. If you’re running a business, it’s only right that you respect your customers and their privacy. Also, we mean it when we say that PushEngage is the #1 push notification software in the world and we got there by taking consent from our subscribers before sending anyone any notifications!
Hopefully, reading this article has helped you get past any uneasiness you may have had with push notifications and data privacy.
So, if you haven’t already, get started with PushEngage today.