Explicit Consent and Deleting Your Customers, The GDPR Cornerstones

This post is part of our series: Find Out Fast If Your Business is GDPR Ready. Our goal is to help businesses make sense of privacy and data. AE is your Babel Fish for GDPR Legalese.

What Explicit Consent Means

Clearly, telling your customers what you’re going to do with their data makes good business sense. Trust is essential, especially these days.

Email marketing has taken a clear approach to email sign-ups for many years, thanks to changes like Canada’s anti-spam legislation (CASL) and other countries that have followed suit. This clear understanding between an email customer and a business follows this simple pattern: You sign up for an email newsletter, and the business tells you how often they’ll email you, what kind of content you’ll receive and how to unsubscribe. Excellent!

This concept of clearly spelling out how customer data is to be used is now being spread across every part of your customer data thanks to the GDPR. At AE we think this is good thing. Being more transparent and honest is good for everyone.

How To Implement Explicit Consent

You need to be able to tell a customer what you’ll be doing with the data you ask them for. This is especially important during customer registration.

When you implement your policy or terms and conditions you need a check box that isn’t pre-checked. This box must be checked by the user to indicate that they are agreeing. This is the foundation of explicit consent.

You need to provide a checkbox that the user must check themselves in order to agree to your terms and conditions.

Explicit consent: The user must check the box themselves to agree.

Deleting Your Customers, The Right To Be Forgotten

The second cornerstone of the GDPR changes is that every one of your customers has the right to be forgotten. When a customer sends a request asking to have their account deleted, you must do it. Pretty simple and you most likely do this right now. However, you might just be deleting the main customer account, but other information like billing, or an mailing address, or old emails in your support system would be left. With the GDPR it all has to go.

If your business has multiple systems that contain customer data it all needs to go. There are a few instances where some customer data will remain, for example electronic invoices that contain customer data can be kept on file for taxes and accounting, but in most cases you’ll need to remove everything and then notify the customer when it’s been completed.

If a customer wants their account deleted, you have to delete all the data you have on that person.

GDPR Cornerstones

Good luck setting up explicit consent and reviewing how you delete your customers. These two cornerstones for being GDPR ready can seem difficult to implement and understand but hopefully this helps you get started.