ConvertedU Marketing Library Webinar Blog

Need help? You've come to the right place

What's New Getting Started Drag and Drop Legacy Builder Integrations

Leadpages and GDPR

General Data Protection Regulations (GDPR) is designed to hold organizations (like Leadpages & your business) more accountable for keeping personal data secure and outlines new procedures for how you collect data, store, and use data – as well as the rights individuals have to protect, access, and modify your data.

This new legislation applies to all people/ organizations/ businesses involved in processing personal data (names, email addresses, tracking, etc.) about individuals within the European Economic Area (EEA) within the context of selling goods and services – regardless of where in the world your business (and data) is based. The EEA states include the EU and Norway, Iceland, and Liechtenstein as well as (for now) the UK.

Your business is responsible for its own compliance. While we'd suggest speaking to a lawyer as to what GDPR compliance means for your own business, we acknowledge legal counsel isn't always readily available to our customers. Leadpages has implemented changes to make our product compliant and has answers below to some of your GDPR questions.

First things first, make sure to read our post on all things GDPR.


The fine print

  • We're not lawyers here at Leadpages and therefore we're not able to provide specific do's and don'ts for your company's compliance with GDPR. Instead, we're delivering broad best practices for online marketers. Your own legal counsel may instruct you more specifically in your compliance and implementation.
  • When informing your visitors of your privacy policy as well as what they are consenting to upon opting in to your forms, treat our placeholder text solely as an example and be sure to edit it to fit your business (i.e. types of communication they'll receive, frequency, etc.). Learn more →

Data Protection Agreement (DPA) for Customers

GDPR specifies that any Controller that is subject to GDPR will need to have a signed Data Processing Agreement with any third party that it shares data with where that third party is a Processor as defined under GDPR.

If you’re collecting any personal data (name, email address, etc.) from someone located in the EEA, you’re a controller. The organization/application that stores that data on your behalf (Leadpages, for example) is the processor.

Article 28 (3) of GDPR specifies that this contract should clearly define the nature, purposes, and duration of data processing, the types of personal data, any particular special categories of data and the obligations and rights of both parties.

Customers of Leadpages who are considered to be Controllers under the terms of GDPR should sign a DPA with Leadpages in advance of the May 25, 2018 compliance deadline.

Here's how to complete this process:

  1. View our pre-signed DPA: When you click the link below, you'll need to enter your name and email. When you click 'Begin Signing' you'll be taken to a DocuSign version of our DPA that has been pre-signed by the authorized Leadpages Data Protection Officer.
  2. Add your signature: After you have reviewed the document, add your signature electronically.
  3. Download and Save: Download a fully signed version of the DPA for your records.

Click here to get started!

Active-consent checkbox

Inside the Leadpages builder, marketers can easily start gaining consent from leads and subscribers located in the EEA with active-consent checkboxes (available in both the Legacy and Drag & Drop Builder). The checkbox displays next to a customizable compliance statement (such as “I consent to receive information about services and special offers via email”).

If you're looking to obtain and document that active consent was given, before implementing the Leadpages active-consent checkbox, consider creating a consent checkbox as a custom field within your email service provider (ESP). This custom field would need a compliance statement like the one above cannot be pre-selected.

WARNING: If checkboxes are not available to you or you are not using a third-party ESP, we recommend you make the Leadpages active-consent checkbox required to ensure that every submission you receive has actively consented to receive your marketing. No specific ‘consent data’ (in the form of a custom field) will be passed through to a third-party or .CSV file.

Adding the active-consent checkbox to a Drag & Drop form

  1. Click your call-to-action button and select the chainlink icon.
  2. Click View/Edit underneath your Leadbox name.
  3. Click anywhere on your form.
  4. Switch to the tab "② FIELDS" and click "Add a Field."
  5. Click the active-consent checkbox and select "Visitor must fill out this field."
  6. Press Done and Update your page. 


Adding the active-consent checkbox to a Standard form

  1. Click your call-to-action button.
  2. Select the "Confirmation" field under Form fields (field is automatically set to required in the Legacy Builder).
  3. Press Okay and Save your page.



Frequently asked questions

What if I'm using Leaddigits?

If you're using Leaddigits to collect contact information and deliver content, you must clearly state all types of communications your subscriber will receive upon opt-in and provide specific information wherever the Leaddigit is advertised (on the web, in print, etc.). That is, before the subscriber has texted your Leaddigit.

For advertising Leaddigits, we recommend you review the industry standards based on your location. Below is an example of ad language:

  • Message and data rates may apply. {Message frequency}. {Types of communication}. Text HELP to ##### for help. Text STOP to ##### to cancel. For terms: {URL to SMS terms of service}. For privacy: {URL to privacy policy}

Keep in mind that your own web privacy policy must be GDPR compliant and should include a link to the Leadpages privacy policy.

I can use double opt-in instead of checkboxes, right?

Not quite. Double opt-in is a function offered by most third-party email service providers (ESP) and enables marketers to send an email after a visitor has signed up, inviting the visitor to confirm his/her email address and consent to receive further email communications. Under the terms of the GDPR, double opt-in is generally not an acceptable means of obtaining active consent. Because exceptions to this rule do exist in certain cases, we recommend you first seek legal counsel to help craft the necessary compliance statements necessary to deploy double opt-ins.

Active-consent checkboxes are the recommended alternative.

How do I get cookie consent from my visitors? 

Obtaining consent for tracking cookies is not a requirement of GDPR but rather the ePrivacy Directive. Cookie consent is a current topic for ePrivacy Regulation, likely to replace the Directive next year, requiring all browsers to regulate cookie consent rather than individual websites. However, being that many of you currently use third-party tracking code and analytics, our team is exploring options to build this functionality into our product in the future.

Are Leadpages certified with the Privacy Shield?

Leadpages will not be self-certifying with US Privacy Shield, but instead committing to the EU Standard Contractual Clauses (SCCs) in our Data Processing Agreement, which cover the EU's requirements for international data transfer. Since you're transferring data to Leadpages only for processing purposes, the contract will do.

Can I set up multiple checkboxes?

Some online marketers may be counseled by a legal team to have multiple consent checkboxes for each of the means of communication they'll be contacting their subscribers (i.e. email, phone, direct mail). We only have one active-consent checkbox within Leadpages, however, you may be able to set up multiple custom field checkboxes in your ESP and add those to your Leadpages form.

As always, our support team is standing by for any other questions you have!


(Updated May 16, 2018)

Please let us know if you have additional questions

You can always file a support ticket if you have additional questions by clicking the Support button in your dashboard shown here or clicking here to file a support ticket.



Was this article helpful?
Powered by Zendesk