Do I need to add an Opt In checkbox to my website?
With the introduction of GDPR coming sooner than we might like, I wanted to focus in on one aspect of how websites need to change in order to be compliant - the opt in checkbox.
You will only need an Opt in checkbox if you collect personal data
If your site has a contact form, or you take payments – you may need to make some changes.
What do you do with the data you collect?
If you store personal data on your site (for example the email address of someone who has used a contact form) but decide never to contact them again for marketing purposes, you won’t need to ask them to opt in. However, you will need to prove that keeping their data is either a ‘legitimate business interest’ (the definition of this is still being worked out!) or you’ll need to delete the data after 90 days (the number of days as also yet to be decided upon at time of writing).
If you plan to use the data you collect for marketing purposes, you will need people to opt in. You may then need to make a few changes to your site.
Types of opt in checkboxes
- Your personal data opt in needs to be separate from your terms and conditions.
- The checkbox needs to be blank, with a clear opt in. Hopefully, gone are the days with riddles steeped in double negatives.
- If you contact people via post, email and telephone – you will need to get their permission for all three.
- If you pass on data to third parties – they will need to be named, and a separate opt in check box.
This is a mockup of the Waitrose site – with the text changed slightly to comply with GDPR.
And then, what about opt out?
It must be as easy to withdraw consent, as it was to give it in the first place. If you were able to click a big button to opt in, then if you need to send an email to opt out – this system will need to change.
For more information we recommend looking at the ICO website and the EU portal.