In today’s world, it's easier than ever to collect and use personal data with marketing products like Drip.
Starting May 25, 2018, the European Union's (EU) General Data Protection Regulation (GDPR) policy goes into effect. Its scope affects any business gathering data (even just name and email address) on EU citizens, which means any Drip customer with at least one EU subscriber is required to be compliant by that date. We'll outline how to become and maintain compliance for new and existing EU subscribers, and we'll also show you how to remove existing EU subscribers from your list and how to block incoming EU subscribers from entering our email list.
In this article:
First, we recommend educating yourself on how the new GDPR policy will affect your business when it comes to providing goods or services to EU customers and handling the personal customer data that goes along with those transactions. We’ve included a couple of resources to help you better understand how this policy is regulated:
Collecting new EU leads
If you’ll be using Drip forms to capture new EU leads, we highly suggest using the double opt-in feature in order to gain explicit permission to handle the personal data of those subscribers.
Seek legal advice
If you're still unsure whether or not you're maintaining GDPR compliance, we recommend seeking legal advice to ensure that you are well within the GDPR regulations, and won't run into issues down the road.
For those who find the cost of compliance is higher than not doing business with EU citizens at all, please continue reading.
Before we get into the details, however, please take note that neither Drip nor any service provider can completely prevent EU citizens from subscribing. Providers like Drip use time zone and IP address data to attempt to locate subscribers, but there are a number of reasons why this data could be either unavailable or inaccurate (e.g. the person is traveling outside the EU, using someone else’s device, etc.). So while the method below reduces the chance of an EU subscriber landing on your list, it does not remove it entirely.
If you think you might already have EU subscribers on your list, you can perform a search to find out. Keep in mind that this method will only work if you have subscriber time zones already stored in Olson format (also known as “tz database”). Drip does this for you automatically unless time zone data isn’t passed through when a subscriber is created through a third-party integration or API call.
To perform the search, go to Subscribers > List.
From there, configure your filter drop-downs as such:
- drop-down 1: Time zone
- drop-down 2: is in
- drop-down 3: Europe
Click the Refresh button.
Take note that the Europe time zone filter selects all time zones in this TZ time zone table in Olson format.
Your list will now only consist of a segment of subscribers with time zones recorded in the EU. Unless you'll be managing your EU subscribers in another way, we recommend removing them from your list.
To remove these subscribers from your list, click the Perform an action link to the right of your subscriber list:
Select the Delete subscriber action from the drop-down and click Next:
Click the Schedule Operation button to complete the operation:
Block EU form subscriptions
If you're using Drip forms, a subscriber's time zone is automatically determined. You can create a Rule that will automatically delete any subscriber with a European time zone.
Before proceeding, we should note that there are a few downsides to this approach:
- Countries outside of the EU that share a time zone (such as Egypt) may be deleted, as well.
- Non-EU citizens who happen to be in Europe when they subscribe may be deleted.
- Subscribers legitimately interested in your content may be turned off when they don’t receive what they expect.
As an alternate approach to just deleting subscribers, you could send them a one-off email informing them of why you plan to delete them as part of the Rule outlined below, or add a text warning in your Drip form that EU subscribers will not be accepted to protect their GDPR privacy rights.
If you want to proceed with simply blocking EU form submissions, however, begin by creating a new Rule under Automation > Rules > New Basic Rule:
For the first step, you'll set up the rule trigger.
Select the Submitted a form trigger:
Then, select Any form from the Which form? drop-down:
We only want this rule to trigger if the subscriber's time zone is associated with the EU, or else this rule would block every submission.
In the rule's trigger, click Change to add filter criteria to the rule:
Using the filter drop-downs, configure its criteria just like you see here:
Click the Update Criteria button.
Your rule should now say this: This trigger applies to subscribers who have a time zone in Europe.
Now, in the rule's action step, set the rule's action to Delete subscriber:
Lastly, activate the rule:
When designing your forms, you can add text to inform possible EU subscribers that they will not be allowed to subscribe, in order to protect their GDPR privacy rights.
To do that, go to the form's Design tab and add whatever text to the bottom of the description that you’d like to use:
This method can possibly deter EU residents from subscribing to your list.
How to handle subscribers created via Bulk Operations or API
If you have time zone data in Olson format associated with the subscribers, add a tag to them that triggers the example rule from earlier.
Otherwise, consider sending them all a one-off email asking them to click a trigger link if they’re EU citizens. Doing that should trigger a rule that tags them for pruning and sends them a follow-up email confirming all their data has been deleted.
Note: If you use our API to push time zone data in for subscribers, it must be in Olson format as documented in our API docs. Otherwise, the filters described in this doc won’t work for those subscribers.