How Dotdigital helps with PDPA compliance

We want to make sure that our clients have the tools that they need to be compliant with the PDPA.

Gareth Burroughes avatar
Written by Gareth Burroughes
Updated over a week ago

What are the features within the platform?

In recent years, Dotdigital has:

  • Made changes to how contacts are exported and deleted within the platform, making it easier for clients to comply with requests to access data by individuals and requests from individuals to be deleted.

  • Added a feature for clients’ storing the consent text each contact agreed to when subscribing (for example, from your signup form), alongside the IP address of the computer they used and the date they did it. This means you’re able to see exactly what a contact is happy to receive and cross-reference it with the permissions you hold on them. You can read more in our support article 'Recording consent for your contacts'.

What features will assist with the Access Obligation?

In December 2017, Dotdigital made changes to how contacts are exported and deleted within the platform, making it easier for clients to comply with requests to access data by individuals and requests from individuals to be deleted. You can view and export the data you hold on both subscribed and suppressed contacts from November 2018.

How are we catering for multi-consent and preference centres?

At a product level, we are reviewing how our current preference centres serve our customers – and changes may come as a result. Multi-consent preference centres are currently supported by the platform, either self-serve by utilising data fields or address books, or through custom work using address books, data fields or Insight data. We are continually developing in this area and welcome any ideas you may have, so keep an eye on the roadmap for changes in this area.

Legal basis and using Dotdigital to help

Can we document the legal basis we are processing the data uploaded to the Dotdigital platform?

If you are using consent in accordance with the Consent Obligation, Dotdigital includes enhanced functionality around consent storage to allow a client to store additional information.

In April 2018, we added a feature for clients’ storing the consent text each contact agreed to when subscribing (for example, from your signup form), alongside the IP address of the computer they used and the date they did it. This means you’re able to see exactly what a contact is happy to receive, and cross-reference it with the permissions you hold on them. You can read more in our support article 'Recording consent for your contacts'.

Will we need to keep a log of the opt-in text at the time of consent?

We recommend capturing and storing what disclosures were provided to the individual when consent was initially given to demonstrate that consent was informed and freely given. This is possible through platform enhancements for consent capture and management.

Do we have to know every subscribe and unsubscribe date if they have opted in and out?

As an organisation, you should know where, when and how you obtained the personal data of an individual. The dates associated with subscribe and unsubscribe is available within our platform if using the ConsentInsight feature.

Can we determine which campaign led to an individual unsubscribing?

No, we have no plans to change this functionality as, on balance, more customers are concerned with when the person unsubscribed than the specific message itself.

What should we do with an individual’s data other than their status and email address when someone unsubscribes?

When a contact unsubscribes, their data is no longer viewable in the app. The data however is still stored by us and will be viewable again if the contact resubscribes. Right now, we’re working on the assumption this process won’t change. The process for deleting (rather than unsubscribing) a contact, however, allows clients to physically remove all of the contact’s data.

Should we also remove their behavioural data if they unsubscribe?

The action of an individual unsubscribing or removing a contact from a mailing list will not remove their contact data from the platform. However, this data can be removed and deleted by clients within the platform using the delete functionality.

Are we going to be able to add the date of opt-in in Dotdigital?

In April 2018, we added a feature for clients’ storing the consent text each contact agreed to when subscribing (for example, from your signup form), alongside the IP address of the computer they used and the date they did it. This means you’re able to see exactly what a contact is happy to receive, and cross-reference it with the permissions you hold on them.

Is the 'Last subscribed' date actually when the recipient opted in or when they were last added into the account?

The ‘last subscribed’ date is just that: the last date they subscribed. If a contact resubscribes, this date gets updated. If an already subscribed contact is uploaded again, it won’t update. This date can also be manually added by a user.

Did this answer your question?