The General Data Protection Regulation is a sweeping piece of legislation being enacted throughout Europe in the spring of 2018. By the May 25, 2018 effective date all companies who have customers in the European Union must be compliant to these new sets of rules that govern how personal data is acquired, retained, and distributed between online service providers.
This affects all companies, whether they be European based businesses or not. If you have customers living in Europe your business must be GDPR compliant or face the €20 Million or 4% or top line revenue fines that face any non-compliant parties.
SalesCamp is absolutely committed to creating GDPR compliant referral programs for you and your business.
Note: Before we get started please note that this is article is not intended as and does not contain legal advice. We are not lawyers and you should consult professional legal advice as to your specific situation.
How GDPR can affect Customer Referral Programs
As with many pieces of legislation there are more items to cover than we can do justice in this article, but here we will limit our focus of GDPR to two areas: User Consent and Right To Be Forgotten.
For full details on GDPR please visit their website at https://www.eugdpr.org/
Specifically these two items (User Consent and Right To Be Forgotten) are areas where SalesCamp’s referral programs interact with personally identifiable information, which is why we want to discuss how we currently handle this information and what you can do to ensure that your interaction with SalesCamp is GDPR compliant.
Perhaps the easiest to explain part of GDPR is the transparency and rights of users with respect to how website visitors and your customers give their consent for you to collect personally identifiable data about them.
The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
This means a few things:
- The traditional ‘implied consent’ or ‘opt-out consent’ is no longer acceptable for marketing purposes. Businesses must offer its visitors the opportunity to specifically opt in to different data collection methods that you may have in place
- You must offer a way for customers to request that their consent to collect data be removed just as easily as it was given.
Specifically for SalesCamp and our referral marketing campaigns this has several implications and we have taken a few steps to become compliant with the updated Extended User Consent guidelines.
The Referrer (a person who recommends your business to their friends) gives consent as part of the signup process of being a Referrer for their data to be stored in our database as part of being a Referrer in SalesCamp.
Importantly, by default, a Referrer signing up DOES NOT give you implied consent to send marketing messages to them. This is purely a transactional relationship in which the Referrer is signing up to send messages to promote your brand, but not to be marketed to. All communication to them must be transactional in nature and relating to their referral efforts.
Should they need to remove this information you would just need to send an API call to SalesCamp requesting that this Referrer be removed from our records.
While in a Refer A Friend type of program the Referrer is a straightforward scenario the Referral relationship is one that there are many questions around. And for good reason. For many Referral Programs that are not designed with data and personal privacy in mind, there can be some underhanded and not-so-just ways that companies collect information about those referred to them.
At SalesCamp this is absolutely not the case and we take the privacy of everyone in our system very seriously.
By design, SalesCamp uses email, Facebook, and Twitter publishing methods that never expose the email address or contact information of someone that a Referrer is referring (i.e. the Referral) to us or our systems. We do this via launching publication modals natively inside Facebook and Twitter, and use the mailto: hyperlink structure to open up the Email buttons natively in your computer’s email client.
SalesCamp will never ask you to validate your social media profiles and does not send emails on your behalf as a Referrer. This is all done through a Referrer’s own, native email and social media clients.
Only when a Referrer shares an email, link, or social media post with someone and that person then completes the Goal of the referral program do we collect that new Referral’s information.
Here’s an example:
You run mugglers.com and set up a referral program where the Goal of the program is to book a 20-minute demo call with potential customers. Ron signs up as a Referrer to mugglers.com and sends an email to his friends Harry and Hermione. Harry thinks it looks cool and signs up for a demo. Hermione is too busy and deletes Ron’s email.
None of Hermione’s information is stored in SalesCamp because she did not achieve the Goal of the referral program. Harry, however, did book that 20-minute demo call with you, and so as he completed the Goal of the program SalesCamp will store Harry’s information and display it to you in your Campaign Dashboard.
Should Harry ever decide in the future that he would like you to delete his information you can do that right from your Campaign Dashboard, or via API call to SalesCamp
Right To Be Forgotten
At the other end of the spectrum from providing extended consent to participants in your referral program is those participants Right To Be Forgotten.
At its core the Right To Be Forgotten is a mechanism in which you as a user can request that all of your information be completely removed from a company’s database. This right applies to both Referrers and Referrals in a Refer a Friend program.
If a Referrer requests that their information is removed from your referral campaign you can do this two different ways:
- Via your Campaign Dashboard by clicking the red “Delete” button in the right column of the referral dashboard. This will remove the Referrer’s email address and any associated information along with it.
- Via an API call to SalesCamp to Delete a particular Referrer (by ID, token, or email address)
Either of these ways the Referrer information will be deleted immediately and all of the associated data will be removed from SalesCamp’s systems within the 30 days required by GDPR regulations
As we discussed before a Referral is only triggered (and thus logged) in SalesCamp when they complete the campaign Goal. So anyone that a Referrer shares a campaign link with on email, social media, or directly, will not be tracked or logged until they complete that campaign goal event (i.e. signing up for a demo or completing a sales transaction).
If a Referral wishes for their information to be removed from the SalesCamp system you can send us a support request at email@example.com and ask for the Referral’s information be removed
GDPR and Your Business
As a European business SalesCamp takes data privacy and GDPR very seriously and we hope that this has been a helpful walkthrough of the types of processes and systems we have in place to protect you as a business owner but also to respect/protect the rights of those who participate in your referral programs.
SalesCamp is 100% dedicated to created GDPR compliant referral programs you have you have any questions or clarifications please send us a message at firstname.lastname@example.org or in the chat in bottom right hand corner of this page.