Preparing for GDPR with Mautic

General Data Protection Regulation, or GDPR, is a new European regulation that enforces the protection and accessibility of personal data for all European citizens. Enforcement of this regulation begins on May 25, 2018. Organizations that do not comply risk facing heavy fines. More information can be found on the European Commission Site.

Reaching GDPR compliance is a business challenge like any other. The way to start to address any business challenge is by starting the conversation internally with the objective of establishing a plan for how to overcome that challenge which includes establishing processes, business owners, internal resources to support the plan and following through with the execution of the plan.

Fundamentally this new regulation has been instituted to establish a commonly shared list of rules, with the intent to protect individual's data. With that in mind and as you work toward achieving compliance, there are a few key areas of GDPR that may help you focus your effort including:

  • Gaining consent from the individual to collect data
  • The individual’s right to know data is being collected
  • The individual’s right to retrieve data
  • The individual’s right to move data
  • The individual’s right to be forgotten

The good news is, if you’re currently using Mautic you already have some of the tools within your reach to support the effort. Mautic’s open and flexible platform empowers users to adapt as new regulations, like GDPR, are established.  Below are a few steps you may want to consider as you prepare for and support these changes.

Establish Your Business Plan for Data Handling

GDPR compliance is a cross-functional challenge affecting organizations of all sizes in Europe and around the world. As organizations are preparing for the change on May 25, 2018, the first best step for your organization is to gather the internal groups that are impacted to establish your business plan for how your team will handle the requirements. Some questions you might ask are:

  • How will your team gain consent from individuals?
  • How and where will you communicate the intentions of data collection to the individual?
  • Where is the data stored?
  • Who has access to the data?
  • How will your team respond when an individual asks to know what data has been collected?
  • How will your team respond when an individual asks to be removed from your database?

It’s important for your team to gain consensus on what your organization’s plan is, along with the team members that will be impacted and responsible for taking action. The plan is a good first step to help everyone gain alignment, making it easier to set up the necessary pieces to carry out the plan - like implementing changes to your website or Mautic account.

Explore Options to Support Your GDPR Plan with Mautic

There are several ways you can meet the objectives in your GDPR plan. Many organizations are leveraging their marketing automation platform to gain compliance, because it is often a centralized tool used for data collection and communicating with their audience, and the way that audience’s communication preferences are managed.

Mautic offers several native features that enable users to meet their GDPR requirements. The flexibility of the platform allows users to build a process that suits their needs and business then implement it as desired, not build a process that conforms to the technology. Some of the primary features are:

Web form fields:

Users of Mautic already know how easy it is to customize a form both with any field or field type needed, and also the ability to specify the style characteristics on a website or Mautic landing page. As part of GDPR compliance, users can easily add a field to their forms that asks for explicit opt-in to communications and information stored in the database.

Preference Center:

Users can easily set up customized preference center pages to collect details about their audience preference in areas like content, channel and frequency of communications. Users can build the preference center page that includes checkboxes for the individual to opt-in or -out of communications, or even to collect requests to retrieve contact data, or request to be forgotten from the database.

Custom landing page with form:

Mautic users have the freedom to create custom landing pages and forms that can be used to collect requests from individuals to retrieve their information, move their information or to be removed from the database. Mapping those form submissions to a segment would be an easy way to view all the requests in a single group or list. One consideration, as your team is implementing some of these processes, is to also create a process where requests are verified before final action is taken. Communication within that verification process could be easily supported with automated emails in a Mautic campaign.

Export data:

Mautic gives users visibility into information collected for known visitors. If requested by the individual, that information can be easily exported by the Mautic user and shared in a secure method with the individual. Sharing of sensitive personal information should be handled with care by the user, including verifying the individual before information is shared, as well as determining a secure method of data transport.

Delete contact:

Mautic gives users to the ability to easily delete contacts from the Mautic database. Contacts can be deleted from the contact list view, from within the contact record and through a campaign. However, users must recognize that this does not also guarantee that the contact will also be automatically removed from any database (like a CRM) connected to Mautic. Users should consider implementing a process where deleting the individual from the Mautic database is one step to complying with the individual’s right to be forgotten; and extend a similar process for additional databases where information is stored.

Consult with Mautic’s Customer Success Team for Best Practices

Organizing your team and process for GDPR compliance can be overwhelming. Mautic customers have the added benefit of the Customer Success Team to help answer questions. They are prepared to provide guidance and best practices to help you meet your GDPR objectives. Customers can reach out to their CSM at any time for more details.


Just the same as Mautic customers and users, our company is also preparing to comply with GDPR regulations. Here are some of the changes we are implementing in time for the May 25, 2018 deadline:

  • Form Field for Opt-in: All forms hosted on our website will be updated to include an explicit form field requesting registrants to opt-in to communication and data collection.
  • New Preference Center Page: The current unsubscribe process will be updated with a preference center page where our contacts can manage their preferences, interests and data management requests.
  • Revise Privacy PolicyLanguage will be published to clearly explain Mautic’s policy around data handling.
  • Customer Success: Our team is trained and has the tools ready to provide guidance and best practices to Mautic Cloud Pro customers.
  • Help Center Articles: A new article has been published in the Help Center to explain how users can implement changes to their Mautic account to meet GDPR needs. Existing articles have also been updated with more details on implementing changes to meet GDPR compliance.
  • Update Internal Process: The Mautic operational team has been actively working on establishing and updating the internal processes for data handling.
  • Product Development: Our team of engineers are working on some new product developments that will make GDPR compliance even easier. More details will be available in coming months.

Upgrade to Mautic Cloud Pro

Want to learn more about how customer success can help you?
Let's have a conversation to understand your needs.

Request a Conversation