General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) in Mautic

Mautic enables users to be GDPR compliant. This article describes the necessary steps and set-up required to follow GDPR guidelines.

  1. Consent to data collection
  2. The right to view data collected
  3. The right to have data transferred
  4. The right to be forgotten

 

Consent to data collection

Contacts that fall under GDPR requirements need to provide consent to having their personal data collected and used for communication. We recommend setting up a checkbox on your Mautic forms that allow contacts to opt-in. Follow the instructions below on how to set up an opt-in checkbox.

  1. Create a new custom field first
    1. This should be a Boolean field
    2. Label this field however you want to internally mark a contact as opting into receiving communication from you (i.e. GDPR acceptance or GDPR opt-in)
  2. Edit existing form or create a new form
  3. Under the “Fields” tab, add a “Checkbox Group” field
  4. Add a label to the field. This will be the name of the field that’s displayed to the contact record
  5. Under the “Contact Field” tab, map it to your newly created custom field
  6. Under the “Validation” tab, select “yes” to make this a required field
  7. Under the “Properties” tab, add a label and value that will display next to the checkbox. For example, “I agree to opt-in” or “I accept terms of communication”
  8. Save and close your form

By default, the checkbox will be unselected, so the contact has to select it and submit the form in order to opt-in. If this is a new form, you’ll want to add this to your Mautic landing page or website. We also recommend updating all existing forms with this new checkbox, so you can stay compliant.

Example screenshot of form field:

 

Contacts requesting information

Contacts have the right to see what data has been collected about them over time. This request can be handled multiple ways, based on your preference, but Mautic recommends setting up a Standalone form on your website and/or at the footer of your emails that contacts can fill out to request their information. This form should at least include the following fields:

  • Email address
  • Request to view data collected (This should be added as a custom Boolean field)
  • Request to be forgotten (This should be added as a custom Boolean field)

Note, the names of the fields can be changed and customized based on your business. To build a form, follow the instructions on our Forms training document.

We recommend setting up the following actions on the Standalone form:

  •  “Send form results” or “Send Email to User” to inform team members of the requests
  • “Modify Contact’s Segment” to push these contacts in a specific “GDPR” segment

The benefit of adding the contacts into a “GDPR” segment means they can be reviewed or even communicated with at a later time.

The right to view data collected

To provide the data to the contact, please follow the steps below.

  1. Search for the contact record by name or email address within the Contacts section
  2. Stay on the Contacts page where the contact’s information is returned in the search results
  3. In the upper-right-hand corner, select the drop-down arrow and click on “export”
  4. All data collected in Mautic will be exported to a CSV file to your computer

 

The right to be forgotten

Contacts have the right to request their data to be deleted. Mautic allows users to delete contact records in two ways: 1) Manually and 2) Automatically. To delete a particular contact record from Mautic as well as the database, please follow the steps below.

1) Manual deletion:

  1. Search for the contact record by name or email address within the Contacts section
  2. Click into the contact record who requested the data to be deleted
  3. In the upper-right-hand corner, select the drop-down arrow and click on “Delete”
  4. All data will be deleted about this contact record

 

2) Automated deletion:

  1. Create a segment using a filter with the “Request to be deleted” field (This should be added as a custom Boolean field)
  2. Create a campaign using the above segment as the campaign source
  3. Set up an action in the campaign of “Delete Contact”

This campaign will automatically detect contacts who have requested deletion of their data (since they’ve been added to the “Request to be deleted” segment) and then delete them in bulk. This is a recommended set-up for Mautic users who have over 5,000 contacts.

 

Please note that all names of custom fields and form fields provided in this document are just suggestions by Mautic. As a business, you have the right to create other related names for your fields.

For additional support or if you have any questions, please contact your Customer Success Manager or email support@mautic.com.