Learn how to be GDPR compliant on Kajabi (Last updated February 3, 2020).
As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that toughens obligations when dealing with the personal data of citizens from the European Union (EU).
It affects all organizations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR applies to you.
This new legal framework has profound implications on how marketers manage their relationships with prospects and customers.
The GDPR went into effect on May 25, 2018, and penalties for violations can be significant.
In this article, you'll learn how to use Kajabi's current set of GDPR-friendly features.
In this article:
- Step 1: Data Collection - Forms and Double Opt-in
- Step 2: Data Storage and Processing — Exporting Contacts and Updating Data
- Step 3: Unsubscribe and Email Preferences
- Data Processing Addendum (DPA)
- I have more questions
Step 1: Data Collection - Forms and Double Opt-in
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since Kajabi helps you create your own Pages and Forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
Add a custom field to your Opt-in Form that makes giving consent unambiguously clear to the user. To do this:
- Create a new Form or edit an existing Form.
- Scroll down to the Fields section.
- Create a new Field.
- Use unambiguous language so that the user clearly understands exactly what their consent means.
- Make this field required:
Learn more about Opt-in language examples and the ideology behind consent here.
Another useful feature that will ensure your Forms are GDPR compliant is Double Opt-in.
To set this up:
- Create a new Form or edit an existing Form.
- Check the "Send double opt-in email to new contacts" box.
- Edit the language of the Double Opt-in email in your Email Templates tab:
The most important thing to remember is to provide clear, unambiguous language on your Opt-in Forms that will effectively communicate to your users that they are giving consent to use and store their contact information.
Consent checklist published by the UK Information Commissioner’s Office can be used to ensure your consent is in compliance with GDPR or not.
Step 2: Data Storage and Processing — Exporting Contacts and Updating Data
Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.
Kajabi has worked on functionality to ensure our platform is fully GDPR compliant. One of which includes the exporting of contact data from your People tab in a user-friendly format. The whole process takes seconds.
This will help in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your Kajabi account.
How to export contact information
To export a CSV of all the contacts stored on your site:
- Go to your People tab from the dashboard.
- Click Bulk Actions.
- Select Export All.
- You will then receive your Exported list in the email inbox associated with your Kajabi account:
How to modify and update contact data
The GDPR does not change an individual's right to ask to modify or update data that you hold on them in your systems (for example, if they change their email address). However, the penalties for breach under the GDPR are more severe.
To edit a contact's information in the Kajabi admin:
- Open the People tab and search the name or email address of the Member you want to edit.
- Click on the Member's name.
- Select the Edit Details tab under the Member's name:
Step 3: Unsubscribe and Email Preferences
When you send emails to prospects and customers using Kajabi Email Campaigns, they include an unsubscribe button, which allows customers to easily let you know they would like to withdraw consent to receiving marketing emails from you. This feature also helps you comply with the EU E-Privacy legislation governing direct marketing.
On the other hand, our email preferences functionality allows Members to choose which marketing emails they want to receive.
If a Member would like to subscribe or unsubscribe to marketing emails within Kajabi:
- They can click their Avatar in the top right of the page.
- Select Settings.
- Check or uncheck all of the email settings boxes:
As you can see, there are many GDPR-friendly features you can use on your path to be compliant.
This new legal outlook is a great opportunity for marketers to revise how they approach their leads, customers, and what they can do to treat these relationships with the highest care.
We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way of doing business.
Be sure to check out our blog post on GDPR here.
Data Processing Addendum (DPA)
We have published our DPA here.
No action is required on your end. You can print out and file this policy if you'd like, however, we do not need to receive a signed copy from you.
What about contacts already on my list?
The contacts already opted-in on your list do not put you in jeopardy of breaching GDPR. Existing contacts are not required to opt-in again, however, many Kajabi users haven taken this opportunity to refine their list and shed some dead weight.
This is a great opportunity to send an Email Broadcast to your entire list with a double opt-in embedded for added consent security.
A privacy notice is a public statement of how your organization applies data protection principles to processing data. It should be a clear and concise document that is easily understood and easily accessible to your users.
View an example of a GDPR compliant privacy statement here.
Kajabi uses the following cookies on the Site:
||Kajabi session cookie Tracks your active admin session so you don’t need to re-login|
||Kajabi affiliate token Tracks which affiliate has referred an offer purchase|
||Admin bar hidden Tracks whether the user wishes their admin previewing bar to be hidden|
How can I add a cookie disclaimer script to my homepage?
- Copy the generated script.
- Log into your Kajabi account.
- Open the Settings tab from the Dashboard.
- Click Site Details.
- Scroll down to Page Scripts.
- In the Header Page Scripts text box, paste the generated script.
- Click Save.
I have more questions
Understanding GDPR and how to stay compliant is crucial for any business. However, we do not provide legal advice for your company to use in complying with EU data privacy laws like the GDPR. *Please refer to the Disclaimer. We strongly encourage you to consult an attorney if you are interested in advice for interpreting this information or its accuracy. If you have additional questions or are interested in the inclusion of additional information for this article, please feel free to reach us at email@example.com. Continue to learn more about the GDPR by reading the Guide to the General Data Protection Regulation (GDPR) published by the UK Information Commissioner’s Office.
Disclaimer: This article is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.