Stop Collecting Email Addresses On Your Website…Unless You Have Permission!

If a customer fills out a form and adds their email address, what can I do with it?

This is a terrible question, asked by non-GDPR compliant cavemen and cavewoman who still think it’s OK to treat other people’s info as if it’s their own.

Not that there is anything wrong with cavemen. Or cavewomen. Caves are fine. So are their residents. No offence intended.

In these modern times, we must become harmonious with the ever-present and recently birthed GDPR legislation. The legislation stops people taking the Mick when it comes to your personal info. And that’s a good thing. But we all have to play ball.

To get in line with the GDPR way of thinking, you need to ask yourself this first:

Who does this information belong to?

The answer is always the same:

Your customer.

It’s obvious, isn’t it? But for too long companies have inhaled, ingested and stored people’s personal information, for something as innocent as asking a question on their website. Filling out forms almost became a silent trap for anyone with an email address. Once caught, these companies could swamp their prey with daily emails, trying to convince their victims to buy more stuff or upgrade to this or that or whatever.

Let’s not even mention the selling and sharing of data that could go on. Just mentioning that could…oh darn. Too late.

Thank goodness for the almighty hand of GDPR, trying to keep us all safer on these online streets.

Keeping in mind that the information collected is not your own, this means that it’s up to the customer what you do with their data and how long you can store it. If they want access to their data at any time – you have to give it to them.

So to answer the initial caveman question – you can only do what your customers say you can do with their data. Nothing more.

The Need For A Privacy Policy

First you must tell people what you would like to do with their data (eg. an email address). This will be included in your privacy policy (or privacy notice). More on this later.

The Need For A Consent Checkbox

Then you must ask for their permission to store their information by adding a consent box to your website forms.

Your consent box should be a tickbox that people can click, giving their consent for you to join your email list, in this case.

Your consent box should link to your privacy policy too, so customers know exactly what they are allowing you to do.

If a client submits a form and doesn’t tick a consent box, you cannot store the email address. Sorry! No exceptions!

Luckily, if you are a DotGO client, we take care of the consent box for you. Whoever clicks to give you consent on a website form, will have their email address automatically stored on your list. You need do nothing. Nada. Zilcho.

You also get a free email address as standard with our services (eg., and our system is set up so that you can automatically build an email list whenever someone gives consent. But not when they don’t. It’s like magic. GDPR-compliant magic.

Avoid Spam!

Whenever you have a form on your website, you want to avoid it being filled out by any spammers (usually invisible programmed robots looking to obtain data from somewhere).

To ensure your forms are only being filled out by consenting humans, the addition of CAPTCHA is very helpful, since the spambots can’t usually pass through it.

CAPTCHA is a programme that gives the (sometimes annoying) notice that displays strange letters and then says “TYPE THE LETTERS THAT YOU SEE”. It is like a roadblock for spam bots. They can’t read the darn letters!

We make sure all of our clients have CAPTCHA enabled on their websites, so they are only contacted by people they want to hear from!

How Do I Write A Privacy Policy?

Even the thought of writing or reading a privacy policy might create a strong numbing effect behind your eyes.

Yet, all the recent GDPR kerfuffle might still have you scrambling around for a good privacy policy to include on your website.

A good privacy policy is important for GDPR compliance. It also builds trust by letting your website visitors know how you actually store and use their information that they enter into your website. In this case – what do you actually do with their email addresses?

But no one wants a confusing read. No one wants to fall asleep when trying to read what happens to their data. We need to make our privacy policies as simple as possible.

A good privacy policy, according to the new GDPR regulations should be:

  • Free to read.
  • Easy to access, transparent, concise and easy to understand.
  • Written in clear and plain language.

Gone are the days of privacy policies that only lawyers could fully understand. No more long, painfully boring pages of terribly written text that attempt to cryptically explain to you how your data is stored, and what rights you have.

Now things have gotten much simpler, thank goodness. Transparency is key. Just be clear and honest with people about how their data is stored and tracked.

A good privacy policy should include:

  • What information is actually being collected.
  • Who is the collector of the information.
  • How they collect it.
  • Why it’s collected.
  • How the information will be used.
  • Who the information will be shared with.
  • What effect this will have on the people involved.
  • Whether or not the intended use is likely to lead to complaints.

A good privacy notice can be written in a friendly, honest way. Show people there is a real person behind the notice, not just a legal template.

Be Transparent And Honest

That’s the main message. Be clear what you will do with people’s data, and make sure you have permission to do just that.

GDPR compliance actually helps build your relationships with clients, because with a clear privacy policy you are seen to be more trustworthy, and through sending emails only where they are welcome, you build relationships and avoid complaints.

Of course you avoid any chance of upsetting any GDPR enforcers, which is great. No one wants to upset those guys and gals.

Consent boxes and privacy notices are the way forward, and link the two together so they are friends. Friends always help each other out.

Welcome to the new age of data processing. Fun, isn’t it?