Select Page

During the past several weeks, YourMemberhip (YM) has made significant product updates. We’ve released features that provide customers automated tools to help remain in compliance under the General Data Protection Regulation (GDPR) regulation.

These features are designed to assist customers who need to abide by the GDPR. But, they can also be used by any customer who wishes to improve security. Here’s a breakdown of the feature set, which is now available. We’re also including an FAQ about YM and GDPR.

Privacy policy interface (released June 27, 2018).

Listed below is an interface that allows organizations to input their Privacy Policy language. This can be linked to anywhere on the website and will be displayed exclusively with the corresponding features. It’s highly recommended you follow this privacy policy statement, especially if you’re enabling any of the features listed.

How is this relevant to GDPR? 

Under the regulation, organizations are required to clearly display a privacy policy statement that defines what personal information is captured, used and shared about an individual. This interface provides the ability to create and manage your organization’s privacy policy statement. It also ensures it’s automatically linked to related user consent areas.

Cookie notice overlay (released June 27, 2018).

The cookie consent notice allows organizations to display a more prominent warning and/or overlay on the frontend of their website to all site visitors. This overlay is designed to notify a user that your site uses browser cookies to properly function properly. It prompts them to accept or deny the use of cookies. Accepting the notice will remove the overlay from the user’s browser. Denying it directs the user away from your site.

NOTE: Users are not forced to accept or deny the cookie notice. They may freely access all website pages, even if they choose not to accept. The cookie notice also directly links to the Privacy Policy Statement page previously mentioned. The cookie notice has a default look-and-feel. However, you do have the ability to customize the styling of the overlay to match the look-and-feel of your organization’s brand.

How is this relevant to GDPR?

One key element of the regulation is for websites to provide a conspicuous and immediately accessible cookie notice on the front-facing site to alert users of cookies. This cookie notice should be persistent until the user dismisses it with a direct click. Since the enactment of the regulation, this pattern is consistently seen on sites across the web.

User consent collection (released August 3, 2018).

The user consent feature allows organizations to unequivocally capture data consent from member and non-member users. This allows you to collect and process their data. This automated consent collection requires a user to provide consent before entering any information in any feature areas where personal data may be collected. These features include New Member Signup, Event Registration, Custom and Contact Forms, Donation and Store Checkout, and Survey/Quiz submissions and the Member Profile.

When providing consent, users will have a visible link to view the organization’s Privacy Policy statement. That way, it’s clear as to what they are giving consent. When enabling the consent tool, existing members are required to provide consent on their initial login. Members can revoke consent from within their profile. As an administrator, you have access to simple tools that allow you to track specific members and their consent status. They also provide a notification, if a member has revoked his or her consent.

How is this relevant to GDPR?

GDPR explicitly states that an organization must capture consent for users prior to processing any of their personal data. In addition to collecting consent, a user must have the ability to easily revoke consent to processing data.

We have implemented this feature, so organizations can automatically capture consent before any personal data is collected. We also provide administrative tools for the management of consent collection. By doing so, you can easily process any profile data requests submitted by a user.

Enhanced auditing and activity logs (continued release through end of August 2018).

Updates to existing and several new member activity logs have been introduced. This includes more robust tracking on specific member actions.

Some of the enhanced activity logs include recording member profile updates (when done by either the member or an administrator), email category opt-in/out, member preferences and subscription updates. These activity logs are tracked within the individual member profile, as well as on the global activity log administrative page.

How is this relevant to GDPR?

An emphasis is placed on audit tracking as it pertains to users’ personal identifiable information, and their preferences about how to communicate with them. These enhanced activity logs allow your organization to properly document audits of user actions with a date/time stamp and changed details activity.

Frequently Asked Questions (FAQ).

Is YM GDPR compliant? Yes. Community Brands and YourMembership have taken the necessary steps to become GDPR compliant. We have recently updated our privacy policies and internal procedures to adhere to the regulation. You can view our latest privacy policy here.

Does using these features make my organization GDPR compliant? These features are designed as automatic tools to help your organization adhere to GDPR privacy and consent regulations. However, these tools are only one step of the compliance process. It’s imperative your organization implements compliant processes throughout your entire set of business practices, privacy policies and any other marketing or consent tools you may use outside of YM. We recommend working with a compliance consultant or legal counsel who has experience working with European Union (EU) law and data protection compliance.

Has YM completed implementing GDPR features? These features will complete our initial scope of GDPR enhancements. However, as we learn how the regulation is enforced and based on customer feedback, we will continue to implement necessary features that help clients remain compliant.

How do members submit a data copy or deletion request? The method in which a user can submit a request for their data or profile erasure is at the discretion of your organization. You can use an existing YM feature, such as a contact or custom form, or simply provide the instructions clearly noted within your Privacy Policy statement.

What do I do if members request a copy of their data? If you receive an official request by a member to obtain a copy of his or her data, this request must be submitted by an administrator from your organization to our Data and Privacy team at privacy@communitybrands.com. To fulfill the data request, please provide the name, email address and Member ID of the member requesting data. Once our team receives the request with the necessary information, under the regulation, we are obligated to perform the request within 30 days and provide the available requested data. Any follow-up correspondence will be made through the initial email chain.

What do I do if members request to delete their data? If you receive an official request by a member to erase or delete their data, this request must be submitted by an administrator from your organization to our Data and Privacy team atprivacy@communitybrands.com. To fulfill the deletion request, please provide the member name, email address and Member ID.

NOTE: If you receive an official erasure/deletion request regarding GDPR, it’s not recommended you manually delete the user. Doing so may result in data relevant to the user becoming unidentified or lost. Once our team receives the request with the necessary information, we are obligated to perform the deletion request within 30 days. Any follow-up correspondence will be made through the initial email chain.

Looking for more information about GDPR? Check out our Let’s Talk about GDPR webinar or Understanding GDPR whitepaper.