Learn how to use Kajabi's current set of GDPR-friendly features. (Last updated October 12, 2020).
In this article:
- General Data Protection Regulation (GDPR)
- Step 1. Data collection - Forms and double opt-in
- Step 2. Data storage and processing - Exporting contacts and updating data
- Step 3. Unsubscribing and email preferences
- Data Processing Addendum (DPA)
- I have more questions
General Data Protection Regulation (GDPR)
As you may already know, the GDPR (General Data Protection Regulation) is a regulation that toughens obligations when dealing with the personal data of citizens from the European Union (EU).
It affects all organizations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR applies to you.
This new legal framework has profound implications on how marketers manage their relationships with prospects and customers.
The GDPR went into effect on May 25, 2018, and penalties for violations can be significant.
Step 1. Data collection - Forms and double opt-in
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it.
Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since Kajabi helps you create your own Pages and Forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
Additionally, creating Pages with Kajabi Pages allows you to include a branded disclaimer to the Opt-in Forms you add to your Page!
Add a custom field to your Opt-in Form that makes giving consent unambiguously clear to the user. To do this:
- Create a new Form or edit an existing Form.
- Scroll down to the Fields section.
- Click Create a new Field.
- Use unambiguous language so that the user clearly understands exactly what their consent means.
- Make this field required:
Learn more about Opt-in language examples and the ideology behind consent here.
Another useful feature that will ensure your Forms are GDPR compliant is Double Opt-in.
Here at Kajabi, we want to empower you to succeed online. To accomplish this vision, we have enabled Double Opt-ins for all new Forms created on your site (while still giving you the freedom to disable Double Opt-in if you so choose)! Simply create new Forms with the security of knowing that your Forms are set up to help you on your path to GDPR compliance.
Just be sure to customize the language of your Double Opt-in Email according to your brand and language by editing the automated email sent by your site.
To check your Forms:
- Create a new Form or edit an existing Form.
- Check the "Send double opt-in email to new contacts" box:
The most important thing to remember is to provide clear, unambiguous language on your Opt-in Forms that will effectively communicate to your users that they are giving consent to use and store their contact information.
The Consent checklist published by the UK Information Commissioner’s Office can be used to ensure your consent is in compliance with GDPR or not:
Step 2. Data storage and processing - Exporting contacts and updating data
Individuals always had the right to request access to their data.
But the GDPR enhances these rights. The timescale for processing an access request has also dropped significantly from the previous 40 day period.
Kajabi has worked on functionality to ensure our platform is fully GDPR compliant. One of which includes the exporting of contact data from your People tab in a user-friendly format.
The whole process takes seconds.
This will help in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your Kajabi account.
How to export contact information
To export a CSV of all the contacts stored on your site:
- Go to your People tab from the Dashboard.
- Click Bulk Actions.
- Select Export All.
- You will then receive your Exported list in the email inbox associated with your Kajabi account:
How to modify and update contact data
The GDPR does not change an individual's right to ask to modify or update data that you hold on them in your systems (for example, if they change their email address). However, the penalties for breach under the GDPR are more severe.
To edit a contact's information in the Kajabi admin:
- Open the People tab and search the name or email address of the contact you want to edit.
- Click on the Contact's name.
- Select the Edit Details tab under the Contact's name:
Step 3. Unsubscribing and email preferences
When you send emails to prospects and customers using Kajabi Email Campaigns, they include an unsubscribe button, which allows customers to easily let you know they would like to withdraw consent to receiving marketing emails from you.
This feature also helps you comply with the EU E-Privacy legislation governing direct marketing.
On the other hand, our email preferences functionality allows Members to choose which marketing emails they want to receive.
If a Member would like to subscribe or unsubscribe to marketing emails within Kajabi:
- They can click their Avatar in the top right of the page.
- Select Settings.
- Check or uncheck all of the email settings boxes:
Learn more about how your Member's can update their email preferences.
As you can see, there are many GDPR-friendly features you can use on your path to be compliant.
This new legal outlook is a great opportunity for marketers to revise how they approach their leads, customers, and what they can do to treat these relationships with the highest care.
We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way of doing business.
Be sure to check out our blog post on GDPR here.
Data Processing Addendum (DPA)
To complete the DPA:
- Click the link above to download the DPA.
- Follow the instructions included with the DPA.
- Complete the form.
- Then, send your completed Data Processing Addendum to DPA@kajabi.com.
If applicable, include your Account ID in your email:
What about contacts already on my list?
The contacts already opted-in on your list do not put you in jeopardy of breaching GDPR.
Existing contacts are not required to opt-in again, however, many Kajabi users haven taken this opportunity to refine their list and shed some dead weight.
This is a great opportunity to send an Email Broadcast to your entire list with a double opt-in embedded for added consent security.
A privacy notice is a public statement of how your organization applies data protection principles to processing data. It should be a clear and concise document that is easily understood and easily accessible to your users.
View an example of a GDPR compliant privacy statement here.
Your Kajabi site is already using cookies. You can view which ones are active by reviewing our cookie notice.
What cookies does the Kajabi Website use?
Strictly Necessary Cookies: These cookies are required to let you navigate our website and use its features. They are also used to ensure we have a proper cookie banner.
Analytics Cookies: These cookies collect information about how our visitors use the website. All information collected by these cookies is aggregated and therefore anonymous. It is only ever used to improve how our website works.
Cookies make using our Site easier by, among other things, saving your passwords and preferences for you. These cookies are restricted for use only on our Site, and do not transfer any personal information to any other party.
Most browsers are initially set up to accept cookies. You can, however, reset your browser to refuse all cookies or indicate when a cookie is being sent.
Please consult the technical information relevant to your browser for instructions.
If you choose to disable your cookies setting or refuse to accept a cookie, some parts of the Site may not function properly or may be considerably slower.
I have more questions
Understanding GDPR and how to stay compliant is crucial for any business.
However, we do not provide legal advice for your company to use in complying with EU data privacy laws like the GDPR.
*Please refer to the Disclaimer. We strongly encourage you to consult an attorney if you are interested in advice for interpreting this information or its accuracy.
If you have additional questions or are interested in the inclusion of additional information for this article, please feel free to reach us at firstname.lastname@example.org.
Continue to learn more about the GDPR by reading the Guide to the General Data Protection Regulation (GDPR) published by the UK Information Commissioner’s Office.
Disclaimer: This article and other materials posted on our website is offered for informational purposes only and is not intended to constitute legal advice. Do not rely on the information found here without consulting a licensed attorney in your location for your specific circumstances. It is ultimately your responsibility, and you hereby release Kajabi from all responsibility, to determine the laws or regulations, including international laws, applicable to you and your business. It is always best to be familiar with ALL laws, rules, regulations, and legislation that may be applicable to you and your recipients’ country/region.