The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with the new regulations.
This article is not yet finalized.
We wanted to get you this information as soon as possible, but it's likely that the information here will be updated or reworded. Check back for the final version.
One of the biggest changes under GDPR is the narrowed definition of acceptable consent. If your organization has materially changed your consent policies, you may wish to keep track of the users that have given new GDPR-compliant consents. Within ControlShift, we support tracking these updated consents through consent migration.
Migrating Consent in ControlShift
Admins can update a user's consent from within ControlShift or via API.
If your organization is interested in using our API, please see our developer docs: https://developers.controlshiftlabs.com/#members. In particular, our Members API will allow organizations to update a member's email opt-in type and subscription status (for email communications opt-in migrations) and delete members from the platform (for members without updated data processing consents).
Email Consent Updates via Email
Within the platform, ControlShift also supports allowing members to upgrade their email opt-in types via email. Using this migration method, a special blast email is sent to all currently subscribed (and mailable) signers of a specific petition. The email contains a special link that allows users to re-opt into updates about the campaign.
To send this email, admins (or petition creators) will need to go to the petition signature page and add
/emails/new_from_template?email_template=email_template_re_opt_in to the end of the URL. From here, customize the text of the blast email (without updating the link's destination) and click to send. After moderation, subscribed and mailable signers will receive the email asking them to re-confirm their opt-in status. If they re-confirm, their status will be updated to Context: Email Kind: Email. (For more information about email opt-in types' Context and Kinds, please see: https://controlshiftlabs.zendesk.com/hc/en-us/articles/360000167515-Email-Communications-Opt-In#definitions.) Admins can update the text of this email template by going to the admin homepage > Content (under CMS) > Blast Email Templates > Re-opt-in to email communications.
Please note: This method will only update a user's email opt-in type for this specific petition. If you want to update a user's email opt-in type for all petitions they've signed, please use the API or CSV options.
Email Consent Updates via CSV
We also allow admins to update email communications consents via CSV uploads. To update a batch of users' email opt-in types:
- First, make sure that you've configured a ControlShift email opt-in type that matches the upgraded consent that these users have given.
- Next, create a CSV of the email addresses that have updated their email communications consents. Please note that the CSV must have an "email" column.
- Then go to the admin homepage > Settings > Email Opt-In Types > Manage Email Opt-In Types > Bulk Update. From this page, choose the appropriate email opt-in type from the dropdown and select the CSV of email addresses. Click Create Email opt in upload to start the migration.
Please note: when updating a user's email communications opt-in type, this will update all of that user's records. This means that all signatures, RSVPs, etc. associated with that email address will be updated to the new email communications opt-in type.
Manually Deleting Members
To delete members from within ControlShift, we'd recommend using the member deletion API. It is, however, possible to manually delete a supporter from their member page. To perform a manual deletion, go to the admin homepage > People > search for an email address > go to their member page > Settings tab > Delete Member.
Please note: deleting a member is final and cannot be undone.
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.