GDPR Use Cases

Relating GDPR to real-life cases can help bring it to life and concrete these legal technicalities. The following will explain and look at the GDPR impact of these features:

  • Account creation
  • Abandoned cart email
  • Push notifications

Account creation

When a new user creates an account with the client they will give their details including full name, email address, phone number and date of birth.

Upon registration this causes several GDPR implications:

  1. Consent will be required to send communications including email, SMS and phone the individual
  2. The customer needs to be clearly told how their data will be processed
  3. The customer needs to be clearly told how they can withdraw their consent to be contacted and how to delete, alter or rectify their information.
  4. A double opt-in email could be used to be ensured the customer consents to processing.

Key takeaway:
When acquiring a new customer ask for their specific and informed consent to be contacted, including their communication preferences and purposes they may be contacted for. Also, ensure you are transparent and clear about your privacy policy.

Abandoned cart email

A user may add something to their cart, only to close the tab or forget to purchase. Through Bloomreach Engagement you can send an email reminding the user to checkout before the item goes out of stock.

GDPR implications of this use case:

  1. The user might not have an account yet meaning contacting them falls under legitimate interest.
  2. For legitimate interest to be valid, a test considering the purpose, necessity and a balancing act must have been carried out. You must have proof and a record of this test.
  3. In the email itself, an opt-out link should be included, otherwise, the email may appear intrusive.

Key takeaway:
When acquiring a new customer ask for their specific and informed consent to be contacted, including their communication preferences and purposes they may be contacted for. Also, ensure you are transparent and clear about your privacy policy.

Push notifications

We love to stay up to date and sometimes having a reminder about a new sale is exactly what your customer wants. This can be easily implemented through a push notification in Bloomreach Engagement.

GDPR consequences:

  1. Before sending a push notification, ensure the browser asks for permission to send the customer push notifications from your website.
  2. Once the customer has accepted push notifications, let them know where they can adjust their preferences.
  3. These preferences need to be tracked and recorded.
  4. Add details about push notification to somewhere on your website, such as your privacy policy, to make it easy for the user to update their preferences.

Key takeaway:
Like emails, push notifications also require consent. Make sure to collect, record and maintain valid consent from your customers.