Our GDPR Plan: Everything You Need to Know [UPDATED]


On May 25, 2018, the EU General Data Protection Regulation (GDPR) will change the way businesses handle your data. Download our GDPR Guide and read on to learn more how we’ve been working to implement it.


UPDATE AUGUST 2018: To help you out with your GDPR compliance and opt-in transparency, we’ve released a new feature that’s going to make consent management more manageable. Read on to learn more about the new GDPR fields and how to set everything up in your GetResponse account.

What is GDPR?

GDPR is Europe’s new privacy law. Adopted in 2016, it replaces the outdated Data Protection Directive – marking the biggest change in data protection in 20 years.

In that time, technology has evolved rapidly. So too has the amount and type of data that now exists. GDPR aims to address that challenge, by harmonizing data privacy laws across Europe, making it easier to do business across borders – and giving you more control over your personal data.

That means more rights for you to guard your data – and new rules for the businesses that process it.

How we keep your data safe

Data security has always been our top priority here at GetResponse. When designing, deploying and maintaining our network, services and applications, we strive to offer solutions that meet the industry’s strictest privacy regulations. So you can be confident we take security seriously – and keep your data safe.

That’s why we adopted a GDPR Compliance Implementation plan in March of last year – more than a year before the new law becomes applicable.


Our GDPR plan

Last March we put our plan into action, and it’s nearly complete! The first step was to create a dedicated team to oversee the work that needed to be done, under the supervision of our Legal Team and our Information Security Officer, who will also be appointed our Data Protection Officer (DPO) when GDPR is enacted in May.

Here’s what we’ve been working on:

  • Adopt an overall strategy for complying with GDPR
  • Identify and audit our personal data processing practices
  • Create a new privacy website where we’ll post data regulation updates, announcements, and resources
  • Create a dedicated email address for data privacy enquiries
  • Tweak our services to uphold all new rights of data subjects
  • Change our internal and external procedures, and privacy documents
  • Appoint a Data Protection Officer
  • Adherence to an approved code of conduct or certification
  • Final check

Two steps of our implementation plan are ongoing and have always been a part of GetResponse data security:

  • Train staff
  • Test and check our compliance

We run regular training and compliance sessions to make sure our information security team is always up-to-date on any new or changing regulations and best practices for data security.

GDPR Guide

To top it off, we’ve been working hard on a step-by-step guide for our customers to learn more about GDPR and how to prepare your GetResponse account to make sure you are compliant. It’s nearly complete and we’ll be sure to update this space when it is ready for download.

Edit: Our GDPR Guide is now complete and ready for you to download. Feel free to read through it and get yourself familiar with key points of the regulation and what it means to you.

Also, below is an excerpt from the guide so you’ll know what to expect from it.


Does GDPR affect me?

GDPR may apply if you’re a data controller or data processor:

  • based in the EU, even if you process data outside the EU.
  • based outside the EU, but process personal data of EU residents. This applies if you sell goods or services (or offer them for free), or monitor people’s behavior within the EU.

How do you know if you offer goods or services to people in the EU?

  • You use a language or currency common in one or more EU countries, to help people who live there take up your offer.
  • You mention customers or users who are in the EU.
  • You clearly target your offer to people in the EU.

In this case, you’ll need to comply with GDPR.

On the other hand, you probably won’t need to comply if you simply have a website, email address, or other contact details that can be accessed in the EU – and the language is common to your country (and not to any EU member state).

How does GDPR affect me?

It’s worth keeping in mind that before GDPR, you still had to meet regulations when processing personal data.

GDPR simply means data controllers must make a greater effort to process personal data within the law. They also have to make it clear how data will be processed – and ask for consent. And if there’s a personal data breach, they need to notify the supervisory authorities and data subjects as soon as possible.

Unlike past laws, GDPR also refers directly to data processors – and outlines how they must now comply.

If you have a GetResponse account, you’re the controller of your contacts’ personal data. That’s because you decide why and how their information will be used. And that means you’re responsible and liable under GDPR.


Introducing dynamic Data Processing Agreement in GetResponse

To meet your needs for GDPR compliance, we’ve added a new feature to our account settings. In the Data Processing Agreement (DPA) tab you can download a copy of the DPA you have to agree to when signing up with GetResponse. It also gives you the possibility to generate a personalized contract with us. To do that, you need to click the “Generate a personalized DPA” button and fill in the form with your details. You also have to confirm that you are authorized to execute the DPA on behalf of your company. Then, we’ll generate a copy of your contract that you’ll be able to download at any time. Simple as that!


GRPD Tab in My Account:

GDPR Email Marketing, Autoresponder, Email Marketing Software - GetResponse 2018-05-22 16-56-47


data processing agreement Email Marketing, Autoresponder, Email Marketing Software - GetResponse 2018-05-22 16-57-30


Personalize your contract form:


submit your data Email Marketing, Autoresponder, Email Marketing Software - GetResponse 2018-05-22 16-58-16


Downloading a personalized DPA:


downloading Email Marketing, Autoresponder, Email Marketing Software - GetResponse 2018-05-22 16-59-35



Knowing how important and often complex GDPR compliance can be, we’ve developed a new feature that’s going to help you collect and manage consent from your email subscribers.


What are GDPR Fields?

GDPR Fields let you create consent fields that you can populate on your signup forms, landing pages, and webinar registration forms.

It’s quick and easy. And people can now review your opt-in and data processing policies and give their consent when they’re signing up.


Manage GDPR fields GetResponse


What are the benefits of this solution? 

There are several, but the most significant ones are:

  • You’re getting a single dashboard to create and manage all your consent information
  • You can search for and segment contacts in your account based on the GDPR field consent they’ve provided upon signup
  • You can filter your contacts in the marketing automation workflows based on their consent status

And most importantly, it makes being transparent about your consent policies, and compliant with the new regulation a lot easier.


How are they different from regular custom fields?

If you’ve been using GetResponse custom fields, GDPR fields may seem similar at first.

The key difference is that once created, the content of your GDPR field cannot be changed.

And if you try editing it, it’s going to create a new version of the field.

This way, you’ll be able to identify your contacts and the exact version of the consent they’ve provided.


GetResponse GDPR fields consent search


How can I start using them?

To create and edit your consents, just click on the Manage account link in the top right corner of your dashboard.

You can then start using the GDPR Fields when creating your web forms, landing pages, and webinars.


Landing Pages GDPR Fields consent


You’ll also find them in search contacts and your individual contacts’ details page. That’s where you’ll be able to segment your audience or gain proof of the consent they’ve given you.


GetResponse GDPR Fields contact details consent


…and if you’re using Marketing Automation, we’ve added a new filter called Consent status that lets you target subscribers based on their consent status 🙂


Where do I find more information about the GDPR Fields?

To learn more, just check out our Help Center.

And if you’d like to see how you can use the GDPR fields and have your GDPR-related questions answered, sign up for our upcoming webinar.

Aleksandra Kubis, Head of the GetResponse Legal Department, and Abigail Hehemann, GetResponse Product Marketing Manager, will guide you through the ins and outs of running email marketing campaigns in compliance with the GDPR regulations.


Questions or comments? Let us know in the comments section below how you are feeling about GDPR. You can also email our privacy experts directly with any questions.

Our GDPR Plan

GetResponse GDPR Guide: Everything you need to know

GetResponse GDPR Guide: Everything you need to know

The GetResponse GDPR guide is designed to help you understand what GDPR is and how it affects you. In this step-by-step resource you'll see examples and tips on how to review your marketing materials, so you can show contacts you take their data security seriously.