Recording consent for your contacts

Contents

Why should I record consent?
What data can I store in ConsentInsight?
How do I upload a ConsentInsight record for a contact?
Where does double opt-in fit into this, and why?

Summary

Consent is an agreement between you and your contacts about your intentions with their personal data.

We let you to store this consent in a free Insight data collection called ConsentInsight.

Unlike billable Insight data, ConsentInsight does not count towards your data storage limit, which you can find in the 'Usage' tab of your account settings.

Manage_contact_ConsentInsight.png

Why should I record consent?

Consent is both a requirement of the GDPR and best practice.

You should want to know, in no uncertain terms, that the content you are sending your contacts is what they want and agreed to when they opted in. This way, you can make sure that contacts engage with and appreciate your content, and that they do not ignore it or worse (if it's an email campaign), put it in their spam folder. Otherwise, you risk affecting your sender reputation.

What data can I store in ConsentInsight?

A single ConsentInsight record consists of the following fields that you can provide the values for:

  • Text: What contacts consented to. Use this field to record the answers to questions, such as:
    • Do your contacts want to receive your communications, and from which channels?
    • Do your contacts know what you do with their data?
    • Do you know how often your contacts want to be contacted by you?
  • DateTimeConsented: The date and time that your contacts consented to the contents of the Text field
  • URL: The URL that contacts gave you their consent from. For example, the URL of a signup form.
  • IPAddress: The IP address of the device your contacts used when they gave you their consent
  • UserAgent: The type of web browser that your contacts used when they gave you their consent
Please note: For every ConsentInsight record, a DateTimeCreated field is automatically created and given the value of the date and time, in UTC+00:00, that the ConsentInsight record was created.

You can store multiple ConsentInsight records against one contact, but we guarantee to display only the latest five ConsentInsight records, both in the app and in the ConsentInsight.json file when you export a contact.

How do I upload a ConsentInsight record for a contact?

You can upload a ConsentInsight record for a contact in the following ways:

If you want to upload multiple ConsentInsight records for a contact at the same time, you can do so only by using the following API call: 

If you want to upload a ConsentInsight record by importing contacts via an Excel or CSV file, you need to map your columns names to the following consent fields:

  • CONSENTTEXT
  • CONSENTURL
  • CONSENTDATETIME
  • CONSENTIP
  • CONSENTUSERAGENT

After you've uploaded a ConsentInsight record for a contact, you can view that record by going to the 'Insight data' tab of the 'Manage contact' page, and selecting the ConsentInsight collection from the dropdown. 

Limits for the values of ConsentInsight fields

Values are limited to 1,000 characters.

Find out more about the restrictions for Insight data values.

Tips

  • Remind a contact what they consented to by using advanced personalisation to add the latest Text of a ConsentInsight record in an email campaign: {{ contact.insight.ConsentInsight[0].Text }}
  • Segment contacts by what they consented to, for example, by using the 'contains' filter on the consent text to find contacts who consented to different channels

Where does double opt-in fit into this, and why?

Double opt-in is an important way to verify that the consent you've obtained has been given by a contact who genuinely wants to hear from you. Otherwise you're leaving yourself vulnerable to the potential of malicious signups, spam complaints, or potentially worse.

Best practice goes that, after collecting consent from new signup in a form, you then send a double opt-in email to your new signup with a confirmation link in it. When your contact opens the email and clicks this link, confirming it was them, they'll be verified as a double opt-in. This process confirms the veracity of their signing up and their giving of consent, and thus they're added to your contacts.

If you don't implement double opt-in, then you can't be sure that someone else (or a spam bot, for instance) is signing up email addresses and giving consent to data they don't own.

By implementing double opt-in, you will be sure: this is why it's best practice.

We provide you with the tools to implement verified double opt-in

Read more about it:

Have more questions? Submit a request

Comments

  • Avatar

    Hi Jake,
    I've just tried to create a decision node in a program and unfortunately there is no option to find contacts using a "contains" filter on the consent text. The same is true when building a segment.
    The workaround is to use the "is equal to" filter but of course you must then include the whole text.
    The tips section of your article above refers to a "contains" filter which would be preferable as then I could build a rule with a filter which "contains" the text "email", rather than having to know for sure what the exact consent text is.
    Do you know if this functionality is going to be added soon?
    Many thanks,
    James

  • Avatar

    Hi James, the "contains" option is available to accounts that have had their insight storage migrated to our new Google BigQuery infrastructure. All accounts will be migrating, but if your need is pressing please speak to your account manager.

  • Avatar

    Hi There,
    We cannot get through to our account Manager and need to set up a GDPR "consent" email to send to our database. How do we set up the "Yes please keep contacting me" button and where will it feed into/how will it automatically update the database so we can see who has actually opted to stay in? please advise
    Many Thanks

  • Avatar

    Hi Sally,
    If you just want to record that your contacts opted in to be contacted by you, you can insert a double opt-in link in your email campaign. After your contacts confirm their opt-in, their opt-in type contact data field will change to 'verified double'
    https://support.dotmailer.com/hc/en-gb/articles/115001292970-Adding-links-to-your-campaign#doubleoptinlink

    If you have any questions in general about opt-in types, you can see this article
    https://support.dotmailer.com/hc/en-gb/articles/360000620830-Does-it-get-recorded-when-a-contact-opts-in-to-receive-my-emails-

    Alternatively, feel free to email support@dotmailer.com and our support team will help you with any other questions you may have.

    Edited by Jake Cahill
  • Avatar

    Hello Jake. This is a very useful article. Thank you.

    I am updating our Dotmailer signup forms to include the new consent element/text. I have a query on this paragraph from your article:

    "You can store multiple ConsentInsight records against one contact, but we guarantee to display only the latest five ConsentInsight records, both in the app and in the ConsentInsight.json file when you export a contact."

    If, over time, a contact signs up to six different different enewsletters, all through separate signup forms with different consent text, how do we ever get to see the earliest (first) consent record if we need to?

    Many thanks.

  • Avatar

    Hi Nigel,

    At the moment, we display all ConsentInsight records for a contact, however this behaviour is going to change in the future.

    Eventually, we will display only the latest five records, which means that any older records will be deleted and you will not be able to see or export those.

    Edited by Jake Cahill
  • Avatar

    Hi Jake,

    To echo Nigel's comment above I believe this is an oversight to not allow all ConsentInsight records to be made available.

    In addition, currently you can only insert a ConsentInsight record if the user has opted in. What happens say a month later when they return to the same form and don't tick the box to be opted in as they don't want to receive emails from you. This intelligence cannot be passed to ConsentInsight so you will still need to use a Contact Data Field to indicate if the most recent interaction was an opt in or opt out.

    Regards

    Jon

    Edited by Jon Woodrow
  • Avatar

    This may be a silly question, but for contacts who "consent" would it not be easier if their opt-in type was automatically updated as well? I.e they're confirming that they've opted-in?

    Is this something that is going to be introduced?

  • Avatar

    Thanks for the comments on this. To answer the last couple of questions:

    @Jon The allowance of multiple consent records allows for an audit - a way to see how consent for a contact has changed over time. Wherever possible, I'd recommend including all the ways you may use a contact's data in one consent statement - it's easier for both you and them to keep track of and understand (bearing in mind that consent under the GDPR needs to be 'unambiguous'). However, it's interesting to hear that you're using ConsentInsight in this way, and it may influence changes in the future.

    @Jamee Not a silly question! It's good to think of 'opt-in type' and 'consent' as two different (although related) things. Consent is a contact telling you that they're happy to receive content from you; the opt-in type is how that consent has been verified. It's possible therefore to have very detailed consent from a contact, but if the contact only has an opt-in type of 'single' you don't have a guarantee the consent really came from that person. Likewise, you may have no detailed consent from an otherwise doubly opted-in contact. We'd always recommend therefore that you turn double opt-in on and capture consent - but that's ultimately your call, and there may be legitimate reasons for not doing this.