How to comply with data privacy laws

Estimated 6 minute read

Updated Oct 10, 2024, 12:27 PM EST

Learn some some best practices for complying with data protection regulations in your marketing.

As regulations about data and privacy continue to roll out, it’s important to keep an eye on how you contact customers to ensure their protection and comply with the law.

The information provided here is intended to be educational and should not be construed as legal advice. Klaviyo encourages all of our customers — and all ecommerce merchants — to seek legal advice for counsel on how they specifically should ensure that they are compliant with data protection regulations.

Keep your privacy policy up to date

To start, it’s important to keep your privacy policy up to date so that it meets regulation guidelines. As a best practice, your privacy policy should be concise, transparent, intelligible, and in an easily accessible format. If you’re potentially collecting information about children, your privacy policy will need to be clear and written in plain language so they can understand it. Include the following in your privacy policy:

Information about your business’s location and where someone could get in contact with you
Information about the data you collect, use, and share (e.g., the purpose of collection, how data is used, who data will be shared with, how long you will retain their data, etc.)
Information about their rights in regard to their data

If you make any changes to how you handle someone’s data, it’s important to update your privacy policy to reflect those changes.

Collect consent

In order to remain compliant, you’ll want to collect marketing consent from your subscribers. When collecting consent, it’s important to note what a customer can expect by subscribing to your marketing and what you will do with the data you collect. Klaviyo makes it easy to add fields to your sign-up forms that make them suitable to comply with data protection regulations.

When creating a form, select the Enable Data Protect Fields box and Klaviyo will add messaging to help keep you in compliance.

Data protection field option on Klaviyo form

You’ll want to consult with your legal counsel to ensure that the content is suitable for your specific regulations and needs.

If you use Klaviyo forms and have subscribers who are in more regulated locations, like the EU or California, you may wish to include this consent language on all of your forms. If you have separate sites for customers coming from different locations, you can have two different sign-up forms. One with more specific information designed to comply with data protection regulations, and one without the additional information for shoppers from other locations.

Regardless, it’s better to be over-protected than under-protected when it comes to collecting consent. For more information around targeting customers in the EU, see our guide on collecting GDPR compliant consent.

Update and target your content

While it may not explicitly be required by regulatory bodies in all circumstances, it’s better to personalize the customer experience both on-site and within your marketing. If you target your communication, shoppers browsing your site will be more likely to subscribe to your marketing and stay engaged with your brand.

Using sign-up forms

An easy way to encourage first-time shoppers to subscribe to your email list is to show a discount to people who haven’t already engaged with your brand. To do that, create 2 sign-up forms that pull customers into your email list. From there, customize the behavior on the form with the promotion to ensure it’s only showing to people who are not within your Klaviyo account.

Klaviyo form targeting people that are not existing profiles

For the form targeting existing Klaviyo profiles, first, create a segment of subscribers who are within your Klaviyo account, but are not within your email list.

Segment of profiles that are not in the newsletter list

Next, adjust the behavior of the form to only display to the segment you just created.

Form targeting users in a specific list or segment

Targeting sign-up forms to a particular audience is an easy way to personalize the on-site content for your subscribers. Follow our article on Creating Customer Engagement Tiers to get inspiration on different segments you can use to personalize content.

In flows

Flows are another area where you want to be conscious of data protection regulations. When creating flows, especially ones in a regulatory gray area like abandoned cart or browse abandonment, you can choose to either:

Exclude customers in regulated areas
Give customers different messaging that contains less marketing lingo and personalize the email to the items where they have a legitimate interest.

Exclude customers

If you want to exclude customers that live in areas with data protection regulations, like those within the EU, select the trigger at the top of your flow. Add in a flow filter with the condition for someone not within the EU.

Customer exluded from a flow based on location

This will prevent EU customers from entering this flow.

Personalize messaging

If instead, you want customers to see different messaging, add in a conditional split with the condition that someone is not within the EU.

Conditional split in a flow based on location

Make sure to contact your legal team to ensure that the content within your emails is compliant with the regulations in that particular area. Even if your business is not based in an area with data protection restrictions, you may still be required to abide by the rules if you're contacting a customer who is in a location with specific requirements.

In campaigns

As you build your campaigns, all of your emails must contain links to your unsubscribe page and your business’s contact information.

Unsusbcribe link at the bottom of an email

If you’re using a Klaviyo template, we’ll include those links for you. If you are unsure if you’ve included an unsubscribe message, on the campaign review page, there will be a notification indicating whether or not you have an unsubscribe link.

Error on campaign sending screen because there is no unsubscribe link

Campaign sending screen showing there an unsubscribe link is detected

In all of your messages, and especially in campaign sends, personalize the content to your audience. Batch and blast emails are never a good idea. Think about your customers and why they come back to your brand; then, customize your emails from there.

An easy way to do this is through Klaviyo’s show/hide block feature, allowing you to ensure that customers see copy and creative work that’s compelling to them.

Clean your lists

It’s important to not email customers who have not opted-in to your marketing as well as those who do not regularly engage with your brand to maintain good deliverability in the eyes of inbox providers. The process of identifying customers who aren’t engaged and excluding them from your messaging is called list cleaning. For more information, check out our article on list cleaning.

Additional resources

Was this article helpful?

Use this form only for article feedback. Learn how to contact support.

Explore more from Klaviyo

Community

Connect with peers, partners, and Klaviyo experts to find inspiration, share insights, and get answers to all of your questions.

Visit Community

Live training

Join a live session with Klaviyo experts to learn about best practices, how to set up key features, and more.

Support

Access support through your account.

Email support (free trial and paid accounts) Available 24/7

Chat/virtual assistance
Availability varies by location and plan type