Best Practices for Complying with Data Privacy Laws

Last updated at:


As regulations about data and privacy continue to roll out, it’s important to keep an eye on how you’re contacting your customers to ensure their protection and to comply with the law. This guide will walk through some best practice tips for complying with data protection regulations in your marketing.

The information provided here is intended to be educational and should not be construed as legal advice. Klaviyo encourages all of our customers -- and all ecommerce merchants -- to seek legal advice for counsel on how they specifically should ensure that they are compliant with data protection regulations.

Keep Your Privacy Policy up to Date

To start, it’s important to keep your privacy policy up to date so that it meets the regulation guidelines. As a best practice, your privacy policy should be concise, transparent, intelligible, and in an easily accessible form. If you’re potentially collecting information about children, your privacy policy will need to be clear and written in plain language so they can understand it. You’ll want to include the following in your privacy policy.

  • Information about your business’s location and where someone could get in contact with you
  • Information about the data you are storing (e.g., the purpose of collection, who their data will be shared with, how long you will retain their data, etc.)
  • Information about their rights in regard to their data

If you make any changes to how you handle someone’s data, it’s important to update your privacy policy to reflect those changes.

Collecting Consent

In order to remain compliant, you’ll want to collect marketing consent the right way from your subscribers. When collecting consent, it’s important to note what a customer can expect by subscribing to your marketing and what you will do with the data that you collect. Klaviyo makes it easy to add fields to your signup forms that make them suitable to comply with data protection regulations.

When you’re creating a signup form, select the Enable Data Protect Fields box and Klaviyo will add messaging to help keep you in compliance.


You’ll want to consult with your legal counsel to ensure that the content is suitable for your specific regulations and needs.


If you are using Klaviyo forms and have subscribers who are in regulated locations, like the EU or California, you should include this consent language on all of your forms. If you have separate sites for customers coming from different locations, you can have two different signup forms. One with data protection information for the areas where there are regulations, and one without the additional information for other shoppers.

2020-01-30_17-16-15.png 2020-01-30_17-16-32.png

Regardless, it’s better to be over-protected than under-protected when it comes to collecting consent.

Target Content

While not explicitly required by regulatory bodies, it’s better to personalize the customer experience both on site and within your marketing. If you target your communication, shoppers browsing your site will be more likely to subscribe to your marketing and stay engaged with your brand.

Using Signup Forms

An easy way to encourage first-time shoppers to subscribe to your newsletter list is to show a discount to people who haven’t already engaged with your brand. To do that, create two signup forms that pull customers into your newsletter list. From there, customize the behavior on the form with the promotion to ensure it’s only showing to people who are not within your Klaviyo account.


For the form targeting existing Klaviyo profiles, first, create a segment of subscribers who are within your Klaviyo account, but are not within your newsletter list.


Next, adjust the behavior of the form to only display to the segment you just created.


Targeting signup forms to a particular audience is an easy way to personalize the on site content for your subscribers. Launching a new collection? Display a signup form directing your VIPs to purchase. Have a flash sale? Show a form to your bargain shoppers directing them to the sale. Follow our article on Creating Customer Engagement Tiers to get inspiration on different segments you can use to personalize the on site content.

In Flows

Flows are another area where you want to be conscious of data production regulations. When creating your flows, especially ones in a regulation gray area like abandoned cart and browse abandonment emails, you can either choose to exclude customers who are in regulated areas or you can choose to give them different messaging that contains less marketing lingo and personalize the email to the items where they have a legitimate interest.

If you want to exclude customers that live in areas with data protection regulations, like those within the EU, select the trigger at the top of your flow. Add in a flow filter with the condition for someone not within the EU.


This will prevent EU customers from entering this flow.

If instead, you want them to see different messaging, you can add in a conditional split with the condition that someone is not within the EU.


Make sure to contact your legal team to ensure that the content within your emails is compliant with the regulations in that particular area. Even if your business is not based in an area with data protection restrictions, you must still abide by the rules if you are contacting a customer who is protected.

In Campaigns

As you are building your campaigns, all of your emails must contain links to your unsubscribe page and your business’s contact information.


If you’re using a Klaviyo template, we’ll include those links for you. If you are unsure if you’ve included an unsubscribe message, on the campaign review page, there will be a notification indicating whether or not you have an unsubscribe link.

2020-01-28_14-42-34.png 2020-01-28_14-40-31.png

Additionally, in all of your messages, you should personalize the content to the audience, but especially in your campaign sends. Batch and blast emails are never a good idea. Think about your customers, think about why they come back to your brand, and customize your emails from there. An easy way to do this is through Klaviyo’s show/hide block feature. Head to our article on Show or Hide Template Blocks Based on Dynamic Variables to ensure that your customers are seeing copy and creative work that’s compelling to them.

List Cleaning

It’s important to not email customers who have not opted-in to your marketing as well as customers who do not regularly engage with your brand. The process of identifying customers who aren’t engaged and excluding them from your messaging is called list cleaning. It’s important to not engage with people who don’t want to hear from you because it can impact your deliverability. If people aren’t engaging with your email, inbox providers will move your messages into their spam. If this happens regularly, the inbox provider will assume you often send spam and put all of your emails in the spam folder for all of your contacts. For more information, check out List Cleaning.

Additional Resources


Was this article helpful?
6 out of 8 found this helpful