Making your Outgrow Content compliant with GDPR Laws

The purpose of the GDPR is to protect individuals and the data that describes them and to ensure the organizations that collect that data do so in a responsible manner. The GDPR also mandates that personal data is maintained safely; in part, the regulation says personal data must be protected against "unauthorized or unlawful processing, and against accidental loss, destruction or damage."

Reasons for collecting personal data are also defined in the GDPR; the data that's collected must be for a specific and legitimate purpose and shouldn't be used in any way beyond that intention. The regulation also suggests limits on how much data is collected, saying that data collection should be "limited to what is necessary for relation to the purposes for which they are processed.

Under GDPR, companies can't legally process any person's personally identifiable information (PII) without meeting at least one of the following six conditions.

A. Express consent of the data subject.
B. Processing is necessary for the performance of a contract with the data subject or to take steps to enter a contract.
C. Processing is necessary for compliance with a legal obligation.
D. Processing is necessary to protect the vital interests of a data subject or another person.
E. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
F. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.

This document will help you understand how by enabling the GDPR setting in your Outgrow content/account, you can achieve compliance in accordance with GDPR Laws.

Enabling the GDPR toggle in your Outgrow Content/Account

If you want to ensure that your Outgrow content is GDPR compliant, you can follow the below-mentioned steps:

1. Login to your Outgrow account and click on your name in the top right corner.


2. Click on Billings & Settings in the account menu. For enabling the GDPR regulations for your complete Outgrow account, navigate to the Data Protection section and then click on the GDPR sub-tab. Toggle on the GDPR setting in this section. Once the GDPR toggle will be turned on, here is what will happen in your account:


2.1. On all the live content pieces, a cookie notification will appear at the bottom. Only when the user will accept the Cookie Policy, only then the traffic-related details will be captured for the respective user. IMPORTANT NOTE: For each content, you can modify the Cookie Notification Text, from the Cookie Notification section under the Configure tab.


2.2. A mandatory consent checkbox will be added to your Lead Generation form. You can modify the consent text by going to the Build tab and then navigating to the Lead Generation Form sub-tab. You can scroll down and see the checkbox field and can edit the text for the checkbox as shown below.




Even if you do not have a Lead Generation form enabled in your Outgrow Content, the cookie notification will still appear. For all old Outgrow content pieces that you have created before enabling the GDPR setting, make sure to add a consent box manually by going to the Lead Gen Form, clicking add a field, selecting others, and selecting the checkbox option.


2.3. Upon receiving Data Deletion requests, you can remove the respective lead by going to the Analyze tab in the specific content piece, and then clicking on the User Details sub-tab. Click on the cross sign to delete it as shown below.


Few Important Updates related to GDPR Compliance

1. You have the option to ensure all users double opt-in that is they provide consent on the lead generation form and then confirm their subscription via email. You can access this by clicking on the CONFIGURE tab then the integrations tab. Then click native and find your marketing automation tool or CRM. Setup the integration and then you will be able to configure the double opt-in email as shown below.


2. Our Data Center is in Dublin, Ireland. In case you choose to store your data in Outgrow, the data will not be sent to any country outside of the EU.

3. Data is stored in an encrypted format, and cannot be accessed by anybody apart from the rightful owner of the account in which the data is present.

4. The Google Fonts that are used in Outgrow, are stored locally on our servers.

5. We will be happy to sign a DPA if required.

Do you have any other questions? Feel free to reach out to us at [email protected], and our Data Privacy Officer will be happy to answer your questions.