How Thrive Themes Products Will Help You With GDPR Compliance

​Note: this post does not contain legal advice. Always work with your legal counsel ​to determine the right decisions to make about regulations.

The General Data Protection Regulation (GDPR) is coming for all of us. It's a set of EU laws​ and they apply to EU ​citizens. ​That means that even if your businesses is not in the EU, ​you're still potentially on the hook, because ​people from the EU​ can access your website​​​.​​​

At Thrive Themes, we have been hard at work to help you keep your website GDPR compliant in the easiest and most seamless ways possible.

In this post, you'll discover the GDPR related features that we've already released and get up to date information about the ones we're still working on.

More...

​What Do You Need to Know About GDPR?

This is not a post about GDPR and what it means for online businesses. There is plenty of content on that topic already. If you aren't familiar with GDPR and what it may mean for you yet, here are some useful resources for you:

The Features

At Thrive Themes, we're currently working on feature additions in our products that will make it easier for you to stay GDPR compliant. Here are the features and their current implementation status:

Lead Generation Checkboxes for Explicit Consent

Products:

Thrive Leads, Thrive Architect, Thrive Quiz Builder

Status:

Completed!

For lead generation forms created with our tools, we released a feature to add an optional checkbox for consent. This is so that you can have subscribers tick a box that says something like "I agree to receiving a newsletter and understand that I can unsubscribe any time". This way, you have proof of their explicit consent to receive messages from you. Learn how this feature works.

Data Overview, Export & Removal

Products:

All products

Status:

Completed!

An important part of GDPR is the citizen's right to know what data about them is being collected and the right to have that data deleted.

The WordPress team announced that a data export and removal tool will be added as a core feature. After a few delays, the beta version of this tool was finally released a few days ago. This is good news, because it means we can add data tracked by Thrive Themes products to this tool and you will have a central solution for managing data not only from our products, but from any other plugins and tools you might use (as long as they integrate with this WordPress feature).

Anonymized Data in Thrive Quiz Builder

Products:

Thrive Quiz Builder

Status:

Completed!

Thrive Quiz Builder can be used to gather insights about your audience, such as their personal preferences, their age range and gender or anything else you care to ask during a quiz.

We're about to release a new profiling feature which allows you to toggle between two types of data collection: anonymized and personal.

Personal data collection means you can see which visitor gave which answers, exactly. This requires explicit consent under GDPR. Anonymized means you can see the overall, averaged out results, but you can't track individual answers back to individual users.

Eliminating & Encrypting Personally Identifiable Information in Cookies

Products:

All products

Status:

Completed!

Cookies are an important convenience tool all across the Internet. Without cookies, you'd have to log back into every website where you have an account, every time you return there.

Thrive Themes tools utilize cookies in various ways and will continue to do so. We have released an update to our tools that encrypts or eliminates any personally identifiable information in cookies. Similar to the point above, it means you can still use cookies, but you can't tie tracking information back to a specific user, so as to protect their privacy.

Proof of Opt-In

Products:

Thrive Leads

Status:

Completed!

In the Thrive Leads reporting area, you can see a list of all leads that have signed up and you can see which of your Thrive Leads opt-in forms they have signed up for.

This counts as proof of consent: you can show that the contact with this email address signed up on your website, through a specific form. In other words: you didn't just send this person a spam message they never agreed to receive.

Coming Up

The deadline for GDPR compliance is May 25, 2018. Our team released all of our planned GDPR compliance features before this date and the last integration came into action with the WordPress update to version 4.9.6.

Coming up, we plan to extend and improve the lead generation element, to make the entire setup flow simpler. We have a good solution, but the flow was built without checkboxes in mind. Our next update will give you more advanced options and make things even easier.

Further, we are keeping an eye on GDPR features that are released by services we integrate with. Where it makes sense to do so, we will also update our integrations.

​If you have any questions or feedback about this, please let us know by leaving a comment below.

Shane

P.S.: If you're looking for the previous update video we created about GDPR features, click below.

GDRP features announcement video

Author: Shane Melaugh

Shane Melaugh is a co-founder and the CEO of Thrive Themes. When he isn't plotting new ways to create awesome WordPress themes & plugins, he likes to geek out about camera equipment and medieval swords. He also writes about startups and marketing here.

  • Nicola says:

    Thanks for this – be great to have the tick box available ASAP as obviously then we can make sure we’re compliant sooner rather than later – which means fewer people we have to go back to refresh consent from.

    • Shane Melaugh says:

      We will roll this feature out as soon as it’s ready.

      • Anita M says:

        Really hoping this will be very soon as Mailchimp’s solution is falling short of what I need for a Reconsent campaign… needing this real soon as closer to the date it gets the more chance I will lose a bigger percentage of my list.

  • Ulfried T says:

    Brilliant. Thank you Shane.
    Ulf

    • Shane Melaugh says:

      Thank you, Ulf. :)

      • Robert S says:

        Thanks, Shane, for your ‘above and beyond’ efforts in our behalf. With regard to the new changes that will be implemented, will you provide examples such as opt-in pages, etc. that will us better understand how this all works?

        As I have only one EU country where I’m doing business, I will just exclude it until the dust settles a little.

        Also will you provide some guidance about how we can create our privacy pages to be compliant with GDPR?
        Thanks!

      • Shane Melaugh says:

        Hello Robert,

        We’ve released this blog post with some guidance and examples of what to do about GDPR for email marketing. We may also provide further tutorials in the future, depending on what questions and feedback we get.

  • Joe G says:

    Damn, can’t I remain just a simple blogger pecking away at my blog? ;-)

    • Max says:

      Freedom of the press is limited to those who own one.
      —A. J. Liebling

      Seems that if the burdens of (Word)Press ownership can be increased beyond the practical ability of everyday-people/small-biz to carry, then… hmmm.

      • Chris L says:

        Another one who gets it!

      • Shane Melaugh says:

        This is definitely problem that small businesses are facing. I’m opposed to regulation like this, not because I don’t like protecting people’s privacy, but because they way it’s implemented is bad for small businesses. Huge, powerful companies can handle this kind of thing with their scores of lawyers and technicians. It’s the little guy that gets chewed up.

    • Shane Melaugh says:

      No, we can’t have that, sorry. We definitely need to get a bunch of rules, regulations and paper-pushers involved.

  • Pavel says:

    Awesome, awesome! We already have number 1 issue here in Russia, I’m glad that I can handle it soon with Thrive products!!!

    • Shane Melaugh says:

      Thank you, Pavel!

  • Baidhurya M says:

    Hey Shane, thanks for the update and I really appreciate you guys working hard to make Thrive products GDPR compliant :)

    Does work on these features impact release of new themes in any way? It will be good to have some clarity on release of new themes as well because it was promised quite sometime back and its now becoming a very long wait!

    • Shane Melaugh says:

      This is unrelated to anything regarding the new theme.

  • Steven B says:

    THANK YOU! For those of us smaller fish getting started in the online biz world, it is so very helpful to have someone know about, inform, and then assist with something I quite possibly would have walked into without any realization I was getting myself in trouble.

    • Shane Melaugh says:

      Thank you, Steven. We do our best to support the small businesses out there.

  • Matthias says:

    Thanks so much for helping us with the new regulations! Are you also planning a feature with a “Cookies get stored” bar? I have seen this on many websites, but I don’t know how to get it (actually do we need this for the new regulations?)

    • Rene says:

      Just install the plugin “Cookie Notice”. Go to ‘Add New’ under ‘Plugins’ and search for it:-)

    • Shane Melaugh says:

      No, we don’t have a plan for adding such a feature.

  • Sarah Arrow says:

    Fantastic – thank you for the update and the consent tick box sounds perfect. Will we be able to customise the text here?

    • Shane Melaugh says:

      Yes, the text will be customizable.

  • Larry says:

    EU-fornia

  • Lexi says:

    Thank you for having our backs!

    • Shane Melaugh says:

      It’s our mission to do so. :)

  • The Canadian CASL laws are also challenging (it asks for explicit consent to send info, etc.)

    It sounds like your changes would be helpful for those wanting to be CASL-compliant.

    If so, great!

    If not, can you please tweak it to also be CASL compliant?

    Thanks in advance.

    Trevor

    • Shane says:

      Being Canadian, I support and second Trevor’s comment on CASL. The checkbox on opt-in can provide our subscribers the ability to Explicitly consent.

      Thank you Shane M!

      • Shane Melaugh says:

        Yes, the same feature should cover you for CASL as well.

    • Chris L says:

      Thanks for letting me know to block Canadians from my sites, too!

    • Shane Melaugh says:

      Thanks for the comment, Trevor. We’ll look into this. On first reading, it seems that these features will also lead to CASL compliance.

  • Mark B says:

    This. This is why I am an unabashed cheerleader for Thrive themes! Clear and concise explanations along with clear and concise actions that are to me and my customers benefit. Superb.

    • Shane Melaugh says:

      Thank you, Mark!

  • Robert S says:

    Hi Shane, great to hear the news! Good Job!

    What is about Thrive Comments? Even only for comments we need a checkbox für explicit consent.

    Robert

    • Shane Melaugh says:

      Hello Robert,

      We’ve already added the checkbox for comments, in the latest release. :)

      • Gerlinde T says:

        Hi Shane,

        Thrive Comments is still not GDPR complient. The checkbox must appear before the Submit-button. But it appears only to get consent for sending email notifications for replies to the comment.

      • Thorsten says:

        Is there any explanation somewhere how to use and install that checkbox in the latest release? Or when and how new features are implemented? Thanks!

  • Thank you so much for all your efforts and for keeping our business safe.

    In regards to using other tools, I try to keep it down to Thrive Themes only tools, but I always end up using some others. That being said, will the new super theme be released along with the updates mentioned on this post, or will it be released prior to that?

    I’m sorry to ask, but I’m kind of struggling right now with “looks” and “feels” from other themes which are really nice, but not 100% compatible with Thrive Themes Tools (this is a new project I’m working on).

    Once again thank you so much for all your efforts, your great team and of course your great products and entrepreneurial vision.

    • Shane Melaugh says:

      The super theme is coming later. We’re going to start beta testing this month, so a full public release is still a ways out. These GDPR changes on the other hand will start showing up in the next plugin updates already and we’ll keep rolling them out as fast as possible.

      • John says:

        Hi Shane, Thanks for all you do. May I ask that you consider adding dates to the comments here…so that things like ‘this month’ make some kind of sense? Thanks.

  • Jesse C says:

    Thanks for staying on top of stuff like this.

    • Shane Melaugh says:

      We gotta look out for small business owners. This kind of thing is a massive obstacle for the kind of entrepreneur we build our tools for. It’s important for us to serve these entrepreneurs as best we can.

      • Tom B says:

        And Shane thanks for doing so. Grateful that you care… AND that your company as a small business has the critical mass to address it. Many don’t and their customers will be left hanging.

        When all is said and done, I can’t imagine the expense lines in your P&L associated with this effort for legal, development, and your management time to navigate it all. Grateful!

      • Shane Melaugh says:

        Thank you, Tom. It’s not good for our business any more than for the businesses of our users. But hey, entrepreneurship is problem solving, so let’s get it done. :)

  • Abigail says:

    Well I’m impressed by your commitment to deliver on these important legal changes! Thank you so much for making it easier for small business owners, it’s a relief…

    • Shane Melaugh says:

      Thank you, Abigail.

  • Ed Johnson says:

    Great to see ThriveThemes on top of their game again and adapting to the change. That’s why we love them. :)

    Looking forward to the update.
    Thanks, Shane

    • Shane Melaugh says:

      Thank you, Ed!

  • Detlef says:

    Hi Shane great to see you working on this issue. An another problem regarding gdpr compliance mighty be using google fonts within thrive architects. The ip address can be collected by google without anonymizing.

    • Shane Melaugh says:

      That’s an interesting point. I will have to do some more research on this.

      • Henning says:

        I asked already to have custom fonts with the architect. That would be a great way to implement google fonts on our own server.

        To be gdpr compliant I had to upload them via ftp, enter some new css but still it does not show up correctly everywhere ..

        So .. it would be really nice to have the custom fonts as soon as possible. (Or another solution for google fonts)

  • Hi Shane,

    Thank you for the information on the GDPR and for taking the necessary steps to help us comply. I love the work you guys do by the way – I can’t rave on enough about Thrive Themes and your plugins! If you guys ever want some good ideas for new features or plugins feel free to get in touch – I’m a fountain of ideas just lack the necessary coding skills to make them happen – so passing them off to you guys to implement would be the next best thing ;-)

    • Shane Melaugh says:

      Thank you very much, Richard! I appreciate your encouraging words. :)

      Regarding ideas: have you joined our beta testing group? That’s the best place for this kind of thing.

  • Patrick says:

    Hey Shane, fantastic. That was not boring at all. You’re looking out of your customers – us. I greatly appreciate that. Really!

    • Shane Melaugh says:

      Thank you, Patrick.

  • Rob Cooper says:

    Well done. Thank you. Should put a lot of minds at ease.

    • Shane Melaugh says:

      Thank you, Rob.

  • Nic says:

    Seriously cool … and what a painful process to have to undertake. Thank you … really … I really appreciate how you look after us thrive themers :-)

    • Shane Melaugh says:

      Thank you, Nic! It’s a painful process indeed, but we’re doing our best to make it less so.

      • David Alexander says:

        Hey Shane, what are the chances of Mailchimp allowing the checkboxes to work with your plugins, their GDPR checkboxes say they don’t support any integrations or APIs. Any ideas on if they are going to work with Thrive or if you will have to use a standard embed code instead or switch providers?

      • Shane Melaugh says:

        Thanks for your comment, David!

        Our hands are tied in this regard, until they update their API. There’s nothing we can do from our side.

      • David Alexander says:

        Thanks for confirming, hopefully, they will open it up soon or risk losing a load of customers that don’t want to mess with their fiddly code.

  • paxpa says:

    Good to know, thanks!

    • Shane Melaugh says:

      Thanks for your comment!

  • Leonardo R says:

    Hi, you’re doing a great job and you’re making things easier for your clients. I have a question related to this matter: I have a restricted area on my website and I ask people to register. Up to now, I also subscribed them to my newsletter. According to Gdpr this is not allowed anymore, is it possible to have a checkbox in the registration form, asking to subscribe also to the newsletter? If people don’t check it, they will only register on the website. Thanks in advance

    • Shane Melaugh says:

      If you use one of our lead gen forms to register the users then yes, you will be able to add a checkbox. If you use a different tool for the registration form, you’ll have to look for that tool to support the addition of the checkbox.

      • Michaela T says:

        Where will the data be stored, that the user selected the checkbox? I have to proove that he does.

      • Shane Melaugh says:

        It will be stored in the dashboard on your own site. You’ll have an overview of all the data needed for GDPR compliance, regarding all of our tools.

      • Michaela T says:

        Thank you!

  • Silvia says:

    Thx for sharing. Will you also provide contracts for order data-processing for your apps?

    • Shane Melaugh says:

      Hello Siliva,

      Can you explain what you mean, exactly? Since I don’t understand the question, the answer is most likely “no”, but I’d like to know more about what feature you’re looking for here.

      • Silvia says:

        Hi Shane, thx for your interest. It is a contract to show that you handle the personal data which we provide/store/process with the plugins in a way that meets the requirements of the new regulation. E.g. how you store the data, is it send via SSL or not, what would you do in an uncertain case of data loss, do you have an IT security concept …

        To comply with Art. 2 GDPR it is necessary to have a contract with every party in place. Thx for your help.

      • Shane Melaugh says:

        Thrive Themes does not process or store any data for you, in any form. Remember: we sell distributed tools. You run them on your server. You are not passing any data on to a 3rd party.

      • Tom B says:

        Thanks for the clarity: Thrive itself does not process data. Got it.

        As we are processing data with Thrive tools o our sites we will need to update our site’s T’s&C’s etc.

        It would be wonderful if you could help us out with updates to the Privacy, Terms, and Disclaimer copy as you have in past Theme templates.

      • Shane Melaugh says:

        I’m afraid we can’t do that without inviting all kinds of legal trouble. Our existing templates for this are already provided under the condition that you basically don’t use them and ask your lawyer instead.

      • Silvia says:

        Thx, that helps a lot :-)

      • Michaela T says:

        Hi Shane, doesn’t Thrive Leads transfer data to my e-mail provider?
        When I’ve got the right informations, than we need an data processing contract (in German: Auftragsverarbeitungsvertrag) from Thrive Themes.

      • Shane Melaugh says:

        Yes, but the data is being sent from your website, from your server. Thrive Themes (the company) is not involved in this transfer of data.

  • Martin C says:

    Hi Shane
    Will the check box on opt-in forms appear on all existing forms or will we have to re-create existing forms individually with the new checkbox? Thanks

    • Shane Melaugh says:

      Hello Martin,

      You will have to edit your opt-in forms manually. The type of consent needed (or whether you need extra consent at all) is highly context dependent, so there’s no catch-all solution for this.

  • Christoph says:

    Shane, this is by far the best post I have ever seen concerning GDPR. You made it to answer exactly all the questions I had in less than 5 minutes. CONGRATS!
    Best, Christoph

    • Shane Melaugh says:

      Thank you very much, Christoph.

  • Chris L says:

    Thanks for keeping us informed about this. We Americans fought a war in 1776 because we didn’t want to be ruled by Europe, and we fought two world wars to save Europe. I’ll just block EU residents from accessing my sites, because I will not be ruled by Brussels.

    • Nick B says:

      You are obviously entitled to your own opinion, but this is not about being “ruled” by Brussels, or anything for that matter.

      It’s about better protecting PEOPLE’s data and privacy and giving them some autonomy (back).

      And while I don’t like this from a logistics point of view (with all kinds of different tools this might be a real pain in the a**) – I think anything that helps protect people and their privacy from either themselves or companies they no longer trust with their personal data, is great.

      • Chris L says:

        I hope you enjoyed the Koolaid.

      • Shane Melaugh says:

        The problem I see with GDPR is not in the alleged cause of protecting people’s privacy. I’m all for that. The implementation of the laws is incredibly ham fisted, though and shows that the laws were written by people who haven’t the faintest clue of what it’s like to run a business.

      • Chris L says:

        Exactly

      • Nick B says:

        I agree. From a business perspective, like I said, it’s a pain.

        But even as entrepreneurs or people who run a business, we are still individuals first. And I think it’s hard to argue from a individual point of view that this is not a good thing.

        Even though the implementation is done poorly (like most of the times when goverments pass new laws that involves businesses..) – I feel looking at the bigger picture is (more) important.

        Anyway. Looking at this wearing two different hats (our individual vs business pov) is probably where most of disagreements and mixed feelings come from.

      • Ricardo R says:

        exactly

      • Yes Shane, and the same was true of Mark Zuckerberg’s testimony before the U.S. Congress. It was obvious senators had not done their homework, resulting in one of my now-favorite memes: Senator, We Run Ads.

      • Web 2.0 says:

        Yeah, Nick, you tell ’em. Mussolini made the trains run on time, and that was “great” too, in your logic.

    • Edward S says:

      Without the help of France you would not have won that war in 1776.

      • Shane Melaugh says:

        I think we may be overreaching into the annals of history, as it relates to legislation for Internet businesses…

    • David G says:

      I totally agree!!!

      NOTE: I absolutely LOVE ThriveThemes. LOVE IT. I wouldn’t think of using anyone else. So this rant is NOT about ThriveThemes. This is about the stupid GDPR…

      I have already blocked all EU countries (and quite a few more). Merely LOOKING at a website starts the whole “data” thing. I’m not going to waste my time saving data on people who come into the equivalent of a bricks and mortar store and end up telling me they’re “just looking.”

      According to the EU, anyone can be “just looking” but I’m supposed to use the data-gathering equivalent of the FBI/CIA/NSA and hand over their data at their request, and do it politely? FOR FREE?!?! I didn’t go into business to merely gather, process, control, and give away (FOR FREE?!?!?) what is commonly known as market research — which, according to U.S. laws — is proprietary information not required BY U.S. law to be given away for free to just anyone (including persons “subject” to EU laws). What if people who are “just looking” ARE criminals already? Wouldn’t the FBI/CIA/NSA want to track them? HELLO! I certainly don’t want to be aiding and abetting a bunch of illegal activities that are illegal according to U.S. law.

      Why on earth is anyone using their real name in their email address anyway? It’s not my fault or responsibility what people do with their data online! And it’s not their “jurisdiction” what happens on my website (or behind the scenes where only legal activity takes place, mind you).

      If my physical eyes SEE an EU resident, how on earth am I supposed to follow GDPR — erase their data from my BRAIN when they request their stupid “right to be forgotten?” These stupid GDPR “laws” don’t make any sense in the physical realm! It’s totally outrageous! The EU, itself, can’t even make it work!

      And since reports (as of this writing) are saying that up to 90% of all European companies online and offline are NOT compliant with GDPR (and won’t be by the May deadline), that makes ALL OF THEM operating illegally. And you think the BURDEN of proof is on ME for being legally responsible with their data?!?!? Why should I have the burden of proof for what WILL BE legally designated as non-compliant and therefore ILLEGAL activity on the part of European citizens?!?! My solution: block them. Too much unreasonable and ill-thought out “legal” nonsense. It’s not how physical reality actually works — offline or online. It’s not how LAW works, either.

      GDPR is not at all congruent with current U.S. FTC regulations (not to mention the constitution). The EU has no jurisdiction over the Department of Homeland Security, either. A living person, by definition, is not “the sovereign” such that wherever that person “goes” (online or offline) their “sovereign” jurisdiction follows. When Americans are in Europe, we drive on the side of the road required by your jurisdiction. But when you’re on our land, you drive on OUR side of the road. Got it?

      The GDPR is not legal in the U.S. for all kinds of reasons not the least of which is this: it’s a coerced contract and all coerced contracts are considered legally VOID. Websites in the U.S. are under U.S. jurisdiction AND individual states’ jurisdiction. My business is in the U.S. and other state jurisdictions. Nothing I do is in the EU. I do not target it and I don’t want it. Don’t make ME responsible for something I do not intend to have anything to do with or, now, want to.

      A person “going through” a website they do not own, operate, control, process, etc. is, by definition, not in some kind of sovereign bubble, legally speaking. Their “data” is IN CONTEXT with what they actually DO on a particular website — i.e.: the jurisdiction in which the website, itself, resides and is created in. Literally speaking, any one person going on a website is in someone else’s property. If you come into my house, what you do in it is not “owned” by you, entirely. I can’t behave your behaviors but you can’t “own” the effects of you being in my house. That doesn’t even make any sense in physical reality!

      Besides, how about this: suppose a data subject sends a website owner (data controller/processor) a request for their data files and the website owner (et al) realizes that with third party vendors, etc., it just isn’t possible or realistic to be in possession of a data subjects precious data. It’s already all over the internet because the data subject, themselves, WENT on the web and did stuff. I didn’t do that with their data, THEY did. So, before the dat subject gives a website owner (et al) “consent,” why not put the burden on the data subject IN THE FIRST PLACE by requiring the data subject to send the website owner a file of ALL THEIR DATA ON THER INTERNET so that if/when the stupid data subject sends a website owner the stupid request you can just send it right back to them (since this is exactly what the depth and breadth of GDPR is really about anyway — outsourcing the “scrubbing” of every EU resident’s “data” from the internet because EU residents refuse to take personal responsibility for what they, themselves, actually DO with their data.

      • Shane Melaugh says:

        The burden placed on website owners by these regulations is indeed ridiculous. What’s worse is that there’s a lot of grey area in these regulations. Changing a few words on a landing page can make the difference between needing multiple checkboxes or none at all.

        Just as with the VAT MOSS laws, they’re basically placing a huge obstacle in front of businesses and giving themselves the leverage to sue and fine small businesses out of existence. As I’ve stated in other comments, I’m in favor of protecting people’s privacy, but not like this.

      • David G says:

        Thank you for all that you and the ThriveThemes team do, Shane. I am always impressed by what all of you do for us who use ThriveThemes. Just amazing. So much value!!!!

        And thank you for letting me rant, too, about GDPR. I agree with you about the importance of privacy. While we’re going to be as compliant with GDPR as possible, I have to restructure all our systems for the worst case scenario (that “nightmare letter” I found online was actually a blessing in disguise — some legal expert wrote it to get us all thinking of the worst case scenario and what that would entail. And it really IS a nightmare — it makes me think of getting bogged down in talking to endless users about all their data while NOT doing the business we originally set out to do. Not fun at all.).

        So, after reading all about GDPR from legal experts for over a week now (and still going…), our “legitimate” and “legal reason” for doing business online (and I thought BEING a business WAS the “legal reason” for using data. Unbelievable. LOL!)… is to force our website users to:

        1) check boxes for all the GDPR stuff
        2) accepting our website’s terms and conditions
        3) checking a box that the user gives “explicit consent” (!) that they are NOT a European resident and are a U.S. citizen only (our training really is U.S. specific, luckily).

        I’m not a lawyer, but I do know that we’re covered by U.S. federal law as well as California law (and a few other U.S. jurisdictions, too, not to mention our Federal Trade Commission and U.S. Patent laws) — so the only way to fully protect ourselves is for the user to enter into a contract — and that sucks. It is so utterly ridiculous — as if going into a traditional “bricks and mortar” store just to look and not buy anything now has to be the same thing as having to enter into a legal contract. Wow.

        But this seems to be the best LEGAL way for us to do our online business while being protected/compliant. We have to have the user agree to the jurisdictions WE are in, while doing the whole GDPR compliant thing. I noticed a whole bunch of pro-GDPR “plugins” are now for sale, for annual subscription fees of over 300 Euros (and higher). That seems like a total scam to me. Money grab.

        What I don’t understand is why some EU “authority” didn’t come out with a free plugin to help with their OWN citizens’ compliance (and everyone else’s). If they had done that, I might understand the alleged “privacy solution” known as GDPR. Until then, I don’t understand it and it is entirely impractical and takes traditional communication, itself, and market intelligence and turns it upside down. I keep thinking of all the security cameras, microphones, and everyone’s smartphones — that’s a LOT of everyone else’s data that, probably, won’t be GDPR compliant. LOL! Oh well.

        Anyways, thanks again for all that you do. I appreciate all of it very much! Cheers.

      • Michael C says:

        Thanks, Shane. I would love to hear your wisdom regarding “Changing a few words on a landing page can make the difference between needing multiple checkboxes or none at all.”

        If you don’t mind, would you show us how to do that on our landing pages and opt-in forms, especially those of us just starting to build our lists, who don’t want to frighten people from signing up with multiple opt-in checkboxes?

        I just viewed the new MailChimp GDPR-compliant forms and am not sure I would opt-in to any list if I saw all that.

        Currently, I don’t believe I have any EU subscribers and am primarily a US-based list.

      • Shane Melaugh says:

        I’m working on a post that will explain this in detail.

      • Tasha says:

        David, if I could give you 1000000 up votes I would! You just said what I was unable to express in words myself. It is, in fact, the dumbest, most annoying, and ridiculous thing I’ve seen/heard/read since “that guy” took office!

    • Greg P says:

      Yeah… I’m with you Chris.

      And for anyone who wants to protect their privacy, it’s simple – leave the Internet. It’s not mandatory to visit anyone’s website, nor enter any personal data. No, really…

      As usual, regulators find idiotic ways to irritate the people who actually do care and play nicely online, while doing nothing to find and prosecute the criminals whose INTENT is to steal, manipulate and decieve.

      GDPR will do precisely nothing to stop data thieves with nefarious intent.

      And once we’ve swallowed this regulation in that name of ‘privacy’ and ‘safety’, or whatever other slimy name they want to give it to sell it to the sleep-walkers – what’s next?

      • Leslie says:

        “As usual, regulators find idiotic ways to irritate the people who actually do care and play nicely online, while doing nothing to find and prosecute the criminals whose INTENT is to steal, manipulate and decieve.

        GDPR will do precisely nothing to stop data thieves with nefarious intent.”

        — Agree 100%!

    • Ana B says:

      I agree with you, Chris. Gdpr is going to penalise honest people who slip or get confused (crooks will keep on being crooks, they’ll just get creative and work around it as they always do) There has always been an unspoken agreement in place between marketers and subscribers: you get my free content and in exchange I’ll send you an offer every once in a while. By the way, you can get out of it at any point by hitting UNSUBSCRIBE! Instead of going after the existing crooks, EU bureaucrats are now making the lives of lots of honest people more difficult in the name of “protection”. I’d like to know what their plans are for the group who hacked my website a couple of months ago.

    • Chris L says:

      I refuse to comply so I am now blocking all EU traffic on all of my sites.

  • Danielius G says:

    I am really glad that EU is doing this for us!

    • Shane Melaugh says:

      I think the goal of protecting people’s privacy is good and important. The implementation is very poor, though.

  • Yannick D says:

    Thanks a lot Shane and the team for these important improvements

    • Shane Melaugh says:

      Thank you, Yannick.

  • It’s great to hear you are working hard to provide these features. Thank you very much. What about the other plugins like for example Thrive Ovation and Ultimatum? Are they also tracking personally identifiable information?

    • Shane Melaugh says:

      Hello Andrea,

      In Thrive Ovation, it’s a matter of clearly stating what the form is for on your testimonial capture page. This is something we’ve advocated from the beginning and requires no extra consent. This is because the testimonial capture form doesn’t sign anyone up to a newsletter and doesn’t haven any other, non-disclosed purpose. The visitor should know that they are submitting text that can be published on the site as a testimonial.

      For Thrive Ultimatum, we are looking to remove all personally identifyable information from what we track.

      • Thank you Shane for your answer.

      • Birgit says:

        Hi Shane,
        great, great updates!!! (living and working in germany and using ThriveOvation and ThriveUltimatum lockdown campaigns very often)

  • Luis says:

    Thanks for keeping us in the loop. I had no idea that even existed. Thanks for leading us and being on top of your game. However, I would ask for a favor, when this May 28 date comes to present, can you do a video tutorial on how to use these features you are adding? I ask so that we can effectively honor the rules and for us to protect ourselves.

    • Shane Melaugh says:

      Hello Luis,

      We will create some more content related to this. However, I’m not a lawyer, Thrive Themes does not practice or consult on legal issues in any capacity and while we will share some of our thoughts and opinions on the matter, we have to disclaim that anything you read here regarding legal matters is for entertainment purposes only. You have to consult with a lawyer who knows about about laws in your own jurisdiction as well as internationally, to come to the right decisions for your own business.

  • Tom B says:

    Shane… Love what you guys do. Thank you!

    I didn’t catch you mentioning IP address capture. If you did my bad. I’ve been talking to support for months on this topic with no resolve. Ug!

    Thrive tools don’t capture nor can they pass on IP address data for subscribers… this is required the world over for anti-spam law compliance.

    Please please include IP address data capture.

    Your recommended method for optin forms is:
    – build a form with Thrive tools; then…
    – integrate an email service provider ESP.

    However, anyone that does this is NON-compliant!
    Wait?! What?!

    For example, all Canadian and US users of Thrive products are currently by default non-compliant with anti-spam laws.

    My question is:
    –> Will you be addressing IP address capture in the GDPR upgrades to the Thrive product suite?

    ———————————————————-

    PS. A Wish-list request: Please, build a credit card processing plugin. The purchase process is a complicated mess out there in WordPress land… it needs some “Thrive’ing”.

    • Chris L says:

      > For example, all Canadian and US users of Thrive products are currently by default non-compliant with anti-spam laws.

      That’s not even close to correct. What do anti-spam laws have to do with a WP theme?

      • Tom B says:

        Hey Chris, thanks for chiming in!
        Good question/point. Let’s learn together.

        Other’s please chime in as well. Let’s create discussion as this is important.

        The fines in some countries are as high as a million dollars a day! We can’t afford to get this wrong.

        Let me first say, if I’m missing something please point it out (and be polite about it if you don’t mind :). I’m not busting anybody’s chops here… just asking the question, creating discussion, and seeking insight from other Thriver’s.

        If you have insight please share and help us all learn.

        For more context, I understand the 3 key pieces of data required for most anti-spam compliance requirements around the world are: *whom, when, and where*.

        1. Whom – Email address of whom it is
        2. When – Date Optin occurred
        3. Where – IP address if online, or a store address if brick and mortar, or networking event if verbal discussion.

        ~ ~ ~

        To address Chris L’s question directly… your’s and my websites are built with our chosen Theme and Plugins. In this case, Thrive tools: a given Thrive Theme and various Thrive Plugins, for example, Thrive Leads.

        Do you agree then that our websites are our platforms?

        The question then is: What platform do you have Optin forms on? If not your website where?

        How do you collect user information? If not your website Optin form, then where?

        Now if your website Optin form does not do the job of collecting the required data to be compliant with anti-spam laws… how can you be compliant? You can’t.

        –> The tools we use to collect user data have everything to do with anti-spam law compliance.

        Here is a scenario:
        What data are you going to bring to court to give to a judge if your Optin forms can’t collect the whom, when, and where data? Your defence would be weak.

        Again, with daily fines in some countries of $1,000,000.00… a million a day… this is no small thing.

        ~ ~ ~

        Let’s pause for a second with a legit question right here…

        If Thrive tools aren’t going to pass on the data you need… What do you and I do? How do we collect these simple pieces of data from our Thrive Optin forms?

        If not from the Thrive Theme and Plugins we use to build our sites… then where?

        Perhaps install yet another plugin to collect data… that Thrive is already sitting on? In my opinion, not good.

        Thrive Optins are passing Name and Email address data already… why not IP address to complete the *whom, when, and where* data set?

        To have tools that do not do the job we need as business owners of a website… then we have to look elsewhere.

        Look, I love the Thrive tool set… I’ve been a user paying my dues annually since it launched in 2014. I’m not being dramatic… just saying to the Thrive gang… “Hey, help us out and do one more little thing…

        –> Please collect and pass on the IP address of the subscriber… just like every ESP out there is doing… do the same.

        The moment is right when the data collection of name and email address occurs on an Optin form… this is the moment it needs to be collected. It’s not hard. The data is sitting right there but currently NOT collected by Thrive tools or Optin forms.

        I know this, because I’ve tested this. And I’ve been in discussion with support for months with no resolve.

        Go look in your ESP database for the IP address from a Thrive Optin form. It’s not there.

        Your ESP will say you used a 3rd party Optin form that is not passing on the IP address. Then they will suggest to stop using that 3rd party form but use their form. That is what they said to me.

        It would be great if Thrive tools did this so we aren’t forced to use the ESP’s Optin forms?

        I don’t want to use the ESPs Optin form… I want to use the high-converting Thrive Optin forms! It is the reason we purchased them in the first place.

        ~ ~ ~

        Summarzing the topic…
        To be comfortably compliant one would need to stop using Thrive Optin tools… and only use the ESP optin forms that are:
        – not as flexible for design…
        – nor as easy to use…
        – nor as high-converting…
        – nor recommended by Thrive.

        But from the video above, I don’t recall that Shane addressed the *IP address* data point in this recent GDPR video.

        So I happily bring it up here… seeking to create discussion and insight from you all.

        ~ ~ ~

        Thrive does not have a user group like most companies do but defaults to the blog here so share this out, comment, click the vote button.

      • Stefan C says:

        Good point, I didn’t know that. It’s sad we can’t have both high converting opt-ins and compliance at the moment. I guess that’s because most people are not aware of their obligations regarding this. When people become more aware, companies will adapt and provide what they need.

  • Lewi G says:

    Thank you for this focused information Shane. In a way, it makes it easier and more focused to use your products for most of my opt-in needs, so I won’t have to coordinate too many technologies across multiple platforms There are so many features I have yet to put to use with Thrive products, this gives me extra incentive to do more with Thrive Themes–knowing you’re covering most of our concerns. It gives me more confidence to use your products.

    • Shane Melaugh says:

      Thank you, Lewi!

  • Mrinal says:

    that sounds promising!!

    Do we have to replace our opt-in forms or will there be an update which aromatically adds the consent column?

    • Shane Melaugh says:

      You’ll have to edit your forms.

      There’s no catch-all solution here because the type of consent needed (or whether you even need additional consent) depends on your offer and the copy in your opt-in form.

  • Jim says:

    Ok what am I missing here?

    How exactly does the EU have jurisdiction over non-Europeans so that their laws “apply” to us? I understand they want their citizens to be protected, but how can they legislate what the rest of the world does?

    • Peter H says:

      They don’t have jurisdiction over non-Europeans, so they can only hope that the rest of the world applies it voluntarily.

      It’s another story, for example, if a US business has an EU branch – like Google does. Then they have to comply.

      • Shane Melaugh says:

        They can still try to enforce it. Unlike the EU VAT laws, there’s no money in it for them, so they probably won’t go after it as hard. But technically, you have to comply if you have EU visitors on your site.

    • Chris L says:

      Glad to hear someone else gets it!

    • Shane Melaugh says:

      I’m not a lawyer and I don’t know how they intend to enforce these regulations. We’ll have to wait until actual cases start rolling in and the rulings from those will set more practical precedent.

      • Louise B says:

        There is a British solicitor who has started a really helpful and balanced FB group on all of this – it’s worth joining.

        She has been creating daily videos covering topics and clearing up some misconceptions on whether or not you need a double opt in etc. She isn’t dogmatic and often balances the risk with the letter of the law.

        She of course has a product to sell, but the group isn’t all about that and she gives lots of value: https://www.facebook.com/groups/GDPRforonlineentrepreneurs/

      • Shane Melaugh says:

        Thank you for the recommendation, Louise!

    • Tom B says:

      Jim… it’s simply the visitors to your site. If from the US you need to follow US rules. If from Canada, must follow Canadian rules. If from EU, must follow EU rules etc.

      Or… do as Chris L is planning… blocking users from said countries and then not have to worry about it!
      I love the simplicity of that solution.

      • Tasha says:

        Tom, that’s not the way it works. If you’re in the US, and I (from Canada) visit your site and optin to one of your freebies, you don’t have to use double opt-in for me (which is the law in Canada). It would be complete mayhem if, you as a website owner, had to comply with the rules of the countries of everyone who came to your site.

  • Clare says:

    Hi Shane
    Thank you for the update.

    Two quick questions:

    1. Please confirm that you will be supporting MULTIPLE tick boxes, connected to storing permissions in, say, Convert Kit etc. We need to offer granular consent, so in some cases will need more than one tick box.

    2. Please could we have the tick box functionality ASAP. It isn’t just Thrive Themes that needs to comply by 25th May, it’s us, too. I have over 200 landing pages / forms / content reveals that I need to change and I can’t do this until Thrive gives me the functionality. When will we get ETAs for this, so we can plan in this work?

    It would also be good to know what you are doing to support ‘right to erasure’ and to make sure that Thrive Comments are compliant.

    Thanks
    Clare

    • Shane Melaugh says:

      Thanks for your comment, Clare.

      1) No, we will roll out the feature with one checkbox. We might add functionality for more in the future, but in general, I don’t recommend adding lots of checkboxes. It’s better to clearly communicate your offer in the opt-in form in the first place, instead of asking a visitor to understand and confirm a lot of fine print.

      2) We will roll it out as soon as it’s ready, yes.

      • Sofie C says:

        1) That might be better for marketing, but not for compliancy. GDPR requires granular consent, as mentioned, for signing up AND for having read the privacy policy AND for possible other things, such as receiving an incentive or participating in a giveaway.
        I really appreciate that you’re marking Thrive compliant, but if it’s not fully compliant, all the effort is wasted.

      • Clare Josa says:

        Hi Shane,
        When will we get the check box, please?
        I have over 200 forms / content upgrades / pages etc to update and can’t start this work until I can get Thrive Themes to add a tag in Convert Kit if the box is ticked.
        I’m effectively paralysed on my GDPR compliance work.
        The laws come into effect in 4 weeks and I’m still signing people up who I will have to reconfirm, which makes me look stupid and is so frustrating.
        It’s nearly a month since you published this.
        What’s the timing? Please? ‘Urgent’ no longer describes how soon we need this.
        Thanks,
        Clare

        P.S. I’m with other commenters – some will need more than one tick box, because that is the nature of their business. To tell them they can’t have it means it might be impossible for them to comply with the law. Consent has to be GRANULAR and ACTIVE, which can mean 2 tick boxes. Please reconsider.

      • Shane Melaugh says:

        We don’t have a release date for this. We are currently working on these features and will release them as soon as they are ready and tested.

      • Sofie says:

        So not necessarily before May 25?

  • Henning says:

    Great so far … thank you. I suppose this checkbox is for the API-connection?

    Another thing we have to have in mind are the social buttons.

    We have to make sure they only connect to facebook, twitter, istagram … if they are pushed from the visitor.
    Any plans on that?
    As far as I know only the shariff-buttons have this feature ..?
    https://github.com/heiseonline/shariff

    • Shane Melaugh says:

      Hello Henning,

      Yes, this applies to our API connections.

      Our social buttons never have loaded any scripts from the social networks on your site. That’s one of the reasons they load about 10x faster than the official sharing buttons. ;)

      So for the buttons, there’s nothing further that you need to do.

      • Thomas H says:

        Hallo Shane,
        this Point with the social Buttons in Thrive architekt, is really important. And in my opinion only a few people know about this.
        I was looking for a solution for the socialbuttons… and i got this Side via google.
        Just Write a newsletter or make a Little video. Your users in Europe will thank you very much.
        Thrive Architekt is just “Great stuff”…

  • Ingmar says:

    great service by TT. glad to have you with me

    I already use double optin! do I need add checkboxes as well? Looks like triple optin then tzzz …WTF EU

    • Shane Melaugh says:

      Yep, confirmed opt-in doesn’t cover you for this. Not in every case, anyway.

  • debra3 says:

    I used to state under the signup forms that submitting the form meant that they gave us permission to email them on a specified schedule and they could unsubscribe at any time.

    Now, if we have to add an extra box for them to check to give us that permission – what does it mean if they submit the form but don’t check the box? I only want to give my free material to people that want to become regular subscribers.

    Also, how would our email systems separate those folks that checked the box versus not?

    My website will be intentionally targeting an audience within a specific region inside the U.S. I plan to specifically state who my material is designed for, including where they are located. This is appropriate, as I offer gardening instructions most suitable for a specific region.

    From what I’ve read, if I don’t target folks in the EU and don’t track their data, I have no need to comply with all of the GDPR requirements.

    Is there any way for me to automatically or periodically identify those folks from the EU that may have signed up for my website or services, despite my audience specifications, in order to purge their data and stop tracking them?

    • Chris L says:

      Yep, why would someone give you their email address if they don’t want you to email them? It’s not like you’re sending emails to random people.

      Your autoresponder service should let you find people by country, then you can just delete the ones in the USSR, oops, I mean EU.

    • Shane Melaugh says:

      Hello Debra,

      I’m not a lawyer and you shouldn’t listen to anything I say on this matter.

      One of the most hairbrained rules in GDPR is that you aren’t allowed to disadvantage people who don’t want to sign up to your newsletter. Meaning: if you have an opt-in form that states “get my free report” and someone doesn’t check the box to be added to your newsletter, then you still have to send them the free report, but no other emails.

      However, this is mostly semantics. If your offer is instead: “Sign up to my newsletter to get my free report” then you don’t need a checkbox and you don’t have to send the report to anyone who doesn’t sign up, becuase the report is part of the service you provide with your newsletter, which is what people sign up for…

      Regarding regions: you can get out of GDPR compliance if you can prove that EU citizens are in no way targeted or appealed to on your site. We’ll have to wait for actual cases to come in, to see how this plays out in practice. Right now, it’s just a damocles’ sword dangling above everyone who’s ever used an opt-in form or sold something online.

      As for identifying people from the EU: you’re not allowed to do that without getting their consent first. So, scratch what I said previously. THIS is the most hairbrained thing in the GDPR.

      • Gerfried says:

        Hi Shane,

        thanks for your work on this topic. This article and the discussion contains the most concrete, usable advice I’ve found so far. Most blogs just re-iterate the legalese without any real advice about how to implement it.

        Anyways – does this mean that when an offer is worded as per your suggestion above, we don’t have to use the new checkbox feature? Frankly, I would much prefer that…

      • Tom B says:

        Wait… and further (and similar) to Gerfried’s point… are you suggesting/educating/creating awareness (and not in any way providing legal advice) that:
        – if EU persons are not specifically targeted by our sites
        – nor do we identify them as EU people
        – we just market to the world in general
        – we collect in a single currency – US dollars…

        …We don’t need to worry about GDPR?

        Shane writes: “…you can get out of GDPR compliance if you can prove that EU citizens are in no way targeted or appealed to on your site.”

      • Shane Melaugh says:

        Well, it’s one of those gray areas, but yes. There’s a clause that at least provides wiggle room. Specifically this one. This is convoluted legalese, as to be expected, but it seems that if your site doesn’t feature a language spoken in the EU and doesn’t offer products in a currency used in the EU, you might be off the hook.

        It’s one of those things where we’ll have to wait for actually cases to be processed, to set a practical, legal precedent.

      • Shane Melaugh says:

        Hello Gerfried,

        Thank you for your comment!

        I am working on a piece of content that provides some practical guidelines regarding what to do about these regulations. I’m getting it all checked with lawyers as well, so it may take a bit longer to complete. But I hope to be able to provide thorough answers. At least as thorough as the regulation allows for…

      • Gerfried says:

        Thanks Shane.

        I know you said that people can’t be forced to accept a newsletter in response to another comment. I just found a claim that this is what google does though: https://www.onlinegrowthguru.com/email-gdpr/ (paragraph “force people to click”).

        In case your lawyers find a feasible workaround (like wording the offer as per above, “Would you like to receive my newsletter in return for a free report?”), will there be an option to only allow for subscription when all the required checkboxes have been checked?

        (I mean, legalese aside: Why would a business give away anything for free? Will we soon be required to deliver the same services and products to non-paying customers as to our paying customers in order to avoid discrimination? Lawyers/politicians, seriously!)

      • Shane Melaugh says:

        There’s definitely leeway here, depending on how the offer is worded. Basically, if you advertise your newsletter and one of the services people get from your newsletter is a downloadable PDF, you should be fine.

        However, this is all a grey area until we see some legal cases and rulings.

      • debra3 says:

        I am planning to target people located within a very small region (within a particular state in the U.S.). I actually do not want anyone from outside this particular area to have any access to my website.

        I only want people inside my local region to join my membership, as the information is designed specifically for this local area.

        So, I am looking into using a plugin that will limit access to my website to folks only inside my target area. But then I noticed your comment: “As for identifying people from the EU: you’re not allowed to do that without getting their consent first.”

        That’s pretty insane! I’m not targeting folks in the EU, and I’m not going to allow them access to my site (along with nearly the entire world). I am NOT going to ask their consent to identify them so I can block their access to my site.

  • Gerlinde T says:

    Thank you very much, awesome! What about Thrive Comments and Thrive Ovation?

    • Shane Melaugh says:

      In Thrive Comments, we already implemented a checkbox to get consent for reply notifications. In Thrive Ovation, it’s a matter of clearly stating what the form is for on your testimonial capture page. This is something we’ve advocated from the beginning and requires no extra consent. This is because the testimonial capture form doesn’t sign anyone up to a newsletter and doesn’t haven any other, non-disclosed purpose. The visitor should know that they are submitting text that can be published on the site as a testimonial.

      • Stefan C says:

        Hi Shane, will I have to purchase thrive comment or it will be included for those who just have the theme? Thanks

  • S says:

    Thank you

  • Ned says:

    Hi,

    Thanks for the update.
    Will it be possible the customer not to be able to hit the subscribe button unless the required check-boxes are ticked?

    THanks!

    • Shane Melaugh says:

      This is one of the crappy things about GDPR: you aren’t allowed to make checking the box mandatory. Not under certain circumstances anyway. For example, you can’t offer a downloadable and make signing up to a newsletter a mandatory part of it.

  • The first poster is spot on! In the UK we will be letting people know from the auto-responder confirmation that GDPR is not relevant and by opting in they are accepting all responsibility. Information will never be misused or sold. Very thankful for BREXIT and to pull away from the powers of Brussels. EU needs to focus on bigger problems rather than optins LOL! If they carry on with trying to rule the world, Brussels and Germany will be the only countries left in this “European Union”. I recommend also to get hosting from NON-EU countries, use a VPN and keep yourself safe from these PIRATES.

    • Shane Melaugh says:

      Brexit won’t save you from this, I’m afraid. The UK have already stated that the same rules will apply in non-EU UK.

  • Chris says:

    Thank you so much for taking this burden from us!

    May I suggest, that when you are now pimping Thrive Quizzes, to add some functionality so that it can be used as a real survey tool to ask specific questions to clients where their answers can be stored by tagging in Active Campaign?

    • Shane Melaugh says:

      Thanks for your comment, Chris. We may add some more features to Thrive Quiz Builder in the future, but for now, our focus is on improving Thrive Architect and releasing a new theme.

    • Tom B says:

      Great point Chris. It would be hugely valuable to tag into ActiveCampaign from the Quiz builder.

  • Shane Melaugh says:

    Thank you, Marco!

  • Edward S says:

    Thank you very much for taking us by the hand in this.

    I actually am glad this has come up, because I’d been procrastinating over my privacy policy and now I think it is good to have clear guidance.

    • Shane Melaugh says:

      Thank you for your comment, Edward.

  • Mikey L says:

    When will these options be available on the Thrive leads and Quiz? Also is we integrate our Thrive Leads with Mail chimp what do we need to do?

  • Ulf Z says:

    Hello Shane and Team,

    do we need a “Vertrags zur Auftragsdatenverarbeitung”/ “Contract for order data processing” with you because of that?

    If so, where we get this?

    Best Regards

    • Shane Melaugh says:

      No. We are not processing any data for you. It’s all happening on your website.

  • Markus says:

    Like already said in the comments: A problem will also be the Google Fonts used in Thrive Leads and Architect. A great feature would be just to somehow have an option to deactivate the loading of Google Fonts and choose some local stored fonts.

    • Shane Melaugh says:

      According to what I’ve read, Google Fonts are fine to use because Google have feature they call “Privacy Shield” which will not track visitors coming from the EU.

  • Stefan C says:

    Hi, regarding the Data Overview & Export, will it apply to the comment section as well?
    Thank you

  • Jan says:

    Thank you so much for helping us with all this GDPR Crap. I’m soo relieved that Thrive is caring about making all those great Plugins compliant. BUT I came across one stumbling block and maybe you can help me out with it: I heard that with the GDPR it’s no longer legal to use the normal social media share buttons, because these send informations to social media sites even when website users don’t click on them. Are the social media share buttons from thrive themes compatible with the GDPR or do they send informations to the social media sites by just visiting the website like the normal share buttons do, too?

    • Shane Melaugh says:

      Hello Jan,

      Yes, this is correct but it only applies to the official sharing buttons. Meaning: if you go to Facebook or Twitter or whatever and you generate their social buttons and add them to your site, they load a tracking script. They’re basically monitoring visitors on your site, through these buttons.

      However, if you use the social buttons built into Thrive Architect or one of our themes, you don’t have this problem. These buttons don’t include any tracking scripts, so no extra consent is needed.

  • Thomas O'Toole says:

    Thanks. I think it’s great that you are doing this.

    • Shane Melaugh says:

      Thanks, Thomas. We’re doing our best to look out for our users.

  • Lorenzo D says:

    It’s nice that we can at least count on you guys being helpful.

    I’m sure these regulations have a purpose other than kicking small and medium businesses in the teeth, but they sure read as that’s the goal.
    On top of being hamfisted and byzantine, they are also unclear.

    I’ve been reading various guides about GDPR, and the situation is not clear at all…but it seems to me that if you must inform the person of every minute detail concerning their rights and your handling of their data before they can give active informed consent, the only way to be compliant is to link the full privacy policy + terms of use in the check-box text, and make the ticked box a required condition for signup.

    Will we be able to make the box tick required to subscribe?

    Will the ticked box be somehow recorded in the email marketing software as proof of consent?

    • Shane Melaugh says:

      Thanks for your comment, Lorenzo.

      It’s quite context dependent. If you take some parts of the regulations, it does indeed seem like you’d have to pop up a new prompt asking for the visitor’s explicit consent every time they click on something or make any move on your site. But in practice, you can be compliant without being that annoying.

      You can’t make the checkbox required. That would no longer be compliant with the regulation, unfortunately.

      • Lorenzo D says:

        I see. So how do we know whether we have consent or not? Does the checkbox trigger a tag or something? This will make things more complicated on the email software front as well, many are not used to segmentation, conditions and such. For some, it will probably mean having to switch to another email marketing software altogether.

        The solution I’m looking at is using correct semantics on a first form, the freebie being the “welcome gift” when you subscribe to the updates or whatever, no checkbox. Then use the signup links function to show a different form that tells the returning (and therefore interested) visitor to click a button if they want to receive information on the paid product, which will trigger a new and independent follow up sequence linked to an evergreen launch in T Ultimatum.

        This will give me better deliverability and stronger relevancy = lower probability that someone actually files a complaint, which as far as I can see is by far the most likely way you could ever get in trouble.

        It however raises the question, HOW DO WE OBTAIN CONSENT FOR BEHAVIORAL MARKETING TRIGGERS?

        I swear, these people are either ridiculously incompetent or malicious, or both. This EU behemoth can’t fall soon enough.

      • Shane Melaugh says:

        The easiest way to do this is to simply not send contact information from people who don’t give consent to your email marketing service. You can use the asset delivery feature in Thrive Leads to send them the thing they opted in for, but there’s no point sending someone to MailChimp or ActiveCampaign or whatever, if you can’t send them emails anyway.

        But the better solution is to basically reframe your offer and change your copy so that whatever the opt-in incentive is becomes part of the service subscribers receive with your newsletter. Framed like this, you don’t need additional consent. Regarding the behavioral marketing stuff, I’ll have a more detailed answer to that soon.

      • Hilary says:

        Ok — can you guys do a “framing” of it that way in a video — so we can work on that?

  • Klaudyna says:

    Thanks!
    Can opt in can be already pre-checked? Something like: “Yes, I want to add my email to your list” and “checked” by default?

    • Shane Melaugh says:

      No, the checkboxes can’t be pre-checked. This would not be GDPR compliant.

    • Kara L says:

      This wouldn’t be compliant for Australian users either.

  • Ingrid says:

    I heard there will be plug-ins that identify whether a website visitor comes from the EU and shows the additional tick box just to them- but not to all the other visitors from outside the EU. Will Trive Leads also be able to do so?

    • Shane Melaugh says:

      Maybe. We’re still looking into such options.

      • Marc says:

        I’d like to see this feature. ConvertKit is doing something similar so visitors outside the EU won’t need to be impacted. I use ConvertKit but prefer to use Thrive Leads instead of the default ConvertKit forms because of all the additional features.

    • Tasha says:

      Yes Ingrid, that would be a great feature!

  • Would it be possible to disable the “subscribe” button if all the checkboxes are not ticked? I’d like to register a new user only if all the checkboxes are ticked. Also, I would really like to know when you plan to release the update. Time is ticking. Thanks

    • Shane Melaugh says:

      Under some circumstances, this is not compliant with GDPR. There’s a clause that states you’re not allowed to disadvantage people who don’t want to receive your newsletter vs. people who do.

      • Thanks for making me aware of this. As my understanding, having a single checkbox stating “newsletter + offer” should be compliant. Enabling the subscribe button only if the single checkbox is enabled is something we can do already or is not supported?

      • stefan says:

        Hi Shane, so how webmaster are supposed to sign people in without having at least their email. According to GDPR it means you can’t deny the service if people don’t consent BUT then, that would undermine the marketing purpose for asking people’s email. In other words, content creators are forced by law to provide the service without any reward. I mean there I. No win wi situation. So in this case, businesses that rely heavily on email marketing would have to process data based on legitimate interest, otherwise there is no business to run.

      • Henning says:

        stefan you can set the email address as required but you have to ask if you may use it for your newsletter too.

        So you get the email but you can’t use it like it was before if the reader didn’t give you permission.

        But there are already several workarounds to make yure you still get your newsletter readers. :)

  • mark says:

    Hi,
    Will the new checkbox be able to integrate into mailchimp to update that via the API connection?

    Will there be an option to only display a variant of the popup to people from europe?

    • Shane Melaugh says:

      Hello Mark,

      Yes, this will work with MailChimp as well. Showing a different form for people from different regions is something we’re considering. It’s a legal gray area, unfortunately, so I’m sure if we can do that.

      • Peter H says:

        I would very much like to have this option of showing a different form for people from different regions. It would be our decision to use this feature or not.

      • Shane Melaugh says:

        Thanks for your comment, Peter. Noted. We’re looking into ways to make this happen.

  • Dimitris says:

    Hello Shane. Is ‘Thrive Themes’ selling WordPress themes? What if our current WordPress theme is not a Thrive Theme? Is it simple to work Thrive Themes into our existing WordPress theme? If so, how?

  • Markus Thoma says:

    Will the Checkboxes for Lead Generation be in both Thrive Architect and Thrive Leads? I think it’s important, because the subscribers also maybe have to accept that their data will be sent to my Newsletter Provider. This Checkbox has to be checked, otherwise they can’t sign up. I hope this will be part of both plugins until 24th May 18.

    • Shane Melaugh says:

      Yes, the lead generation element is where the checkbox will apply and that element is the same in Thrive Architect and Thrive Leads.

  • shashank says:

    Thanks, a lot shane for sharing this.

    • Shane Melaugh says:

      You’re very welcome.

  • Gerfried says:

    Hi Shane,

    I’ve been talking to Activecampaign support about how to prove that a subscriber actually subscribed. My subscribers show up as having subscribed with IP address 127.0.0.1, which, of course, doesn’t prove anything. Support says that’s what is shown when the API connection is used.

    So my question is: Is this going to change? Is Thrive going to pass on the subscriber’s IP address via the API? How else are we going to be able to prove someone subscribed?

    Thanks

    • Henning says:

      Gerfried, the problem also applies if you use html connection.

      It is a problem with Active Campaign. It seems to me this happens: if someone enters the email list a second time, for another freebie for example, the date and the ip is overwritten with the new date and a senseless IP.

      I “fixed” this for now using a separate list for the newsletter but still if someone singns up for the newsletter again the problem would be the same.

      I think this is not a Thrive problem … I am currently on this with the AC support. Hopefully they will find a solution soon.

      • Gerfried says:

        Hi Henning,

        Thanks. According to my results, it’s both:
        If the API is used, AC always records 127.0.0.1 (which is useless).
        I’ve switched to HTML forms which works fine in general, but every once in a while, I still get 127.0.0.1 again, which makes zero sense.

        It’s possible your explanation is the reason. However (and this, in my opinion, is a big No-Go) I have no way of verifying that: Apparently AC overwrites all records that exist for a subscriber if they re-subscribe, so unless I export my accounts every day, I can’t even check for this mistake later on. I’ve also reported this as a bug, and was very annoyed with AC support trying to brush me off. I have emails that just make you wonder whether they have their tech under control and whether they care about helping their customers.

        I got rid of my freebies so I only have one list and one way of subscribing anyway.

        I’m thinking about moving to a different newsletter provider (once again)…

  • Raul says:

    Where will coming the upgrade?

  • Would it be possible to have an option to say “never store opt-in information” in Thrive Leads? This way I know Thrive only passed data to the email marketing service and I don’t have any personal data stored on my wordpress server. Is this technically possible?

    • Henning says:

      You would still have personal data on your server. As soon as someone enters the website the IP will be stored on your server.

      You just have to sign a compliance agreement with your hosting provider and all data stored on your server (including data from Thrive plugins) would be covered.

      Since you would still have to do that with you hosting provider ther is no need for such feature .. it wouldn’t change anything on your side.

  • Jeni B says:

    I don’t have the time or energy to hassle with jumping through extra hoops, so I’m simply not going to consider myself an “early adopter” of GDPR compliance. In 6 months or so, when all the various tech tools I’m using on my site have upped their game and can help me achieve compliance more easily, I’ll revisit becoming compliant. For now, I’m simply opting out of compliance by blocking EU + UK visitors from my site.

    Anyone is welcome to comment if you see a snag in this plan, but I’m planning to use a plugin to redirect all users of EU countries to this page on my site:

    GDPR at Biz Mavens

    After the dust from May has settled, I’ll revisit becoming compliant.

    Thanks, Shane, for giving this space for discussion. I applaud your proactive measures to help out the tiny biz owners of the world.

    • Matthew N says:

      Jeni, that’s a wonderful message you’ve created on that page. Well done. Polite, respectful, and explaining fully authentically. Thanks for sharing.

  • Sofia says:

    Thank you guys for all the efforts helping us with GDPR Compliance!

    I’m using Klick-Tipp as email autoresponder. Does it mean that when visitors click on the optional checkbox in the opt-in form, they will get an extra tag in Klick-Tipp?

    Thanks in advance for your reply!

  • Annick J says:

    Hi Shane, thanks so much for your support and taking your time for this GDPR crap. Helps a lot!! I am very glad that solutions are going to be found and worked on from your side.

    • Shane Melaugh says:

      Thank you, Annick! We’re doing our best to make this as un-annoying as possible for our users. :)

  • Rita S says:

    Thank you Shane!! Thanks so much for helping us with the new regulations!

  • kasper says:

    Thank you for the information and the way you help us implement a ridiculous law.

    I have a major feature request for the checkbox feature, that I hope you will take into consideration.

    I know how much you at Thrive care about conversion rate. Simply adding a checkbox might comply with gdpr but it’s not doing anything good for conversions.

    Checkboxes are likely headed same way as banners – they’ll be so common that people simply don’t see them anymore and conversions will plummet.

    I read an article, which I can’t find again of course, with a research that found that only 40% gave consent with a Checkbox, but if you gave them an option of yes or no with a radio button 80% gave consent. That’s quite a difference that would allow us to slice the lead price in half.

    It would give us users a fair fighting chance at saving some conversions and Thrive would gain a major competitive advantage as most others are just offering the same checkbox as everyone else. Double conversion rate is a strong selling point.

    • Shane Melaugh says:

      Thanks for your comment, Kasper! Can you link to the source of this? I’d love to learn more about it.

    • Adam N says:

      I’m still reading about GDRP so I this could be very clear and I’ve missed it, but is it possible (or allowed) to have the check box pre-checked?

      • Shane Melaugh says:

        No, you’re supposed to have the boxes unchecked by default.

  • Anne Marie F says:

    Thanks for working on this issue. I’d like to see if there’s any update on these features, such as the Lead Generation Checkboxes for Explicit Consent. As someone who does market to the European audience, I know I’ll need time to get compliant. Do you know when these features might be available?

  • Ricardo R says:

    How are you planning to handle the social share widget third party cookies?

    I mean, I use your social share widget at my blog posts (Focus Blog theme) and just by having that Facebook share button it allows Facebook to create a cookie (called fr).

    And who knows which information Facebook is collecting…

    • Tasha says:

      The way I understand it, the only way a social media site collects any info from your visitors is when you install the “widget” that comes straight from the social site. If you use the buttons from Thrive or, say, Social Warfare, you’re safe.

  • Sophie says:

    What about Google Fonts? I realized that the optin fields always uses Open Sans if someone put his data in although I used verdana in the settings. I wanted to delete all Google Fonts because of the GDPR.

    • Shane Melaugh says:

      Hello Sophie,

      For Google Fonts, Google have set up what they call a “privacy shield” which ensures that no personally identifiable data is relayed to Google from EU visitors. You can learn more about it here.

      • Vroni says:

        Hi Shane,

        Google Fonts may be a problem in Germany. We’re having here some lawyers that are sending chargeable warnings along with cease and desist letter. I don’t know if this exists in other countries too. In German this is called “Abmahnung”. And an Abmahnung can be very expensive.

        Now, that the GDPR is alive, there are lawyers who already sent this warnings. And if the judges agree with these lawyers we are not allowed to use google fonts anymore, as long as google isn’t asking for the IP addresses any longer.

        So most of the people here in Germany are storing google fonts localy in their wordpress installation. Perhaps this is an option for thrive architect and the other tools too?

        Greetings from Bavaria.
        Vroni

      • Shane Melaugh says:

        Hello Vroni,

        I’m sorry to hear that there are already negative consequences like this for small businesses. According to Google, their fonts service is protected by their “privacy shield” service, which is specifically set up for data exchanges between EU and US locations.

        However, if you want to remove all Google Fonts from your site, you can do so in Thrive Themes tools. In our themes as well as in our plugins, you can customize what fonts are used and you can choose web-safe fonts which aren’t loaded onto the page with any script.

      • Henning says:

        May I ask for a custom font feature instead .. since we really don’t want to use only web-safe fonts….

        Are there any plans on implementing custom fonts to the architect?

      • Henning says:

        And regarding to this “Google Privacy Shield” _ It seems to be only EU-US/Swiss-US .. that is not enough because the problem is a problem worldwide but also inside the EU we don’t have to send data without consent of the visitor. The google fonts still sent the IP (and maybe some other data .. I don’t know).

        It is the same problem like the facebook buttons .. they don’t have to send any data before someone really wants to use them …

        To be compliant we could ask the people if they would like to see the website with goole fonts .. but we would have to give them another version of the website without google fonts if they say no .. so it is really stupid again … but however .. we need to be aware of the problem inside the EU too.

        A solution would be to download the fonts and host them on our own servers. Thats why I asked for the custom fonts feature in Thrive Architect.

        This would be the easiest way to be fully compliant.

  • Irene says:

    When approximately will the check boxes for all the GDPR stuff added to thrive leads?

    • Shane Melaugh says:

      We don’t have a release date yet. We’re working on getting everything implemented as soon as possible.

  • Michael says:

    Thanks for this. Any sign of a release date for the new features mentioned above? The GDPR deadline is rolling in fast.

    • Shane Melaugh says:

      We don’t have a release date yet and several of the features are still in progress.

  • Nicola says:

    Any news on the date for tick boxes being available on the optin forms? Obviously many of us are going to be running campaigns throughout May to re-optin all our existing contacts but it would be great if people signing up fresh to our lists NOW were GDPR compliant optins so we don’t have to ask them to optin again a matter of days after they have opted in the first time?

    • Shane Melaugh says:

      We’re still working on the implementation. We will get this released as soon as possible.

      • Nicola Bird says:

        Thank Shane – ‘soon as possible’ makes it hard to plan a re-optin campaign through May though – do you have a rough idea of dates?

  • David W says:

    I think the GDPR fundamentally is about giving people the right to have a say in what personal data is stored and how it is used.

    If I were to donate monies to a freshwater initiative in a country and then 50% of those funds were diverted to a monkey sanctuary without my knowledge, would that be acceptable? I think not, although both causes might indeed be worthy. I donated funds for a particular purpose and have the right to expect that they would not be used for any other purpose without my explicit consent.

    Why should it be any different with personal data?

    I have also seen various comments about why should a business give away something for free (In respect of email opt-in inducements I expect)

    Well, it may surprise some of you that this has been the business norm for many, many years. Such “freebies” take the form of 30 day free trials, free samples, pens, calendars and what about competitions!

    It’s all fairly standard promotional tactics carried out by marketing departments!

    If your downloadable content is something that you have created ensure that your site’s identity, branding is prominent. If it is relevant and of good quality that would only encourage return visitors and people will want to sign up for further information from you if you provide material/information to your subscribers not available to all via your website.

    The GDPR might encourage people to provide good quality content and downloadables rather than crappy PLR giveaways just to get people onto their email lists.

    Surely we all want quality qualified people on our lists rather than just playing the numbers game which only serves to benefit the email list service providers.

    Ok, this GDPR thing might be a pain in the a***, perhaps poorly implemented and a major headache for us small businesses but it’s here to stay whether we like it or not.

    Let us use this as an opportunity to clean up our acts and not see this as a problem.

    It is all about transparency and respect for your site’s visitors and customers and building a better quality of relationship based on trust.

    At the end of the day, it is our customers who fund our lifestyles whatever they may be, so do they not deserve some consideration.

  • Shane Melaugh says:

    Hello Sandra,

    We don’t have a release date. We’re working to get these features released as soon as possible.

  • Alexander says:

    Hi Shane!

    Thank you very much for giving these great feature to us.

    But it is not only a feature based discussion.
    For me as a potential new customer I miss some important information and I can not find it with reasonable effort.

    – As I understand Thrive is owned by whitesquare GmbH, located in Switzerland – right? So you are located in country, stated as a safe country outside E.U.
    – Where are data collected on my landing pages stored? Are any data transferred to your servers or do the data only reside on my wordpress instance (database and / or files)?
    I am clear, that data might be transferred to third party services like e-mail-marketing-services and so on, if I set-up such a kind of integration. Here I am only asking explicitly for data which might be transferred to YOU in the background.
    – If data are transferred, processed or stored on your server, then I would need to have a data processing contract with whitesquare GmbH. In this case, how is the procedure to get such a contract.

    Thank you very much in advance for a short reply!
    Alexander

    • Shane Melaugh says:

      The answer to this one is very simple: we do not process or store any data from any of our users/customers.

      • Nils T says:

        so the data is stored in the same database as wordpress is installed in? :-)

      • Shane Melaugh says:

        Yes, that’s correct.

  • Katie says:

    Are these updates live yet?

  • chris says:

    Shane, thanks for the extra work on this. I hope there will be a way that such checkboxes can only be shown when people have their IP address in Europe. Call it the RedCoat feature. ;)

  • Falk says:

    Hello,

    Thrive Leads: GEOLOCATION feature for GDPR… Pretty please :)

    I very much second what somebody else wrote on this forum previously:

    “… a way that Thrive Leads can geolocate the person entering their info and show them a different form if they are in the EU.
    That way, everyone else in the work continues on as normal and we can work on the EU people separately.
    You could add the second form as a second state that we can add and let your developers work the magic.”

    This would be VERY, very, very desirable.

    I hope you can implement this. :)

    Best,

    Falk

    • Shane Melaugh says:

      Yeah, I want this too. We won’t be able to finish this feature by the May 25 deadline, but I believe we’ll create this after the release of the first set of GDPR features.

      • Falk says:

        Phew, that’s great news! :-) Danke!!! PS: will using CACHING PLUGINS like WP Rocket, or using Cloudflare or MaxCDN create an additional challenge?

        Seems like it… I just researched WP plugins for geolocation and a dev on Fiverr (not a $5 gig guy – it was more serious stuff for $70 or so) mentioned about this gig, which offered adding GEOLOCATION functionality to one’s WP site:

        “… PLEASE DO NOT PLACE AN ORDER IF YOUR WEBSITE USES A CACHING PLUGIN, SUCH AS W3 TOTAL CACHE, WP SUPER CACHE, ETC… Integration with caching plugins require additional development. Contact us and we will discuss the details.”

        Anyway, I am pretty sure you & devs are aware of that.

        I genuinely hope consideration for use of CACHING stuff could/will be baked into the GEO update for Thrive Leads, once released. ;) Thanks again for being awesome!

      • Falk says:

        PPS: fyi, some relevant intel I gathered:

        I researched this a tiny bit and found this:
        https://www.didomi.io/en/2017/12/05/does-geolocation-require-consent/

        Excerpt from above link:

        “… decision of the French Data Protection Authority which mentioned in relation to audience measuring cookies that consent is not required when the IP address is not more precise than the city and immediately deleted after purpose is accomplished.”

        That may sound positive re being able to use GEOLOCATION in a future version of Thrive Leads, for example, without legal issues.

        Also just read the following: https://www.civicuk.com/cookie-control/v8/documentation
        Quote: “… 8 Geolocation And Localisation
        With pro and pro_multisite licenses, you are able to disable the module entirely for visitors outside of the EU, and offer alternative languages.”

        That would point in the direction that when a EU resident is OUTSIDE the EU, GDPR would *not* apply – and, for example, THRIVE LEADS with GEOLOCATION could then still serve him the NON-GDPR version of the OPTIN FORM…

        (And I would assume the above site did their homework on legalities, since they are selling a product very much related to GDPR. Can I be sure? No. But I would take this as a promising indication (still to be confirmed).)

      • Rachel says:

        I’ve been advised that if I’m located in the EU (which I am) then the GDPR is applicable to all my subscribers regardless of location. It’s only data controllers outside the EU who only need to worry about subscribers inside the EU.

      • Matthew N says:

        I’m pretty sure that’s correct, Rachel, even if we move our servers to the US (because if that’s all it took, I’d ask WPX to do that and they would, as that’s one of their options).

  • Katharina says:

    I suggest a drop down menue, and not a box to click to give consent. The drop down menue could have a simple “yes” or “no” option. This way you are actually forcing someone to make a decision. A check box could easily be missed.

  • Michaela T says:

    Thanks for all the (unexprected) work in the background.
    Are you also working on a two-step process for embedded YouTube Videos in respect of the GDPR? You’ve got lots of functions in the “advanced” section and I don’t want to look for another plugin if you’re already working on a “Thrive solution”.

  • Adam says:

    Any update to this: 1) Lead Generation Checkboxes for Explicit Consent

  • Patricia T says:

    I presume you will be updating the generated privacy policy template pages to be complaint, any ideas when this will be?

  • Hi Shane
    any updates on the Lead Generation Checkboxes for Explicit Consent ?

  • Christopher says:

    I’ve seen a number of sites with pop up ribbons that inform the visitor they use cookies for various reasons, and those pop-up ribbons also had check-off boxes and a link to the privacy policies.

    Is there a way we can do that now or is that part of the update coming up?

  • Marcus K says:

    Hello Shane,

    after some answers from your support, that it´s not necessary to have a Data Protection regulation contract with you, I decided to publish a comment with my problem under this thread.

    I´m a big fan of your products, I use Thrive leads and architect for two Blogs. But now I have a problem …

    Because as my data protection commissioner told me here in Germany, I need a contract with you. Until now some persons in your support team told me, that it´s not necessary.

    But it´s not true, or is it? I´m a little bit confused now ;-)

    This is the answer of my commissioner, she gives me a proof in an email with a link to you: “In the Thrive Dashboard, we’ll be introducing a data overview feature, where you can see a list of all the visitors that have been tracked through any of our products, along with all the data being tracked for each one. From this dashboard, you’ll be able to show a visitor what data is being collected about them if they request it and you’ll be able to delete said data.”

    When you´re tracking these informations, I need a contract with you. Otherwise I have to search after other provider. That would be a pity, because I appreciate your products very much.

    How can we solve this problem now?

    Best regards, Marcus

    • Shane Melaugh says:

      Hello Marcus,

      We do not process any data from your website or your visitors. There’s an important thing you need to keep in mind here: we’re talking about updating our tools to be GDPR compliant, but those tools are installed on your website, on your server and nothing that happens on your website and your server is sent back to us (Thrive Themes, or the parent company whitesquare GmbH).

      No data is being processed, so there is nothing to write a contract about.

  • liz says:

    Thank you for making your platform easy to comply with the new law. I love thrive and it has made my life easier. Keep it up!

  • Luis Lorenzo says:

    Great job!
    Thank you so much.

  • Martin says:

    Thanks for the update. That’s great that you will have these implemented before May 25, but don’t forget we need time to implement and test and there are often bugs and issues. This has been known for a long time now, and implementing on the deadline is inconvenient for us, your customers.

  • Lorenzo D says:

    Thank you very much for this very important update (12/5/18).
    I appreciate you staying on top of the situation and taking the necessary steps, but even more, I appreciate that you keep your eyes on the ball, which is how to comply with the law without harming the user experience and thus your actual marketing.

    You said this before in the comments of the last update, that rewording the offer would harm conversions much less than adding a checkbox linked to actual subscriptions to our follow ups, and that’s what I did. I have to say though, formulating the offer in a way that is consistent with the requirements of the law and still appealing to the reader is not easy at all. My forms, for the moment, have ended up being quite a bit more text-heavy.

    The other thing I’ve done is I’ve actually separated the consent to receive additional content (stage 1) from the consent to receive commercial offers (stage 2). This is where the SmartLinks feature in Thrive Leads came in very handy btw.

    On first impression this might look like it would hurt your bottom line, but I think sending the offer only to people who are genuinely interested in your content will help both your relationship with your audience and list hygene.

    Also, this allows me to actually ADVERTISE on my stage 1 forms that I will *NOT* send them any kind of commercial offers unless THEY ask to have more info, which I think will help smoothen the conversion process and add trust.

    In any case, I will keep my eyes open for your related marketing tutorial.

    OT: it’s too bad the GDPR thing came along right in the middle of your work on the new theme, I was waiting for the good news on that front, as I’m sure many others were. Here’s hoping you will give us some once we’re past this hurdle.

  • Ramesh says:

    thank you, Shane, really appreciate your efforts. Really looking forward to your video on being GDPR compliant without over doing the checkboxes/legal ham etc

  • Maria A says:

    It would be great if you could detect IP addresses and show an opt-in checkbox for only those in the EU. That way I don’t have to worry about losing out on people signing up from other countries who just can’t be bothered to click the checkbox.

    • Adam N says:

      I’ve been searching for that option for a while now. I know of a few other membership scripts / tools that are doing that. I’d love to see Thrive Architect implement something similar.

  • Nils T says:

    Thanks for the arcticle :-) Just one little question: Where is the “proof of opt-in”-data storaged? On Thrive Servers or in my hoster’s database?

    • Shane Melaugh says:

      It’s stored in your database – the same one where your WordPress site is installed.

  • Gerhard M says:

    Hello, Shane,

    thanks for the GDPR (DSGVO in german) May Update. Now I can make a second article on my blog for the German readers. The demand for the announced functional enhancements was already high.

    I have one more question. Do I have to sign an employment contract with Thrive Themes? (AV contract) How with Google or my hoster?

    Best regards from Germany
    Gerhard

  • Philipp K says:

    Thank you so much, Shane and team.

    In regards to several comments below, comparing a data regulation law to world war I and II is ridiculous.

    Yes, it is overregulation but comparing this to manslaughtering events that costed 10s of millions peoples lives is simply the wrong historical view (sound a little like USA first and US citizens have much bigger problems with their own legislation these days than data protection rules)

    From a business perspective I find it personally not very clever to completely ignore a 270million people market.

    I hate that it’s grey and not fully thought through, but hey, that’s business. Deal with this stuff! That’s like complaining facebook implementing an algorithm and not showing all posts the same way or complaining that you do not rank 1st on Google although your content may deserve it.

    I appreciate the efforts from Thrive to help us become compliant and I myself will do my best to be compliant to not leave out this huge market (and somehow – to be quite honest – I have to, because I’m an EU citizen).

    Just my 0.02

  • Aiyanna D says:

    I am integrating an autoresponder (Activecampaign) form via HTML in Thrive Architect as the API integration cannot collect addresses. Will this data then still integrate with the new WordPress core GDPR feature?

  • Richard says:

    Thanks so much to the team ! I love your product and you are very pro.
    For the check box, i think it is possible to use the double optin to not use it. In the post optin page and/or the confirmation email, we can add a gdpr message to be conform :)

  • Carmen T says:

    This is the kind of information that keep my loyalty towards thrive themes. You guys are so amazing at keeping up informed, updated, makes amazing customer experience. Will keep recommending Thrive Themes to anyone, even I’m going to come back and start using it more regularly. Thank you Shane and your awesome team!

  • Frank says:

    Thanks for providing all the GDPR related updates.

    In my experience, official regulations always hurt, because they are usually a late response to a market behavior that somehow got out of control, a market that was not able to regulate itself in the first place.

    And right, the market would have the better knowledge how to do it properly. After all the implementation of the GDPR might not really bring any real benefit to anybody, except more overhead work. Let’s see.

    Don’t you get annoyed, when you buy a product and after that you are still bombarded with the same product in ads all over the place? Or you buy a present for your friend, e.g a gardening book, and then your are bombarded with ads about gardening, which I might not be interested in at all. Can’t we do better than that?

  • Marc says:

    It is missing to update the thrive comments, its also necessary the explicit consent. If not, In Europe we have to delete it from the plugins

  • Stefan says:

    Any update available when the “Lead Generation Checkboxes for Explicit Consent” will be available?

  • Caroline says:

    is it possible to get updates on your status concerning GDPR? I would like to know when the Lead Generation Checkboxes for Explicit Consent are ready (and how they work) so I can implement them. Do I need to check the website everyday or can I sign up to a list to get these updates?

  • Barbara says:

    Hi Shane, I can’t find the profiling option in the Thrive Quiz Builder. In the video you said it has already been released but in the article it sounds as if it’s still in progress. Which one is correct?
    I bought the Quiz Builder a few years ago (in January 2016 I think) with the yearly membership which I don’t have anymore, so I wonder if I will get the update as well, or will it be available only for new versions of the plugin? I have the same question for Thrive Leads.
    Thanks for all that you do and for great tools!

    • Shane Melaugh says:

      Hello Barbara,

      Sorry if that was unclear. The article stated that the feature was done (which it was), but it was actually released a day later. If you update Thrive Quiz Builder to the latest version now, the feature will be included.

  • Elizabeth says:

    Thanks so much for keeping us informed about this new program. I was not sure what to do with this new ruling. (GDPR)

  • Irina P says:

    Thanks for this update Shane! I really appreciate the work you and your team are doing over there. I’m looking forward to the tutorial on how to bypass the checkbox and still be compliant! That sounds like excellent UX design :)

  • Daphne B says:

    Love the video! Very informative and I like that in the video you talk about the “solutions” you are giving us in order to comply to GDPR. A lot of websites and videos talk about the “problems”. This answers every question I had about GDPR in relation to my website.

    • Shane Melaugh says:

      Thank you, Daphne!

  • lisa b says:

    Is the tutorial on reframing content so you don’t have to have tick boxes available yet? so interested to read this.

    • Shane Melaugh says:

      Hello Lisa,

      Yes, you can find the post here.

  • Alex says:

    You guys are the best! Love everything you are doing, and can’t recommend your products enough! 1+++

    • Shane Melaugh says:

      Thank you very much, Alex. :)

  • docgoy says:

    What about embedding videos with .youtube-nocookie.com/?
    This doesn´t work on my site

  • Nate says:

    I am very happy that I am a Thrive Themes member and most importantly glad to be back on the WP platform. Quite a few of the integrated platforms with multiple providers seem to be throwing the user under the bus to get this done. Shane and his team are doing just the opposite — they are leading the way. Thanks very much.

    • Shane Melaugh says:

      Thank you for your comment, Nate!

  • Javi says:

    What about checkbox for Thrive Comments fot the privacy Policy?

  • Rémy D says:

    We really appreciate Shane and we are very happy about “return on investment” with your products.

    • Shane Melaugh says:

      That’s great to hear, thank you!

  • Nico C says:

    Something about GDPR and Thrive Comments? i understant that its necessary to add a custom field asking for approve private policy

  • Henning says:

    Another question is coming up with the video feature in Architect.

    We need the same things the social buttons do .. no contact to youtube, vimeo, wistia .. before the viewer clicks.

    So as far as I can see the nocookie-option of youtube does not load.
    but …

    What happens if I use the custom thumbnail in architect. will the video load behind the thumbnail already or would this be compliant?

    Any other ideas how to implement videos without having them send any data before the viewer clicks?

  • Lewis E says:

    Hi Shane, I am coming across more and more sites that now give you the option to not consent to cookies such as this one:

    Cookie Notice:
    [Company Name] requires your consent to use technology such as cookies on our website to personalise ads, support social media features, and analyse our traffic. If you have consented previously and wish to revoke your consent please click here.

    [Click here generates approval of successful removal of consent.]

    Is there a way to automatically generate the removal of consent in Thrive?

  • Caroline says:

    Hi,
    When do you connect Thrive Leads checkbox consent and Active Campaign, in order to collect the proof of the consent ?
    Thanks

  • Steve says:

    Thanks for sharing wonderful article European Union forcing the companies to intensify privacy-specific policies, instead of implementing a separate GDPR-friendly policy for EU countries.

  • >

    Join Thrive University (it's FREE!)