Please note: While MemberMouse will provide what support we can to our customers in this process, it is important to emphasize that each organization’s obligations under the GDPR are unique and specific. Our customers should consider seeking independent legal advice relating to your individual concerns and compliance needs. It is important to note that no communication from MemberMouse through email or on this website is intended to substitute for legal advice.
There are two primary areas where MemberMouse can assist your organization in being GDPR compliant.
The first is as regards complying with the ‘Rights of Individuals'. MemberMouse has specific features that can aid with compliance for the right of access, the right to erasure and the right to data portability.
The right of access
MemberMouse provides a clear interface from which to view and make changes to information associated with a member’s account – the member details area. You can see general top-level information; manage access rights; view transaction history; view and edit any custom data entered into custom fields; and view and edit billing and shipping addresses.
Under the right of access, you may have to comply with subject access requests. Before subject access requests are processed, you will have to verify the identity of the person making the request, using ‘reasonable means’. One way to do this is to have a individualized passkey or code available only to the member. MemberMouse offers two possible methods to achieve this. Custom Fields can be used to collect security question answers from members. These will be accessible by you in the member details area and can be accessed and viewed on the member's My Account page (optional).
A second option is to use the unique Member ID that's automatically created as your identifier. By using the Member_Data SmartTag, this can be sent to your member in a welcome email as well as added to the My Account page. See the process to use Custom Fields and SmartTags to helpwith identification verification.
The right to erasure
MemberMouse has a ‘Forget Member' feature in the Member Details area which will randomize personally identifiable user data while keeping the data structure intact, so that removing records from the database does't affect reporting, order and subscription metrics. Learn more about the ‘Forget Member' feature.
The right to data portability
Data that the customer enters into the MemberMouse system can be exported. The Browse Members search interface can be used to locate the member you want to do an export for, and then click on the ‘Export Member’ button to export a portable .csv file. Learn more about exporting members.
The second area of GDPR where MemberMouse can assist is with regard to ‘Review Consent Protocols'. This is the idea that consent by an end user must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and there must be simple ways for people to withdraw consent.
Management of consent protocols
MemberMouse can help in the management of consent through the Custom Fields feature and by allowing for confirmed opt-in with our email integrations.
- Custom Fields can be used anywhere on your site and can be a variety of types (from short
text to a checkbox to a dropdown menu). As a simple example, you may want to use a checkbox
custom field to obtain and record consent to your Terms of Service. Here's a step-by-step guide.
When members enter their information into custom fields it will show up in the member details
area for that member, and on the member’s My Account page (optional) where it can be edited
by the member. Custom fields information can also be exported to a .csv file. Learn more
about how to use Custom Fields.
- Support for email with confirmed opt-in is available with all of our email integrations. The confirmed opt-in functionality needs to be enabled on the email provider side. There are additional settings for MailChimp which allow for confirmed opt-in when a member is first added to a list and for when a member is moved between lists. Read more about Configuring MailChimp.
Here is a complete list of MemberMouse GDPR compliance-related resources: