Integrate MailPoet into WordPress website (GDPR compliant)!

Newsletters are part of every professional marketer’s standard repertoire these days. Even better, if there are plugins, which can help to place the corresponding registration forms on your own website. One of these plugin providers is MailPoet.

How exactly you can integrate the popular newsletter plugin MailPoet without much effort – and above all free of charge – fast and uncomplicated data protection compliant into your WordPress website, you will learn in this article!

We must point out that the following statements do not constitute legal advice. Therefore, we can only give you evaluations from our intensive experience with the EU legal regulations in practice and a technical assessment of the situation. Furthermore, this article deals with the legal situation before the new “Trans-Atlantic Data Privacy Framework“.

What is MailPoet?

MailPoet is a plugin in the email marketing field. It has a very intuitive design, so both beginners and professionals can use it wonderfully to create and manage newsletters on their website. You can use a large number of templates that have already been created and can be modified.

MailPoet and data protection

In contrast to other newsletter tools, the MailPoet plugin is already quite well positioned in terms of data protection. Not least due to the fact that MailPoet is not a U.S. service and thus the delicate issue of data transfer to the U.S. is omitted.

However, there are still a few things that you should consider with regard to a DSGVO-compliant integration of MailPoet in WordPress.

✅ Opt-in consent

Whenever you use a non-essential service or cookie that transfers personal data, you require opt-in consent from your website visitor. Non-essential means not technically necessary for the basic functionality of your website. In other words, will your website work without this cookie or service?

In the case of MailPoet, the answer is definitely yes.

MailPoet is a marketing platform which allows us to differentiate audiences and send marketing messages via email. Cookies are used to remember which prompts to subscribe to the newsletter, for example, were displayed and closed.

The logical conclusion from this is that you need to get opt-in consent to use MailPoet on your website. But don’t worry, we can reassure you, because with a cookie consent plugin like Real Cookie Banner, this is super easy (and also free 😉)

In the following we assume that you already have the MailPoet-Plugin installed.

Important: The MailPoet template in Real Cookie Banner is valid only for MailPoet 3 or newer.

You need the service template only if you use a newsletter subscription form that can be hidden (e.g. popup). Only in this case a cookie is set.

Personal data is never transferred directly from the browser of your visitors to MailPoet, but only e.g. when signing up for the newsletter via your WordPress installation. You should always follow the MailPoet Guide to Conform to GDPR.

  1. Open your WordPress backend.
  2. Go to Cookies > Services (Cookies) > Add Service in the left menu.
  3. Search for “MailPoet” in the templates and click on it.
  1. Now you are in the service configuration. All you have to do is scroll down to the end of the template and click on Save. Real Cookie Banner has already filled in everything for you. Leave the checkmark at Create content blocker for this service set.

What is a Content Blocker? Imagine that a user of your website does not accept all services. At the same time, you’ve embedded, for example, a YouTube video that would set cookies that the visitor hasn’t agreed to. According to the ePrivacy Directive, this is not allowed. Content blockers automatically replace iframes, script and link tags like YouTube videos for such users and offer the user to watch the video as soon as the user consents to YouTube video loading.

  1. Again, you don’t have to fill out anything, check the data and then scroll down.
  2. Click on Save.
  3. That’s it! Now you can integrate MailPoet forms into your WordPress website in a privacy compliant way – only after the user’s active and informed consent. 🙌

✅ ✅ Double-Opt-in

To make your email marketing as compliant as possible with the GDPR, you should definitely use the Double-Opt-in to register for your newsletter – because double is better than once 😉 All kidding aside, the double opt-in process allows you to ensure that the real owner of the email address has actually registered for the newsletter.

The entire process works in such a way that an e-mail arrives in the sender’s mailbox after the registration has been sent. This email contains a confirmation link that must be clicked to complete the registration.

Fortunately, this feature is already enabled by default in MailPoet. Alternatively, you can check this again under MailPoet > Settings > Registration confirmation.

🤝 Data processing contract

Whenever you engage an external company to process personal data of your users/visitors/customers, you must conclude a commissioned processing contract (AV contract). Based on DSGVO Art. 28. This is the case, for example, if you use the Google Analytics analysis service.

In addition, you should add a checkbox to each registration form by means of which the sender confirms that he has read your privacy policy and agrees to it.

📝 Privacy policy

The final step is to include MailPoet in your website’s privacy policy. In the course of this, you must explain for what purpose you use MailPoet on your website, what data is processed and to whom it is sent.