Making your website forms GDPR compliant

From 25 May 2018 you need to collect customer data in line with GDPR

If you’re responsible for your estate agency’s marketing communications, you’re probably concerned about the potential impact of GDPR.

In the past, you could send emails to existing or prospective customers with a ‘soft opt-in’ approach. With GDPR, you need to ensure you have explicit consent before hitting the send button on promotional emails.

In this article, we’ll look at how to ensure customers are correctly opted in through your website forms from 25 May 2018 when GDPR comes into force.

If you’d like step-by-step instructions on how to opt-in your existing database, just fill in the form below.


Changes to your website forms

We are in the process of redesigning the forms on Homeflow websites to ensure that customers actively choose to receive marketing materials.

  • You’ll see we’ve added an additional marketing tick box in the example below. You’ll be able to change the text shown next to this tick box, to capture how your agency plans to use your customer data, by logging into your Homeflow admin.
  • We’ve also added a tick box where the customer can opt to receive account log in details by email.
  • In order to submit a form, customers will need to tick the box relating to Terms and Conditions, Privacy Policy and Cookie Policy, as they do already today.
  • However, they’ll be able to submit the form without ticking the marketing consent tick box, or account creation tick box. You’re not allowed to show these box as pre-ticked, or require that the customer ticks these boxes before submitting.

Homeflow website form with GDPR statements

Once the form is submitted, your customer will receive one of two emails depending on whether they have consented to receive marketing communications or not.

1. Marketing consent statement is ticked.

The first email is sent if they ticked the Marketing consent tick box.

As well as giving them the information they need regarding their enquiry, they’ll also be asked to confirm their email address by clicking on a button.

This is the ‘double opt-in’ demonstrating that the customer has explicitly opted-in. It is our view that this verification is necessary to meet the requirements of GDPR.

Many marketeers are concerned that this will dramatically reduce the size of their marketing database. To a certain extent, this is true, although on our own website, we’ve found that the majority of enquirers verify their email.

This second step also ensures that you have a higher quality email database, of customers who actively want to receive your emails, rather than just relegate them to their spam folder. This improves your deliverability scores and click through rates, which is great in the longer term for your credibility as a sender.

Until a customer has double opted-in, you should not send promotional marketing emails to them. Of course, you can continue to send transactional communications – for example, confirming the time of a property viewing.

2. Marketing consent statement is not ticked.

If the customer does not tick the marketing consent tick box, they get a slightly different email.

This gives the information they need, but also politely prompts them to consider opting in. This gives you a second chance to encourage the customer to join your database.

Account creation

If the customer has ticked the box requesting that an account is created for them, they will receive an email with a username and password.


Keeping a record

To ensure that we’re complying with our GDPR obligations as your data processor, we will keep a record of when and how the individual double-opted in and the wording of the consent statement at the time. You can see the whether each customer has consented to marketing communications in your Homeflow Admin – read our guide.

Bear in mind that if you decide to materially change the marketing consent statement, you may need to re-opt in all of your customers, so it’s worth thinking about how you’ll use your customer data in advance to ensure all instances are covered. For example, a customer who has requested a brochure would not have consented to receive emails regarding your mortgage services, unless you have covered this in your consent statement.

Legal disclaimer: This document has not been prepared by a lawyer, and does not in any way constitute legal advice. This has been prepared to explain Homeflow’s current understanding of the implications of GDPR on our business, our clients and our services.


Keep updated

Over the coming months, we’ll be sending regular GDPR news and updates. These will include a template privacy policy for estate agents. To receive these updates, just complete the form below.

Related articles


Read what our customers say about us

See our website templates

Get an industry leading website, fast.

Sign up to our newsletter