Empowering modern public services

Over 400 public sector organisations in the UK & Ireland work with Granicus to connect with and serve their citizens. Our govService solution simplifies customer interactions and automates service requests whilst govDelivery helps governments connect and engage with their audiences and increases their subscriber base.

Get in Touch

Versatile Solutions for Governments

Granicus solutions are purpose-built for government agencies of all sizes.

Technology Built for Government

Granicus connects governments with the people they serve by providing the first and only citizen engagement platform for the public sector. Nearly 400 public sector organisations and nearly 20 million citizen subscribers power an unmatched Subscriber Network that turns missions into quantifiable results. With comprehensive cloud-based solutions for communications and digital services, Granicus empowers stronger relationships between government and citizens.

Get in Touch

Start your journey to digital modernisation

Granicus provides the first and only unified Civic Engagement Platform for all government structures. Set up a guided tour and experience how our solutions will work for your organisation.

Granicus Digital Public Sector Awards

Finalists announced! See the 2023 Granicus Public Sector Awards finalists now.

Meet the finalists!

Start your journey to digital modernisation

Get more from the Granicus solutions with the Learning Center. Explore best-practice articles, attend virtual events and find success stories and inspiration for your next project.

Technology Built for Government

Granicus solutions are purpose-built for the public sector. Our platform provides the infrastructure, scale, reliability and security relied on by thousands of government agencies and public organisations worldwide to empower service leaders to accelerate service transformation and modernise digital services to the cloud – all at lower operating costs.

Get in Touch

Start your journey to digital modernisation

Granicus fosters the world’s largest community of digital government innovators. Our govService solution simplifies customer interactions and automates service requests. govDelivery helps public sector organisations engage with their audiences and increase subscribers. EngagementHQ is our digital engagement platform managing everything from public consultation to collaboration.

Back To Blog

[Webinar recap] Subscriber sign-up processes and GDPR

The General Data Protection Regulation (GDPR) will mandate stricter rules around the storage and use of personal data – including someone’s email address. To be able to communicate with citizens who opt to receive certain comms from your organisation (e.g. topic-specific email or SMS bulletins), you must ensure your sign-up processes are fit for purpose and secure GDPR-standard consent from subscribers.

A recent webinar outlined the steps public sector communicators should take to prepare for the GDPR. Here is a summary of how you must handle new subscribers to ensure your email communications don’t breach the law.

[This is our GDPR webinar recap blog 2 of 3. Please note Granicus’ comments on the GDPR are for informational purposes only and do not constitute legal advice. Please consult your data protection advisor or a lawyer for guidance on your obligations.]

How to manage new subscribers

1) Get unequivocal consent from subscribers and keep a record of it
• You need to give people a real choice. Invite them to opt in to receive updates on specific topics. Specificity about the purpose of the use of their data is key.
• Consent must be actively gained from the subscriber. Pre-ticked boxes, silence or no reply from a subscriber means that no consent was given, and they should not be mailed.

2) Update your privacy policy and make it relevant
• Be clear about what data you are collecting, why, and how it will be used.
• Name organisations and third parties that will be processing the data.
• You must continually review and update your policies.
• Keep a record – you need to know which privacy policy was in place when each subscriber opted in.

3) Put in place measures to verify identity
• Who is signing up? Is it really them?
• Switch on ‘double opt-in’ which means you’ll send a subscriber an email asking them to confirm the choices they are making. This is good practice, used in Germany, although it is not essential.

4) Only collect the necessary information for specific purposes
• For example, capture a subscriber’s postcode as they sign up for waste collection reminders but don’t ask for their gender – it’s irrelevant.
• Any information you collect must be accounted for in your privacy policy.
• Provide multiple topic options so people can choose what they want to receive – this will also be beneficial to you in being able to evidence consent.
• You must have a record of someone’s consent (e.g. the timestamp and source information attached to each new subscriber in the GovDelivery Communications Cloud is sufficient proof for people who opt themselves in via your web properties).
• Don’t hold info for longer than necessary. How long are you going to keep this info for? Include this detail in your privacy policy.
• Delete info when you no longer need it, think about how long you need to keep it for evidence and accountability.

5) Only communicate what’s been consented to and don’t push the boundaries
• Unless you can rely on a separate legal basis or legitimate interest reason to contact someone, only communicate what is necessary and within the parameters of the purposes originally consented to.
• Be careful with newsletters that contain several topics; it is not best practice to send everyone newsletters containing ‘all stuff’ – subscribers must have opted in to specific topic updates.
• You can offer a ‘general newsletter’ topic but make sure you state what that will include and that it is in addition to your granular topics. You’ll need to offer both options.
• All communication must contain opt out options (unsubscribe links) – make them clear. People who opt out via links in bulletins delivered via the GovDelivery Communications Cloud will be taken care of automatically, but if you receive a request externally, you need to act on opt outs quickly – make sure you know how to do this. Give subscribers an easy way to:
– Unsubscribe from this communication
– Unsubscribe from all your communications