There’s been a lot of buzz around the General Data Protection Regulation (GDPR), which is the new set of guidelines that dictate how individuals and companies may acquire, utilise, store, and delete the personal data of European Union (EU) citizens.
If you have subscribers based in the EU, you are responsible for following these regulations even if you operate outside the EU. Now let’s face it, nobody likes change and new laws tend to limit what you can do. But the reality is that the GDPR is really good for email marketing and it will actually help improve your email marketing campaigns.
At its core, GDPR is about giving people more control over their personal data and how others are allowed to use their data. For email marketing, that means providing more transparency and clearer consent agreements when signing up new subscribers.
If you handle customer data beyond email marketing or use other third-party tools that collect data, you should definitely look at the new regulations in more detail and talk to legal experts to ensure you understand the full extent of compliance.
Why You Need to Care About GDPR
Every time you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If any of those people are citizens of the European Union, you must adhere to the new rules.
The GDPR was developed to modernise the current EU data protection laws with a stronger focus on an individual’s rights and privacy. While some of the legislation is stricter and the penalties for non-compliance are tougher, the ultimate goal is to improve trust in the digital ecosystem.
To that end, EU citizens will have several new rights to help them take more control of their own data. Here are the most important user rights:
1. Right to be forgotten gives someone the power to ask a company to delete ALL of the data that is associated with that person. This requires you to provide more than an unsubscribe button. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user.
2. Right of access allows your subscribers to ask exactly how you are using their data and for what purposes. If a request is made, you’ll need to provide a personal data report at no cost to them.
3. Breach Notification is mandatory under the GDPR, which means you have 72 hours from becoming aware of the breach to notify customers.
4. Right of portability lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’.It will no longer be allowed to auto opt someone in to your newsletter or email database, they need to specifically tick a box or give some other form of consent for this.
Now that each individual has the power to request or delete their data, you need to think about what data you really need and what data you can live without. The more data you collect, the more documentation and management is required to quickly address a data request.
If you prefer to collect a lot of customer data for your marketing initiatives, it’s important to note that the GDPR definition of personal data is far-reaching and includes things like behavioural data, IP addresses, biometric and financial data to name a few. Basically, anything linked to the individual is personal data.
Consent is More Important Than Ever
Marketing to people who have given their consent is a best practice that we believe is one of the foundations of successful email marketing. If you’ve been building your list by getting user consent first, then GDPR will not change what you are doing much.
On the other hand, if you have old lists or market to people who have not given proper consent, it’s time to change your practices. Although you might not grow as fast as you want, the long-term results will be much better, not to mention you will also be complying with the GDPR.
Consent is a big deal within the new GDPR. Email marketers must obtain consent in accordance with the GDPR’s strict new requirements by ensuring active and explicit consent.
Active consent means your subscribers need to initiate the consent. You can no longer include the checks within the checkbox and make the user remove it. The user must click the checkbox.
Explicit consent means that you need to clearly communicate exactly what the user is agreeing to and what the data is being collected for.
Beyond being as transparent as possible with your consent forms, you must keep a record of every subscriber’s consent. The burden of proof is on you to prove that the individual consented to your terms.
Revalidate All Your Subscribers
If you are not sure that the people on your current lists gave consent or you don’t have a record of it, the onus is on you to revalidate all of your EU subscribers now.
We recommend emailing all your subscribers ahead of May and asking them whether they would like to keep receiving your communication and remain opted in.
After May you will be breaching the regulations if you email anyone who has not opted back in.
Stay Opted in to Our Newsletter
If you would like to keep receiving our newsletters, please click the link below to stay opted in.
*GDPR requirements will be enforced starting on May 25, 2018.
*This newsletter is for informational purposes and is not to be constituted as legal advice.