Are Your Email Marketing Practices GDPR-compliant?
Summary: With almost the deadline for implementing GDPR closing in, marketers are having mixed reactions about it. In this article, the Monks shine some light on the benefits of being GDPR-compliant and the steps email marketers need to take in order to be GDPR-compliant.
Disclaimer: The information provided here are only for better understanding of the different regulations collectively implemented as GDPR. This is just for knowledge sharing purpose only and is not to be considered as legal advice. You are requested to consult an attorney before implementations to avoid any legal hassles. By reading this article you indemnify EmailMonks of any legal implications and cannot hold it responsible for any action pertaining to the information shared in this article.
The General Data Protection Regulation (GDPR) was adopted on 27th April 2016,and it’s (most-feared) bindings is soon to come true – effective from 25th May 2018. While many are cool about it, most marketers have been discussing about the consequences of not following it.
While the penalty for companies not abiding to the GDPR have a huge price to pay (a fine up to 20,000,000 EUR or up to 2% of the annual worldwide turnover), email marketers who have been following the best practices of email marketing don’t need to break a sweat.
What is GDPR and how will it influence email marketing globally?
GDPR is a regulation that is set to replace an already outdated Data Protection Directive that was implemented in 1995 for European Union. The GDPR was formulated to monitor and protect the personal data of European Union citizens.
The global influence of GDPR is significant since it is a regulation instead of a directive. GDPR is legally binding and hence extends the scope of protection and scrutiny to any Company that collects/deals with EU personal data, even if it is based in the EU or not.
The influence of GDPR in email marketing domain lies in the definition of personal data. Any information that could be used, on its own or in conjunction with other data, to identify an individual is considered as personal data. Which means the name and email address that you have collected from a signup form entitles your Company to be bound by GDPR policies.
What are the key changes implemented in GDPR that affects me?
Obtaining consent: Whenever you are collecting email addresses for adding to your mailing list, the subscriber needs to provide unambiguous consent for it. This means you need to educate the subscriber about what you shall do with their email address, even if it means you shall be monitoring the metrics. And once they agree with a ‘clear affirmative action’, only then you can send them an email. To make matters worse, you also need to get similar permissions from existing email addresses in your mailing list that were collected before 25th May 2018.
Right to access: The subscriber has the right to obtain the confirmation as the data collected is being solely used for the purpose it was collected for. Additionally, the copy of data needs to be provided free of cost in an electronic format.
Right to be forgotten: On being requested to be forgotten, any personal data pertaining to the subscriber needs to be erased. This includes all the data sources including and not restricted to backups and non-production storages also.
Breach notification:Additionally, data processors need to notify their customers and controllers without undue delay.
Territorial-free jurisdiction: As stated earlier, all the above stated pre-requisites are all applicable on you as soon as you process personal data from any EU resident. This is not restricted to organizations that are in EU but those outside EU if they offer goods and services to EU residents.
What are the steps that I need to take?
Preparing for GDPR is exhaustive but not difficult. To set the proverbial ball rolling, you can follow the following steps:
- Sift through your existing mailing list:
Deeply comb through your mailing list and weed out your inactive subscribers, especially those belonging to EU countries. Second, send an email to your active subscribers asking for their consent for being enrolled into a mailing list. Only when they have provided affirmation, you add their consent into a log / records that can be presented on investigation and send them a confirmation email. This makes them eligible to receive your emails. Silence or no reply from your subscribers means that no consent was given, and they should not be mailed.
- Keep a clear record of your email marketing practices:
Maintain a record of all the emails that you collect in future. The record should have following information:
- Adopt the newly implemented changes for those who subscribe from this day further:
Once the onboarding process for your existing subscribers are streamlined, implement it for your newer subscribers. In no case should you buy a list (which has been a strict no-no even before GDPR was adopted) or use misleading terms to collect email addresses.
- Provide an easy gateway for subscribers wishing to unsubscribe:
You can’t impress everyone all the time. For those who no longer wish to be a part of your mailing list, a visible unsubscribe link should be provided in each marketing email where your subscriber has the option to:
- Unsubscribe to this marketing communication
- Unsubscribe to all your communications
Why GDPR implementation is good news for you?
|Your subscribers shall appreciate the transparency that permission-based marketing brings with it. The transparency translates into brand trust and subscribers will feel empowered when the power of choice is in their hands.|
|After implementation of GDPR practices, your mailing list shall be pruned and will only consist of those subscribers who are genuinely interested in engaging with your emails. This will greatly improve the list quality as well as substantially reduce the unsubscribes.|
If you have further inquiry about GDPR, consult an expert and attorney before you move ahead with your email marketing practices.