The General Data Protection Regulation (GDPR) is the European Union’s new privacy law. Any company that collects, records, organises, stores, or performs operations on data relating to anyone in the EU will have to be compliant by the time the law comes into effect on 25th May 2018.
In simple terms, it’s a much needed update to data protection regulations in a world where we share our personal details with more people than ever before and sets out some important standards on how our data is collected and processed by the companies we’re sharing it with.
If you ask people to sign up to mailing lists and send marketing emails, you need to make sure your data, the processes you use to collect it, how people consent to their data being used and how you communicate with them is compliant with GDPR.
It’s worth noting that the rules are slightly different for B2B companies than B2C, mainly regarding consent, but we’re treating our data and processes the same to ensure we’re compliant.
We’ve put together a quick run down of the main things you need to take into consideration and whilst this is intended to be helpful, it is not legal advice and we suggest that if you need support, seek advice from a legal or data privacy professional.
Collecting data & consent
Gone are the days of pre-checked tick boxes and cryptic T&Cs on sign up forms.
To be compliant with the GDPR, you must be clear and concise with people about what they are signing up to and ask them to actively consent to their information being used for that purpose (and that purpose alone). A double opt-in process, where subscribers have to confirm their sign up via a link in an email, is a great way to ensure that person has actually provided consent to their details being used.
The regulation also requires ‘granular’ consent options which basically means, people must be able to choose the type of communications they receive from you, and be able to set those preferences easily – either at the point of sign up or during the initial stages of consent through something like a preference centre or account area.
And finally, people should be able to withdraw consent from their data being used. In terms of email marketing, this would mean that people should be able to easily unsubscribe from a mailing list or alternatively, to be forgotten (deleted) from your mailing list completely.
Information Commissioner's Office
Keep a record
As part of your prep to get GDPR compliant, you should keep records to show evidence of consent – you should be able to easily provide information on who, when, how and what people were told at the time of giving consent.
This is one of the most important things to come out of the GDPR – consent doesn’t just apply to any data you collect after the 25th May, you must be able to provide the same information on data collected prior to that date. If you can’t confidently provide that on your existing mailing lists, then it’s a good idea to set up a re-engagement campaign asking people to actively opt-in to your mailing list.
This might seem scary at first but as the ICO says, ‘genuine consent’ should be seen as a positive step to creating a more engaging email marketing program.
What about my website, how can I make sure that’s GDPR compliant?
This blog is just a guide on the changes you need to consider in your email marketing. As part of GDPR, you should also make sure your website and the data it collects is compliant too. You can find out more by downloading our guide.
For more information contact Si or speak with your account manager:
Tel: 01622 238535