GDPR is changing the way companies conduct email marketing.
Time is running out for companies to be GDPR compliant. Companies that are not already changing their marketing practices to keep up with the new law need to get started before it is too late.
With the General Data Protection Regulation, or GDPR, going into effect on May 25th, 2018, it is important that marketers ensure their email marketing programs are compliant. With this new data protection regulation, the number one question many marketers are asking is how they will collect and store data consent from their customers.
5 Things You Must Know About Email Consent Under GDPR
Consent Requires a Positive Opt-In
Under the new data protection regulation, for consent to be valid, customers must actively confirm their consent. Under this regulation, companies can no longer offer pre-checked boxes that use customer inaction to assume their consent.
Consent Requests Must Be Kept Separate from Other Terms & Conditions
Under the new GDPR compliance law, companies are not allowed to bundle their consent requests with their terms & conditions, privacy notices or any of their services. Under GDPR, email consent must be freely given and companies can no longer “trick” customers into signing up for their email newsletters.
Withdrawing Consent Must Be Easy
In Canada and the U.S., it is already mandatory for companies to offer opt-out options for customers. This is the same with the new European law and companies must offer easy to understand ways for customers to unsubscribe from email newsletters. Companies should offer ways to opt-out of email marketing without charging a fee, requiring any other information other than an email, requiring subscribers to log in, or asking subscribers to visit more than one page to submit their request.
Keep Evidence of Consent
With GDPR, companies not only have new rules for how they can collect consent but they also must keep records of this consent. Companies must keep evidence of consent that allows them to answer who consented, when they consented, what they were told at the time of consent, how they consented and whether they have withdrawn consent.
Check Consent Practices
GDPR does not only apply to signups after May 25th. This new regulation applies to all existing EU subscribers on a company’s email list. Companies that are not already GDPR compliant must audit their existing email lists and implement re-permission programs to ensure they are following the new law and avoiding GDPR fines.
GDPR Compliance Checklist for Email Marketing
The first step for any company to ensure they are GDPR compliant is to take an audit of their current database. It is important for companies to capture an audit trail of consent so if they are not doing this yet, they need to change that. The next step is to know the contacts and how the company acquired them. Applying a double email opt-in is a good practice to ensure compliance with GDPR. The third step is to review and disclose data practices. Companies need to be communicating the data privacy policy to their recipients as part of this new law. The final step on the GDPR compliance checklist is to look at the company’s upcoming initiatives to ensure compliance is starting now. New initiatives need to take the new compliance into consideration so companies don’t have to retroactively go back to adjust their processes.
How Will GDPR Affect Email Marketing?
The new GDPR is looking to give back power to the data subject. This new regulation gives people the final word on who their data is held by, for how long and for what reasons. This new law looks to bring peace of mind and greater confidence to people and businesses that work with companies. GDPR is helping to reassure customers that their information is not being misused. GDPR is leaving marketers with only the most relevant and compliant data that is pertinent to their needs. This will ensure the subscription lists marketers have are of the highest quality. Some new tasks marketers will have with this regulation is unbundling consent and other policies, creating clear and easy to understand opt-in and opt-out solutions and keeping records to provide evidence of customer given consent.
With the new GDPR law going into effect soon, marketers who are not already compliant need to get to work now to ensure they are following the law before it is too late. GDPR is not looking to make life harder for marketers but to put more power back in the hands of the people who own the data companies want so desperately. It is important to know the terms and conditions of this new law to be compliant and avoid legal issues.
