GDPR & Email Marketing: Everything Businesses & Marketers Need To Know

With just over a month to go before GDPR comes into play, it’s been generally agreed by many that the General Data Protection Regulation is going to completely alter how organisations and businesses deal with the personal data of citizens of the EU and even potentially beyond. 

GDPR requires businesses to protect the personal data and privacy of EU citizens, as well as any transactions they make. It aims to offer more control to the public in how their data is used, ultimately giving them much more say in how businesses and organisations view, use and even share their data. 

Personal data is a key component when it comes to marketing campaigns, specifically email marketing campaigns. With a hefty fine of up to 4% of annual global turnover or €20 million for those who fail to comply,  it’s essential that organisations, advertisers and marketers alike are aware of how GDPR is going to impact their role and their campaigns. 

What Do Email Marketers Need To Know? 

Consent
When it comes to email marketing consent has been an ambiguous topic, but with the introduction of GDPR the rule is simple: 

Consent must be given using a ‘clear affirmative action’

This nullifies all opt out consent, including pre-checked boxes, inactivity or any other unambiguous forms of retrieving consent, such as hiding unsubscribe buttons or failing to offer an option to say no. 

Marketers should also be aware that consent is only valid for a set period of time, meaning that it’s possible that someone who has consented in the past, doesn’t necessarily wish to have their personal data collected now. Therefore it’s essential that marketers continue to ask people to re-consent every now and then, perhaps every year, in order to stay GDPR compliant.  

It’s also worth noting that email consent must be given freely, for example, you can’t make subscribing to a newsletter or email list a requirement for a download, giveaway or code as this consent is not freely given. Under GDPR consent needs to be separate, you can’t bundle consent in with your terms and conditions, privacy notices or your services, you need to offer this as a completely separate option. 

Data Access & Data Handling 
GDPR states that businesses and organisations should only collect data for a specific purpose, only use it for that purpose and only keep hold of this data for as long as required for that purpose, a major change for many marketers. In recent times it’s been common practice to collect vast amounts of data and store it for future use. 

Under new GDPR rules, marketers and businesses would need to re-establish consent in order to keep or use someone’s personal data for a different use or purpose. 

One of the most talked about rulings wishing the EU Justice Court is the ‘right to be forgotten’ which gives people the right to have any outdated, false or inaccurate personal data removed from databases. This has already been implemented by Google who has previously removed pages from search engines in order to comply with the right to be forgotten. 

The introduction of GDPR offers people even more control over how their data is being used and collected, allowing them the ability to access the data or even remove it. Marketers need to make it so that individuals can easily access their data and remove content if needed, if a customer exercises their right to access, to be forgotten, or their right to object an organisation must be able to sort this effectively, failure to do so, is failure to comply. 

Keep Data Secure 
Companies that collect and store personal data need to make sure it’s kept accurate and safe, not only is this necessary for customers, but it’s generally just good business practice. In light of the recent Cambridge Analytica debacle, individuals are now even more concerned about the safety of their personal details and who stores their information. 

What Steps Do I Need To Take? 

Preparing for GDPR will take time but it shouldn’t be too difficult, here’s a simple step by step list that marketers and businesses should take note of in order to get your email marketing game ready for the new regulations. 

– Look through your existing list
It’s a good idea to look through your existing list in order to find any inactive subscribers, especially if they are those who belong to EU countries and are likely to be covered by GDPR.

– Re-ask for consent
Once you’ve distinguished between active and inactive subscribers it’s a good idea to send an email to your existing active subscribers asking for their consent to be included on your mailing list, remember, they must give a clear, affirmative response.

– Be transparent
It’s always good to be transparent with your audience when sending out emails addressing consent or related to GDPR make it clear to your subscribers its because changes are happening and make them aware of why you’re emailing to confirm their consent.

– Provide an easy gateway for unsubscribers
Sadly not everyone is going to want to stay subscribed to your email list, for those who are no longer interested you need to make sure they can leave easily. A visible unsubscribe link or a clear option addressing unsubscription should be provided wherever possible. 

Does GDPR Mean The Death Of Email Marketing? 

Ultimately it’s fair to say that GDPR won’t result in the death of email marketing, while it might make it more difficult, it should open new doors for email marketing and marketers. In fact, this new regulation is likely to encourage companies to improve the quality of email communication, as well as communication as a whole. 

GDPR comes into effect on the 25th of May 2018, which means the clock is ticking when it comes to sorting out your strategy and recontacting your audience.

With huge financial repercussions for those who fail to comply now is the time to get organised, you’ve been warned!

For more information on GDPR visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/