When the GDPR comes into effect next May, the way you’re expected to collect, store and use subscriber email addresses will change considerably. Email marketing and the GDPR are set to change one another.
The new legislation is causing marketing departments across the world to panic. Suddenly, there’s a whole raft of new work that’s required if businesses are to be compliant.
Happily – and as is often the case with legislative change – the rules are actually pretty simple when you break them down. Because the GDPR is tightly focused on giving control back to data owners, complying with it simply means you need to be a good email marketer.
Here’s what we believe to be the most important dos and don’ts of GDPR compliance for email marketing:
Continue to follow email marketing best practices
As previously noted, the GDPR doesn’t require you to become a completely different email marketer. It just asks that you continue with the good, ethical stuff.
That means following GDPR email marketing best practices, so:
- don’t buy email subscriber lists;
- ask for explicit consent before obtaining an email address, and don’t force it with pre-filled tick boxes;
- make unsubscribes ridiculously easy;
- don’t continue to email someone once they’ve unsubscribed; and
- provide the option for a new subscriber to immediately remove themselves if they feel the subscription was an error.
The above list isn’t exhaustive, obviously, but it does account for the most important best practices you’ll need to continue to abide by come GDPR time.
Don’t break one law to get ready for another
The above is a quote from Steve Eckersley, head of enforcement at the Information Commissioner’s Office (ICO). And he’s right! Just because some new rules are on the way doesn’t mean you have carte blanche to spam your database asking them to do something.
You’ll need to re-gain consent from subscribers in order to comply with the GDPR, but make sure you do so in the correct manner.
Prepare your opt-in process in advance of email marketing and the GDPR
Sneaky tactics once used by email marketers to get people to opt-in to mailing lists are being targeted by the new GDPR rules. Marketing and the GDPR affecting one another.
You therefore need to take a look at your current opt-in process to ensure it complies with the new standards.
Here’s what it’ll need to do come May next year:
- Offer unbundled consent that is separate from other terms and conditions.
- Avoid pre-ticked opt-in boxes.
- Provide granular options that enable subscribers to give consent separately to different types of processing.
- Offer a clear indication of who will be relying on the consent (yourself, obviously, but also any third parties).
- Retain records that prove the individual consented and exactly what they consented to.
- Make withdrawal ultra simple by explicitly confirming they can do it at any time.
The new process certainly has more elements, which invariably means more work on your part. If you start preparing your opt-in process now, you’ll have far less work to do at the eleventh hour.
Re-permission consent soon
A bit like your opt-in process, if you leave the task of gaining re-permission for consent until the last minute, you’ll have a huge job on your hands.
Now is the time to start the re-permissions process.
This post is for information purposes and is not legal advice, we advise you speak to your own legal advisors to find out what impact the GDPR will have on your business and what action you need to take.