When the GDPR comes into effect next May, the way you’re expected to collect, store and use subscriber email addresses will change considerably.
The new legislation is causing marketing departments across the world to panic. Suddenly, there’s a whole raft of new work that’s required if businesses are to be compliant with the GDPR’s stringent rules.
Happily – and as is often the case with legislative change – the rules are actually pretty simple when you break them down, and because the GDPR is tightly focused on giving control back to data owners, complying with it simply means you need to be a good email marketer.
Here’s what we believe to be the most important dos and don’ts of GDPR compliance for email marketing:
Continue to follow email marketing best practices
As previously noted, the GDPR doesn’t require you to become a completely different email marketer. It just asks that you continue with the good, ethical stuff.
That means following email marketing best practices, so:
- don’t buy email subscriber lists;
- ask for explicit consent before obtaining an email address, and don’t force it with pre-filled tick boxes;
- make unsubscribes ridiculously easy;
- don’t continue to email someone once they’ve unsubscribed; and
- provide the option for a new subscriber to immediately remove themselves if they feel the subscription was an error.
The above list isn’t exhaustive, obviously, but it does account for the most important best practices you’ll need to continue to abide by come GDPR time.
Don’t break one law to get ready for another
The above is a quote from Steve Eckersley, head of enforcement at the Information Commissioner’s Office (ICO). And he’s right; just because some new rules are on the way doesn’t mean you have carte blanche to spam your database asking them to do something.
You’ll need to re-gain consent from subscribers in order to comply with the GDPR, but make sure you do so in the correct manner.
Prepare your opt-in process in advance
Sneaky tactics once used by email marketers to get people to opt-in to mailing lists are being targeted by the new GDPR rules.
You therefore need to take a look at your current opt-in process to ensure it complies with the new standards.
Here’s what it’ll need to do come May next year:
- Offer unbundled consent that is separate from other terms and conditions.
- Avoid pre-ticked opt-in boxes.
- Provide granular options that enable subscribers to give consent separately to different types of processing.
- Offer a clear indication of who will be relying on the consent (yourself, obviously, but also any third parties).
- Retain records that prove the individual consented and exactly what they consented to.
- Make withdrawal ultra simple by explicitly confirming they can do it at any time.
The new process certainly has more elements, which invariably means more work on your part, but if you start preparing your opt-in process now, you’ll have far less work to do at the last minute next spring.
Re-permission consent soon
A bit like your opt-in process, if you leave the task of gaining re-permission for consent until the last minute, you’ll have a huge job on your hands.
Now is the time to start the re-permissions process, so don’t get left behind (we even provided a handy link above to help you along the way!).
This post is for information purposes and is not legal advice, we advise you speak to your own legal advisors to find out what impact the GDPR will have on your business and what action you need to take.