The new General Data Protection Regulation (GDPR) is the most impactful change to EU privacy law to hit in the last twenty years. Its broad compliance requirements will demand a lot from businesses across all markets. If you handle your customers’ personal data, GDPR affects you. No matter where personal data is sent, processed or stored, GDPR requires businesses to respect and protect it.
Fail to comply with GDPR and you’ll be facing a fine of €20 million or 4% of your annual global turnover, whichever is higher.
You are not required to automatically refresh all existing DPA consents in preparation for the GDPR. But if you rely on individuals’ consent to process their data, make sure it will meet the GDPR standard on being specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn. If not, alter you consent mechanisms and seek fresh GDPR-compliant consent, or find an alternative to consent.
Subscribers will also need to be able to quickly remove data if requested. Known as the ‘take down’ clause, it demands that it is compulsory to provide a clearly identifiable route for users to make contact and communicate their request.
What counts as personal data?
Any information related to a person that can be used to identify them, including their name, photo, email address, IP address, bank details, posts on a social networking site, medical information, biometric data and sexual orientation.
Got a marketing email mailing list?
If your current marketing email opt in doesn’t satisfy GDPR, you’ll need to get consent again.
Email marketers now need ‘unambiguous’ consent from their subscribers. They must clearly convey their online consent policies with consumers. This is to ensure that consent responses can be straightforwardly revised, including both current and future subscribers.
Your subscribers need a way to easily opt in or out of email campaigns. This could be achieved through a straightforward call-to-action that lets customers check a yes box to consent to receiving emails.
Basically, if you’ve ever pre-ticked a marketing email subscription form, you need to get consent again. Best practice demands that after a form is completed, the user must respond to an email confirming that they have given consent in order for you to use their email address. This is known as “double opt-in”.
GDPR Email Consent
To comply with GDPR, remember that your email consent forms include the following:
- Consent must be given, specific, informed and unambiguous
- There must be a positive opt-in
- No pre-ticked boxes
- Create simple ways for people to withdraw consent
- Try using double opt-in methods
- Keep your consent policy separate from other T’s & C’s
Taking advantage of double opt-in
Double opt-in for email campaigns is not a new idea. Firing a confirmation email after a form completion can provide a number of advantages.
The value in email lists isn’t in quantity, but quality. You could have a mailing list of forty thousand addresses, but if none of them convert, you’re wasting your time. Providing double opt-in to email listings means that the quality of your list is much higher. People who are genuinely interested in your offering are more likely to confirm their interest in your subscription than someone on the fence.
The obvious downside of double opt-in is that your email list will take longer to grow. Adding an extra hurdle for the user to surmount will naturally turn some of them off. This is why you need to make your subscription really attractive to your subscribers. Fortunately, double opt-in provides you with an ideal opportunity to touch base immediately. You can tell them more about your brand or offer a promotion as soon as they sign up, making the extra hurdle more palatable.
Prepare your email marketing for GDPR
No matter how big your operation, the cost of auditing your assets and bringing them up to compliance standards will be significant. New requirements, like greater data access and deletion rules, risk assessment procedures, Data Protection Officer roles and data breach notification processes, will mean changes to the structure and procedures of your business.
But in a world increasingly aware of the risks of exposing online privacy, consumers value the trust they have with brands. Yes, GDPR demands you make a change, the sooner you make the change, the more trustworthy and authoritative you’ll appear against your competition.