GDPR Law and Email Marketing

Effective May 25, 2018, a set of new rules being passed in Europe will affect the email marketing for the European Union (EU). The new regulations will affect email marketing in several ways.

What is GDPR?

GDPR- General Data Protection Regulation is an 88-page document that was passed by several European law committees. It aims at protecting an individual’s privacy by disallowing any non-permitted offers and information. GDPR provides the exact guidelines laid out on collecting and using email addresses for any use. It’ll also introduce changes in the way personal data is stored and protected. The basic motive of the regulation is to sharpen and improve what will be considered as acceptable among all the European countries and the citizens. So what used to be a safe practice will now be a rule.

How will the GDPR affect my business strategy?

It doesn’t really matter whether you live in the European Union, but if your company is having any clients, prospects or contacts that are European citizens, the GDPR is applicable to your company as well. The fines for violation are really hefty irrespective of the economy of your country and you do not want to violate this ruling. You may have to shell out 4% of your worldwide turnover or 20 Million Euros, whichever is higher. As this regulation has far-reaching ripples and waves it is important you know as much as possible about it because it essentially governs how you should store, use and gather user data.

Obtaining Email Addresses:

According to the 32ndarticle of the GDPR following guidelines should be followed when getting information from an individual. “Silence, pre-ticked boxes or inactivity should not, therefore, constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them.”

We see several websites have pop-ups to sign up for a form, before offering content for display. Until the time you don’t sign up, there’s no access to the site or information. As per the GDPR, a more specific language will have to be used in the pop-up window. According to the new regulations, any pre-checked boxes, unclear language, and hiding any additional non-permitted activities will be red flags and in violation of the law.

Extending Use of Email Addresses:

Any exchange or selling of email lists or emails in general of EU citizens will be illegal. The law also prohibits additionally using any data unless clearly mentioned when the prospect is handing out information.

Personal Data Storing:

The motive behind the GDPR regulations is to give more transparency and power to the users whose data is collected. Now of course following these regulations will change the procedure of storing and maintaining data in companies. To handle the data you need to be following the following guidelines:

  1. The proof to consent when the individual signs up will have to be recorded and kept safe. Records should be reproducible as and when required.
  2. The users should be able to take back the business/organization’s ability to use their email addresses, i.e., it should not be conspicuous. The unsubscribe button should be clearly visible.
  3. All the individuals can ask for deleting their personal data permanently as this will be their right and is described as their right to be forgotten. After receiving the request all and any personal data has to be deleted with no trace of anything remaining.
  4. If there is any security downfall in the security of the user data, it will have to be updated to the data protection officer or some supervising authority within 3 days of its discovery. To the user, the corporation will have to provide the nature, cause, and consequences of the breach.
  5. Companies which are considered as data controlling companies will have to hire a Data Protection Officer to make sure all the rules and regulations are in place in accordance with the policy.

Preparation for the New Regulations:

As the date of effect still has some time left to go, you have plenty of time to go over the changes required and start adopting and taking measures immediately. Here are some of the things you’ll have to do:

  1. First and foremost determine if you’re even having email IDs from the EU. If a mail has the .eu extension it is a pretty clear signal otherwise, of course, you’ll need to trace the location using IP Address.
  2. Start preparing new sign up campaigns for EU citizens and individuals. As per the guidelines, irrespective of whether you gained permission previously, you’ll have to do so again and as per the guidelines.
  3. Review all your email id requests via pop up forms, windows, CTAs or anything that needs to comply with the new regulations and as a result, even reviewing the declaration is simple and clear with the instructions mentioned above.
  4. Maintain and prepare the record of consent given by all individuals and it should be ready to be reproduced if the need arises.
  5. Ensure maximum security of data against hacking, breaching or any kind of potential illicit activities that can happen.

Originally published at aeroleads.com on November 24, 2017.