When General Data Protection Regulation (GDPR) comes into effect on May 25, are you sure your email campaigns are legally acceptable? This is a question many people will be asking. GDPR is a new, harmonized set of regulations that protect the individual rights of people in the EU, giving them more protection over how their data is used and processed.
Email marketing is, of course, an integral part of any marketer’s toolkit, and it’s still a viable channel under GDPR. But you’ll need to stick to the rules: GDPR also has the means to fine transgressors up to 4% of their global turnover or €20 million, whichever is larger. So how will your email marketing change?
How GDPR affects consent
To begin with, think hard about who is doing the emailing. GDPR applies to anyone collecting and processing data from EU citizens in a professional or commercial capacity. It also applies to companies that are based outside the EU, too, if they are dealing with EU citizen’s data. So whether you’re a financial adviser, property management expert or investment fund manager, you need to stay within the rules.
One of the central tenets of GDPR is the principle of consent. This follows a stricter definition than in previous directives. Consent has to be given by the subject for a single type of processing, and has to be requested in a clear and concise way, with full explanation in plain language. This is an ‘opt in’ at all times.
Handling email contact data
The subjects also have strengthened rights of access to the data you hold. You must show clearly how they can request to see their data, where it is being stored and for what purpose. If asked, you must be able to share it with them in a way they can readily access. You also have to respect their right to be forgotten. Subjects have the right to request you erase their data and block any future processing.
In real terms, this means smarter management of your lists. In some cases, you will need to go back and cleanse your data, ensuring you can track all opt-ins and manage the data in a way that lets you respond to the subject’s requests in future. It includes knowing where the data has been kept, how it has been processed, and how it is being used.
Clear opt-ins and organising your data
When building your campaign, you must first request permission from the subjects through clear and affirmative action. You also need to make sure you have clearly identified your company and the reason you want them to opt in. Once collected, you must keep the data organised by category so it can be searched and sliced if the subjects request to see it, or ask for it to be erased.
Above all, you need to be diligent and secure when it comes to your email campaigns. Understanding GDPR will help you avoid penalties, as well as reducing the burden of extra administration in the long run. Make sure your email campaigns meet GDPR by contacting Starberry.