What GDPR Means For Your Mailing List
*Disclaimer*
Any information found on this blog post has been researched and sourced online. Becoming GDPR is solely your responsibility and we do not accept any liability for any action you have taken as a result of reading this blog post. We always recommend consulting a legal professional to make sure you are GDPR compliant.
In a recent blog post we discussed GDPR and the implications it will have on your business if you use any personal data belonging to EU citizens. This means, if you conduct any form of email marketing to EU citizens, this includes you! It is vital you are aware of the necessary changes you must make to your marketing to ensure you are GDPR compliant by the deadline in May 2018.
The new legislation introduces tougher fines for non compliance and gives people much more say in what companies can do with their personal data - so is this bad news for email marketers?...
Although it may seem an inconvenience to ensure every single name on your mailing list has fully opted in and knows exactly what is being done with their data, GDPR is simply going to protect data and email marketers shouldn’t worry.
Businesses must simply prove they are GDPR compliant and show exactly what they are doing with people's data and there is a high possibility this will actually make people more inclined to share their data with you - as they will believe it to be in safe hands! Plus, it will result in you having richer, higher quality data as the people you will be targeting will actually be interested in what you have to offer them.
In regards to email marketing, the Information Commissioner's Office has revealed several factors businesses need to consider in future email marketing campaigns to ensure they are GDPR compliant:
1. Unbundled:
When you ask for consent, you must ensure you are asking the subject separately from other terms and conditions. So, rather than mentioning in the terms and conditions that by signing up you give consent, you must provide a separate question so the subject can clearly see what they are signing up to, what they are giving consent to and what will be done with their data.
2. Active Opt-In:
In order to be GDPR complaint you must now provide people with a clear OPT-IN box. This means pre ticked boxes where the subject unticks if they don’t wish to provide consent are no longer a valid form of consent! A great way to ensure you are GDPR complaint is to activate ‘double opt-in’ - Although this is not necessary to be GDPR compliant it’s good practice and will work in your favour if you ever need to prove you are complaint. By switching on double opt in, those who click ‘subscribe’ to your mailing list will be sent an email to verify their email and that they wish to subscribe. It is only then that their data will be added to the database.
3. Granular:
If the subjects data is going to be used in a variety of different ways, for a variety of different purposes, the ICO recommends that you obtain consent for each separate way to ensure the subject has as much control as possible over their data.
4. Named:
The subject should always be made aware of the name of the organisation who will be handling their data, as well as any other third parties who may be in possession of their data.
5. Documented:
All consent must be fully recorded and contain exactly what the subject has consented to, how they gave that consent (the method), and exactly what they were told.
6. Easy to withdraw:
Subjects should have the right to withdraw their data quickly and simply at any time they wish. This means you must provide the option to unsubscribe from your emails at any time and once they do wish to unsubscribe you must destroy their data as you no longer have a reason to possess it.
7. Freely given
Consent must not be forced in any way and should be given freely. There must not be a power imbalance between the relationship between the subject and the controller ( the person collecting the data) as the subject may feel under pressure to comply. This is challenging for figures of authority or employers who are seeking consent so in these cases, you should look into alternative way to obtain consent.
It is also a good idea to update your privacy policies to ensure it meets GDPR requirements. You can view ours here, but always do your own research on what you should personally be including within your privacy policy.
Failure to comply with GDPR can result in a fine. Companies in breach of the GDPR rules will be fined 4% of their turnover or €20 million - whichever is greater.
Besides the fine, not complying to GDPR can have a negative impact on a company's brand image, data security is taken very seriously by people so to avoid a dampened rep and a hefty fine, we’d recommend abiding by GDPR!
If you have any questions or queries on GDPR, it's best to refer to the ICO website - https://ico.org.uk/
*Disclaimer*
Any information found on this blog post has been researched and sourced online. Becoming GDPR is solely your responsibility and we do not accept any liability for any action you have taken as a result of reading this blog post. We always recommend consulting a legal professional to make sure you are GDPR compliant.