3 things you must know about email marketing under GDPR
That’s it, the countdown is launched: we are less than 100 days from the entry into force of the General Regulations on Data Protection (GDPR). This is the new European regulation on data protection that brings many key changes that marketers need to know about. It applies to all companies, regardless of their country of origin, collecting or processing the data of European citizens. As part of this new legislation, you will have to make sure that your email campaigns are compliant. In case of non-compliance with the GDPR, sanctions can be heavy: up to 20 million euros or 4% of global turnover. But don’t panic! To guide you through the process of compliance, we give you 3 key tips to create GDPR compliant email campaigns, with total peace of mind.
Tip #1: Make consent your priority
The text states that consent must be freely given by a clear positive act “by which the data subject signifies his agreement for personal data relating to him being processed.” Under the RGPD, you will need to be able to prove that the people you sent emails to have previously given their consent to receive them.
All of which means: goodbye, pre-checked boxes at the bottom of the forms! In order to make sure you implement the best practices in terms of consent, we also recommend that you set up a double opt-in system, even if this is not an obligation under the GDPR. With a double opt-in system, any person who subscribes must confirm their request twice. The first time is when they submit their email address to your form:
The double opt-in allows you to obtain confirmation that the person who entered their email address actually wants to subscribe to your list. With the double opt-in, you will be able to easily prove the consent of web users. It is important to note, however, that the GDPR applies to all personal data you collected, not just those collected after the text comes into effect. You will need to be able to provide evidence of the explicit consent of your current subscribers. If needed, you can start re-optin campaigns now.
Tip #2: Simplify the email opt-out process
With the GDPR, you will also need to make sure to include an unsubscribe link in all your emailing campaigns. In fact, this was already mandatory, but from the May 25, 2018 sanctions will be imposed in case of non-compliance.
You will need to ensure that your contacts have an appropriate means to unsubscribe, in order to comply with the new regulation. The unsubscription process must be clear and simple. It is necessary to include a visible unsubscribe link in each email, through which your subscriber can: unsubscribe from this marketing communication, unsubscribe from all your communications, and contact a reply email address. Note that in case of unsubscription, there is no need to keep their data and they must be deleted.
Giving your contacts the possibility to unsubscribe as easily as they subscribed is very important to ensuring compliance with the GDPR. It can also be a marketing opportunity for businesses. Indeed, by having less unengaged people in your contact lists, your marketing emails will be sent only to the people most interested in your content, which will probably result in a higher rate of opening and clicks!
Tip #3: Respect new consumer rights
The purpose of the GDPR is to allow consumers to reclaim their personal data. In concrete terms, this means that a user may, in particular, require a company to modify or delete all their data. A kind of right to oblivion that did not really exist before.
Thus, we recommend that you check all your current procedures regarding the personal data of your users and make sure that you are able to enforce all of their rights: right of access, right of rectification, right to be forgotten, right to limitation of treatment, right to portability of data, right of opposition.
After receiving one of your communications, recipients should be able to easily claim these rights.
You must update your information to clearly indicate the procedure to follow, indicating for example the contact person and information (it may be the person in charge of the operational data processing, so your emailing marketing manager, or your Data Protection Officer).
Remember the following key points to make sure you create GDPR-compliant email campaigns right as of now:
- Consent is an essential element of the GDPR and you must be able to prove consent for each of the contacts on your mailing lists.
- The unsubscribe link must be inserted in each email sent and the unsubscribe procedure must be clear and simple.
- Your details should be updated for complete transparency with your consumers.
Julie Paci is Marketing Manager France at Mailjet, the European leader in cloud emailing, which offers a unique platform for sending marketing and transactional emails. Mailjet is proud to have achieved ISO 27001 certification and GDPR compliance, providing its customers with the highest level of security and data privacy.