GDPR and It’s Impacts on Email Marketing: As we all know, the common practice for marketers is to send the mass emails to all of their potential customers. These potential customers may have opted for the subscription recently or they might have subscribed some time back or in some cases they might not have subscribed. As of date the email marketers could send the emails to all such potential customers. This is clear violation of the privacy of an individual. But from this 25th May, it is about to change. Now the marketers will need to have the Written Consent of the data subjects (person(s) to whom email is sent). If this compliance is not adhered by, then marketers stand to face hefty Penalties that could be as high as 20 million euros or 4% of annual turnover of the company.
Before understanding the extent to which GDPR will affect the email marketers emailing to the European Union (EU) citizens, we must understand what GDPR is first.
What is GDPR? Why is GDPR being introduced?
The General Data Protection Regulation commonly known as GDPR comes into effect from 25th May 2018 and all the concerned marketers need to change their strategy for email marketing.
The EU was abiding by the Data Protection Directive, which was adopted when the internet was still in nascent stage. As the technology has changed tremendously over the years, there was the need for a new regulation policy to ensure that the personal data of subjects is well protected and in safe hands.
What is Consent according to GDPR?
According to GDPR Article 4 regarding the personal data of the data subject is:
- A freely given,
- Clearly expressed
- Specifically given and
- Unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to processing the data related to him or her.
But Marketers need not worry too much about this. To save yourself from the Heavy Penalties, you can follow these procedures and get compliant with GDPR.
How to ensure Compliance with GDPR
The GDPR primarily focuses on the consent of the data subject. It has also set the directive principles for the access of the data and compilation of the same.
Consent:The marketers need to follow these guidelines to fulfil the Consent criteria. Below we look at points under GDPR Consent.
1. Unbundled Consent
Consent has to be mentioned separately and not under terms & conditions column. Unless it is necessary for the service, consent cannot be the precondition for signup of a service.
This means the consent of data subject has to be Unbundled.
2. Active Opt-in
Pre-ticked Opt-in boxes are not valid under the GDPR. Marketers will now have to use either unticked boxes where data subject can choose to tick or leave out or they can provide yes/ no boxes.
If the data handling is supposed to be of different degree, the consent will have to be asked for separately as far as is possible.
This provision will make sure that the consumers will have utmost control over their data which they are submitting.
Under GDPR, the companies will have to keep the record of consent given by an individual with following records
- When did they consent
- How did they consent
- What were they told
- What has an individual consented to
5. Easy to Withdraw
The companies have to inform the individual that they have the right to withdraw their consent as easily they have provided the consent form.
There has to be clarity in how the Opt-in is conveyed. The questions cannot have any ambiguity in them.
The companies have to disclose the name of the third parties for whom they are asking consent and not just the categories of the same.
Will GDPR affect Historical Data? Simple answer ‘Yes!’
GDPR is applicable to historical data too. The companies have to ask for permission to all the individuals once again.
You are required to delete the historical data and make it un-linkable or you have to do the data transformation.
But this doesn’t mean that you stand to potentially losing your customers, but funnelling the list down to only those who are currently interested. This will help you increase your conversion ratio.
Hence, the key takeaways from our discussion are as following:
- The GDPR is effective from 25th May 2018.
- The Consent of the subject has to be given utmost priority.
- The GDPR is applicable to historical data also.
- In case of non-compliance, the potential penalties could reach up to 4% of turnover or 20 million euros whichever the larger.
You may also like to Read: