After many years of cultivating your email marketing skills, tailoring your automation systems, and perfecting the art of the email pitch, it may seem like the new General Data Protection Regulations (GDPR) have come along and made all your hard work obsolete.
But what many fail to realise is that the GDPR is not here to destroy the practice of email marketing – it simply wants to make it more controllable for the end recipients.
In this article, the Maxweb team will guide you through the changes that GDPR will bring to your campaigns and what to expect in this new era of permission-based email marketing.
Your opt-ins
From the outset, the major change that GDPR has brought to the marketing world in general is consent.
Your company must have explicit consent from your recipient that they are happy for you to market to them before you can click send. And when we say explicit, we mean there can be no doubt whatsoever that your customer has agreed.
Some blogs on the topic suggest consent means your recipient must have clicked a box to say ‘Yes, I agree to you mailing me about (subject)’ somewhere along the road. This simply isn’t the case.
Consent rules can vary between B2B and B2C email marketing. This works as follows.
- B2C – Consent
If you are emailing individual customers directly, you will need their explicit consent to do so. This consent must be freely given and recorded.
The rules for this are strict and, if you are caught to be non-compliant with GDPR in gaining consent – could result in fines of up to €20,000 or 4% of your annual global turnover; so it is essential that you do this right.
It may seem like a small detail, but one of the most important aspects of this is to no longer using pre-ticked boxes on your email opt-in forms. Inaction (not unticking the box themselves) no longer qualifies as consent. Your customer must tick this box themselves if they wish for you to contact them.
Many businesses are also implementing double opt-ins into their usual email marketing. This means that once a customer has checked the box in your sign-up form and submitted it, they will receive an email asking for their opt-in confirmation.
If they click the link in the email to confirm, you have evidence that they consented to your email campaign. If they do not, you can’t include them in your mailing lists. While this may reduce the number of customers in your list, you can ensure your business is GDPR compliant and avoid those hefty fines.
- B2B – Legitimate business interest
This caveat for B2B businesses means that you are still GDPR compliant where a company can expect to receive marketing emails from you as part of your normal business activity.
GDPR aims to protect the rights of individuals and give them control over their personal data; allowing companies which market to other businesses greater freedom with using email marketing campaigns.
Let’s say that a smaller company buys a product or service from you and gave you their email address during the purchase. You would then be within your rights to send them a welcome email informing them that you will email them from time to time to let them know about other products they may be interested in.
While legitimate interest does not require explicit consent, you’ll still need to tell your recipient exactly why you are contacting them and make the opt-out process clear.
Your opt-outs
When tailoring your email marketing campaigns in the era of GDPR, you must make it easy for people to withdraw their consent at any time.
As is stated in Article 7(3) of the GDPR, each of your recipients “shall have the right to withdraw his or her consent at any time. (…) It shall be as easy to withdraw as to give consent.”
In most cases, this means you need to have a clear opt-out or unsubscribe button on every single email you send. If a customer clicks this then their data must be immediately deleted from your systems and you must not send them any more correspondence.
You should also ensure that your opt-out function:
- Does not charge customers a fee for unsubscribing,
- Does not require any further information other than their email address to work,
- Does not ask customers to log in to cancel their subscription, and
- Does not make customers visit more than one page to submit their opt-out request.
Your evidence
With every single email marketing customer you have, you’ll need to keep track of all consent-related details for your files. Should you come under investigation for GDPR non-compliance, having this information to hand could mean the difference between your company being heavily fined and getting a slapped wrist.
“Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation,” reads Article 7(1) of the GDPR. Essentially, you need proof that what you’re doing is legal.
Always keep evidence that shows exactly:
- Who consented to the email marketing
- The date they consented
- What they were told at the time of consent
- How they consented such as during checkout, on a page on your site, or through a Facebook form
- Whether they have withdrawn consent
As long as you comply with the rules set out in the GDPR and keep evidence of your compliance throughout all of your processes, you can keep your email marketing campaigns running just as they always have.
Looking for an effective, 100% GDPR compliant email marketing solution? Talk to Maxweb today
Here at Maxweb, we’re the experts in creating and running powerful email campaigns that get your customers to pay attention. We also monitor all subscribers and email actions to support your records. Get in touch today to find out how we can help you on 0151 652 4777.
Posted on Monday, September 3rd, 2018 in Branding.