The new EU General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.
It is a collection of rules that protect the personal details of all European Union citizens from unauthorised access.
Some estimates that it will take the average person hundreds of hours to read every privacy policy for every website they visited in a year.
Click Here to Schedule a Consultation
Back in 2010, Facebook’s privacy policy was said to be longer than the US Constitution.
All these go to show the importance attached to people’s data privacy.
This new GDPR privacy law is making all email marketers to rethink their strategy.
We need to consider whether email marketing is still worth it. Consider all the risks involved now regardless of whether you are a citizen of the European Union or not.
Fines for breaches range from a maximum £500,000 to about £17.5m or 4% of global turnover, whichever is the higher. Yikes!
Mind you, don’t think that if your organisation is not in the EU, the GDPR does not concern you. It affects everyone!
Moreover, to show the importance Facebook has said that their policy will apply to everyone regardless of whether you live in the EU or not.
So it is only a matter of time that many governments and organisations worldwide adopt similar policies.
Thus, you had better start preparing if you have not done so already. The deadline is around the corner.
Becoming GDPR compliant is not a walk in the park. However, for most organisations having a clear and transparent privacy policy on your website is a step in the right direction.
Also clearly notifying your website visitors of your privacy policy and seeking their consent to use cookies to collect their data on your site is also a necessity.
This necessity is why you have probably noticed our cookie notice in that black bar with the blue button on this website.
If you continue to use this site, I will assume that you are happy with our cookie policy.
What else can email marketers in particular and organisations generally do to ensure that they are implementing best practices in this regard?
Things You Need to Cover
Here are a few of the items you need to cover.
- Don’t use pre-ticked opt-in checkboxes on forms on your website. Your website visitors must directly confirm their consent by ticking the box themselves.
- When asking your website visitors to subscribe to your newsletter to receive marketing messages from you, don’t force them. They must give you their explicit consent that they are interested in receiving your marketing messages. If you are offering them something like a pdf download, they should be free to download it without signing up for your newsletter.
- Each email newsletter or marketing and promotional email you send out must clearly, and in simple terms include an option for the person to unsubscribe. You must not charge anyone for unsubscribing. You must not require any further information from them before unsubscribing. Neither must you need them to log in or visit any other page on your website to unsubscribe.
- Henceforth your organisation needs to be very serious about record keeping. You need to keep records of who is giving consent, when and where they provided consent and what message you sent them when they offered you consent and so on.
- You need to audit your existing mailing list to see whether you complied with the above requirements when you captured the data. If in doubt the best thing is to scrap your mailing list and start all over.
If you have a mailing list that you have not mailed to in a long time or one that the majority of your subscribers do not read or engage with your mail or you get a high bounce rate, the best thing is to start over.
Note that GDPR only applies to existing EU subscribers on your mailing list. It does not affect signups that occur after May 25, 2018.
Over to You
What are your thoughts on this whole GDPR issue? Share your thoughts in the comment below.
All these legal jargon has made me hungry! Do you want some cookies?
Disclaimer
I am not an expert in GDPR. This article is not intended to be an expert guide on GDPR or anything of the sort. I am writing this based on my little understanding. Do your research and seek legal counsel if you need to know more about GDPR for your specific circumstance.
Further Reading
General Data Protection Regulation
WTF is GDPR?
GDPR: Are you ready for the EU’s huge data privacy shake-up?
Did you like the article? Please pin it!
