GDPR & Newsletters/Email Marketing

The General Data Protection Regulations (GDPR) affects how marketers seek, collect, and record consent. Marketers will only be allowed to send email to people who’ve opted-in to receive messages. The GDPR not only sets the rules for how to collect consent, but also requires companies to keep a record of these consents.    The GDPR will determine how your business does business,  how it manages, protects and administers data in the future.

The GDPR goes beyond the consent required under the EU Privacy Directive.   However, if you are already compliant with current Canadian, American, or European email laws, you may not have to change much when it comes to GDPR compliance.  

How does the GDPR affect Newsletters & Email Marketing?

Subscribers must consent to an affirmative action signaling consent to all newsletters and email marketing.  This may include checking a box on a website, choosing which lists they subscribe to, clicking a button to confirm aceptance or another action confirming consent, that clearly indicates consent to the processing. Implied consent, pre-ticked boxes, or inactivity is not adequate under the GDPR.

The subscriber signup process must give information about the brand collecting the consent and about the purpose for the collection of that personal data.

Under the GDPR, the burden of proof lies with the company to prove sufficient consent has been given, and that reasonable evidence has been provided to show that you have complied with the GDPR if you are challenged.  All forms will have to be presented if requested.

Many practices that marketers previously used to grow their database won’t be compliant under GDPR. Email marketers will have to change how they collect and store subscribers’ consent.

All of your customers’ data and business processes have to be up to the correct standard.  Many brands will have re-requested permissions before the GDPR came into effect in May 2018.

Stricter privacy and opt-in regulations can make marketers fear:

1. They won’t be able to keep growing their database as quickly
2. Reviewing &  adapting existing opt-in processes is a time- and resource-intensive task
   

So how do you deal with this? 

1. You can delete or block all traffic and signups coming from Europe. But the European market is very large and very important, so excluding European subscribers wouldn't be an option for most brands.
   
2. You can separate signup processes for subscribers around the World, excluding the EU to a separate list.  Subscribers from the EU would have to go through a GDPR-compliant sign-up process, while other subscribers wouldn't. However, privacy legislation is coming into efffect in many countries in the near future. If you get into the habit of excluding people, you could find yourself having to change for your local base anyway.
3. Bring your entire database up to GDPR standards and adapt all of your opt-in processes to match the EU requirements.
   

There are advantages:

1. It will help marketers make sure they only send email to subscribers who really want to hear from them (your target audience) and therefore improving your list quality
   
2. If you comply with GDPR, you'll propably be compliant with other international email regulations too.
   

What if you don't comply?

The penalties for businesses that don’t play by the rules are going to be very high.  Non-compliance of the GDPR can lead to fines of up to €20 Million or 4% of a brand’s total global annual turnover (whichever is higher).  

Useful Links ...

• EU Data Protection
• Direct Marketing Association GDPR News
  
• EUGDPR.org GDPR FAQs
  
• European Commission - Fact Sheet
  
• Preparing for the GDPR - 12 steps to take now