The sole entry into force of the EU General Data Protection Regulation since 25 May brought some changes with it. Vivien Beischau from Newsletter2Go has put together 6 tips for you so that you know which requirements you have to observe for your email marketing from now on.
Please note that this article is for information purposes only and is expressly not to be understood as legal advice. We assume no liability for the accuracy and completeness of the information presented.
Implement the requirements of GDPR in 6 steps:
1. shipping only with Double-Opt-In
If you want to collect personal data, you always need the consent of the person concerned or a legal permission. This consent must be recorded and a reference to the possibility of revocation at any time must be provided. For your email marketing, this means that you need the permission of all recipients in advance to send them your mailing. If there is no consent, you may not send them any newsletters.
Attention: This also applies to customers who already receive newsletters from you. Make sure that they have agreed to receive the newsletter, for example through a double opt-in process. If you can already prove clear consent from your recipients, no further consent is required.
The double opt-in: A legally secure newsletter registration is the double opt-in procedure. The interested party enters their email address in the registration form and is thereby included in a distribution list. The user then receives a confirmation e-mail and thus the opportunity to confirm the registration in a legally secure manner. The DOI process is completed when the recipient has confirmed this e-mail.
2. use legally compliant shipping software
There are some requirements for a legally secure mailing software that you should consider. Among other things, a legally secure mailing software is characterized by the fact that the servers for sending the mailings are located in Germany. The service providers are audited and equipped with appropriate data protection certificates.
A contract for commissioned processing must always be concluded.
3. guaranteed data security
You should be aware that you must ensure that no unauthorized persons have access to your customers sensitive data. Appropriate technical and organisational measures (passwords, encryption, etc.) must therefore be taken when processing data to ensure that your customers' data is secure.
4. pay attention to data economy
In the context of data collection, you should pay attention to data economy. This means that data is only collected for a specific purpose and may only be used for that purpose. Show your data subjects exactly what they are giving their data for. In addition, you must not collect data that is not appropriate for the purpose.
Example: For a newsletter registration only the email address is necessary. Of course, you can also request additional data, but this information is voluntary and must be marked as such.
5. complete your sign-up process
Transparency is important and ensures trust. In email marketing, this refers to your newsletter registration form, for example. Communicate clearly what your recipient is receiving and what they are giving their data for. And note that you may only mark the email address query as a mandatory field. All other information must not be mandatory for the user in order to make the newsletter registration effective.
6. goodies are not free
You can still motivate your customers to sign up for your newsletter with coupons or promotions. Only in the case of goodies or freebies, such as whitepapers, infographics, e-books, etc., which are combined with a newsletter subscription, you have to explain to your customers exactly what this exchange deal is. Since the prospect is paying with their data, you can't call the deal "free" and you have to make it clear that they are signing up for the newsletter.
It remains to say...
... that with the entry into force of GDPR the protection of personal data takes the highest position. If these requirements are implemented, you are well on your way to making your email marketing GDPR -compliant and avoiding horrendous fines. In our Whitepaper on the EU General Data Protection Regulation we have compiled all the important facts, you can simply download it.