The GDPR is here and bring several changes for your email marketing. To let you know which requirements you should look out for in your future email marketing, Vivien Beischau from Newsletter2Go has put together 6 useful tips for you.
Disclaimer: Please note that this article serves information purposes only and is explicitly not meant as legal advice. We assume no liability for the accuracy and completeness of the information provided.
6 steps which help you implement the requirements of GDPR:
1. Dispatch emails only by using double-opt-in
If you would like to collect personal data, you will need either the affected person’s consent or a legal permission in any case. The consent must be documented, and the person affected must be notified of the possibility to withdraw consent anytime. For your email marketing, this means you need the permission of all recipients prior to dispatching your mailing to them. If no consent was confirmed, you are not allowed to send them any newsletters.
Attention: This also concerns customers who already receive your newsletters. Verify whether they had agreed to receiving the newsletter, e.g. through a double-opt-in procedure. If you are already able to prove explicit declarations of consent right now, you do not have to seek for further confirmation.
Double-opt-in: A legally secure newsletter registration can be achieved with the double-opt-in procedure. The interested reader or customer enters his/her email address into the registration form and allows for being added to a distribution list. Subsequently, the user receives a confirmation email and therefore the possibility to confirm the registration in a legally secure way. The DOI procedure is completed with the recipient’s confirmation of this email.
2. Use legally secure email delivery software
There are some requirements for legally secure email delivery software which you should keep in mind. A legally secure delivery software can be recognized, amongst other characteristics, by the servers’ location. If the servers for dispatching the mailings are located in Germany, the service providers are tested and guaranteed with corresponding data protection certificates.
You are always obliged to sign a data processing agreement.
3. Ensure data security
Be aware that you are responsible of ensuring that no unauthorized persons may have access to your customers’ sensible data. Therefore, you must take appropriate technical and organizational measures (passwords, encryptions etc.) while processing data to make sure your customers’ data remain safe.
4. Take data minimization seriously
In the scope of data processing you should pay attention to data minimization. This means that data must be collected for a specific purpose and also used in the context of this purpose only. Show the persons affected in detail what you use their shared data for. Moreover, you are not allowed to collect any data which are deemed inappropriate for or beyond the initial purpose.
Example: For a newsletter registration, only the email address is necessarily required. Of course, you can still request further information, but those data are entirely voluntary and must be marked as such.
5. Enhance your sign-up procedure
Transparency is important and boosts trust. In email marketing, this can apply to your registration form for your newsletter. Communicate straight-forward what your recipients get and what they share their data for. Note that only the email address field is allowed to be marked as a mandatory request. All other information must not be obligatory for the user to be able to effectively sign up for the newsletter.
6. Goodies are not free
You can still motivate your customers with coupons or special events to register for your newsletter. But when it comes to goodies or freebies such as whitepapers, infographics, e-books etc. which are offered in combination with a newsletter sign-up, you are obliged to inform your customers explicitly about this exchange deal. Since the interested party pays with his data, you are not allowed to title this transaction as “free of charge” and you have to make absolutely clear that the person is registering for the newsletter.
Not much left to say except …
… with GDPR having come into force, the protection of personal data is given the highest priority. If you implement all these requirements, you are well on track to organize your email marketing GDPR-compliant and to avoid horrendous fines. In our Whitepaper about EU General Data Protection Regulation we have put together all the important facts which you can simply download on our site.