- On 10/03/2019
One of the most important changes in digital marketing in 2018 was the new GDPR regulation. Many people saw this as the end of email marketing but that’s definitely not the case. In fact, GDPR is a good thing even though many people don’t quite understand it. In this article, we’ll cover some of the most important GDPR-related email marketing rules and explain why GDPR is a good thing for both, consumers and businesses.
Why GDPR is a good thing for consumers?
People have been giving their personal data away for free for ages without most of them understanding why their data is being collected by brands they were interacting with and what is it used for. Hence, in this world where consumers don’t understand how their data is being used, can anyone give consent?
The days when customers “read and understood” a lengthy terms and conditions document that states their data will be held and used for an indefinite period of time are over. I don’t think anyone ever read the “terms and conditions” and hence, no one really understood them. With time, these documents kept getting lengthier as time passed by. Subsequently, people have been giving up the rights to their personal data one checkbox after another for over 20 years. That’s not the way business is supposed to be done and something had to be changed.
I’ll try to simplify this as much as I can. Imagine going to the supermarket, walking around and getting some groceries for your home. You head to the register and the cashier hands you a 50-page legal document asking you to sign it before making your purchase. Naturally, you sign without reading and move on. Now, in the document you signed, you gave the supermarket the permission to follow you everywhere you go and record all of your moves, gathering information about you that gets sold to third parties without you ever knowing.
Why GDPR is a good thing for brands?
The ambiguous language of the bureaucrats in Brussels created a lot of panic and paranoia among email marketers. GDPR is indeed a powerful weapon but it’s not pointed towards email marketers. GDPR isn’t legislation focused on email marketing. It’s rather focused on concerns about data privacy. This means that the company must be collecting and processing data for legitimate business reasons. An online watch vendor storing your name and address for a repair/refund is a legitimate interest. But an online watch vendor storing data about your health (for example) is not.
This is why GDPR needed to happen. It’s not supposed to stop you from email marketing. It’s made to stop companies from storing individual data for dodgy purposes. However, don’t think that this won’t have an impact on email marketing. Obtaining consent from your leads might require some more work than before and this might sound scary for marketers who gotten lazy. Opt-ins are becoming tougher to get in the post-GDPR era and opt-outs are made a lot easier for subscribers. This is a good thing.
It’s a good thing because you’re gathering data of people who are genuinely interested in your company and not a part of a list you bought from some third party. This makes your email marketing easier because you’re reaching out to warm prospects. Why would you want to trick people into subscribing anyway? What could you possibly gain by sending promotional emails to people that don’t want to receive them? If you’ve been doing your email marketing in the right way, GDPR will change nothing for you. You know it’s a part of your job to persuade people to want to hear from you. That’s what GDPR is all about- building trust between brands and their subscribers.
But is it okay to email businesses after GDPR?
GDPR is aimed towards protecting individuals , ot businesses. However, there are still some unwritten rules you should follow if you want to stay on the safe side.
1. Ensure your emails are appropriate and targeted
2. Express your legitimate interest in your emails
3. Make it super-easy to unsubscribe or opt-out
4. Regularly clean and maintain your database
5. Keep consent request separate from the Terms & Conditions
6. Track and keep evidence of consent
Ensure your emails are appropriate and targeted
GDPR doesn’t formally forbid people to prospect and collect B2B leads but it does demand a greater level of care and accuracy during the lead generation process. According to GDPR, your lead generation should be relevant and adequate. Relevant means that your leads shouldn’t be surprised to hear from you. This means you did your targeting right. Adequate means you collected only the data you needed and which is strictly necessary to you as a data administrator. It’s simple, just don’t ask for data you don’t intend on using.
Express your legitimate interest in your emails
The reason for you targeting your leads will be self-evident but you should still always follow it through in your emails and explain exactly why your offer is relevant. I mentioned legitimate interest previously in this article. It’s one of the six lawful bases of processing data under the GDPR. It’s not required by law but it’s of clear benefit to both, your company and your subscribers.
However, keep in mind that you shouldn’t use this as an excuse all the time. Legitimate interest as lawful reason for processing data is legal but ONLY if your interest outweighs an individual’s right to privacy. Also, keep in mind that your basis for processing data can be contested. Whether your interest overrides someone else’s privacy rights is always open to debate.
Make it super-easy to unsubscribe or opt-out
If you’re sending cold email campaigns, you absolutely must give people a clear way out. The opt-out link should be a part of every email campaign you send. If you’re using a marketing automation software, they will have an automated unsubscribe feature as a part of their service. However, there are other ways in which you can follow this rule. You can give your subscribers to option to send you an email or SMS with the word “stop” if they want to stop receiving messages from you. An unsubscribe button isn’t the only way to allow users to opt-out. The point is to delete someone’s data if they want you to delete it.
Regularly clean and maintain your database
Finally, GDPR isn’t only about removing people who opted out or unsubscribed. It’s also about not holding onto leads with inaccurate contact information for months. You should clean your database regularly and get rid of inactive or unresponsive leads, check whether your records are up-to-date periodically, and tag your data to record how and when you collected and processed that data.
Keep consent request separate from the Terms & Conditions
Email consent must be given freely and independently from your terms & conditions. Those are two different things. Also, if you’re giving away a brochure and the user needs to leave their data in order to download it, their consent isn’t freely given because you’re leaving them no other choice to get the brochure except for living their email.
According to GDPR, email consent needs to be kept separate. You should never bundle it with anything, including your terms and conditions, privacy policies or any of your services.
Track and keep evidence of consent
Another thing that GDPR sets the rules for is how to keep a record of the consents that a company collects. According to article 7 (1), “Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
In some countries, providing evidence of consent has already been the responsibility of companies collecting the data. However, for many other marketers, this new requirement will be a new challenge. To put it simply, keeping evidence of consent means that companies must provide proof of:
- Who consented;
- When did they do that;
- What were they told at the time they gave the consent;
- How the user consented (a form, checkout etc.) and
- Whether they have or haven’t withdrawn the consent
But can I buy a contact list according to GDPR?
Certain purchased lists with ca lear affirmative statement of consent may be completely legal under GDPR. However, it’s strongly recommended that you avoid this. Keep in mind that everything that’s permitted isn’t necessarily good for your email marketing strategy.
Finally, whether you are buying data or collecting it yourself, you should always keep a record of how and why you have collected and processed the data you possess. Make sure to always have an accurate response to “Where did you get my email address (and all other information) from”.