Is your email marketing GDPR-ready?
On May 25th 2018, the long-awaited, landmark GDPR (General Data Protection Regulation) legislation comes into force across the EU, changing how organisations handle the privacy of EU citizens personal data in an increasingly data-driven world.
The new law effectively states that you need to obtain express permission from someone to process their information, i.e. they need to be opted in to your email marketing in order for you to email them. This legislation is not to be taken lightly; the ICO has the power to fine companies up to 4% of their GDP and they fully intend to crack down on non-compliancy.
This legislation has been in the workings for a number of years, but the deadline is very much looming and if you haven't sorted your existing email lists by the 25th May, we are afraid it will be too late!
Uh oh - this sounds pretty terrifying....
Is this a bad thing? Well, some organisations with huge email distribution lists consisting of mostly-bought data might have a bit of a problem. But for organisations who send genuinely awesome email campaigns to a list of email addresses who have expressly opted in to your marketing list, you don't really have much to worry about!
Despite the initial teething pain of becoming GDPR-compliant, we actually see this as quite a bold but positive change for email marketing! This deadline is forcing everyone to take an honest look at their email lists, be honest about their intentions, provide an opportunity for subscribers to get the hell outta there if they wish and then forever more, to send genuinely awesome emails campaigns.
What will your email marketing be left with? A list of people who have shown an actual genuine interest in hearing from you and a refreshing layer of reciprocated trust. Nice!
What do I need to do to be GDPR compliant?
Firstly, if you have an email marketing list which contains any email addresses not expressly opted-in (nope - pre-ticked boxes don't count, nor do emails collected through online transactions), you will no longer be able to email them after May 25th - so now is the time!!
You need to get as many people on that list to specifically subscribe to your mailing list. Create an opt-in/subscribe page through your email marketing software which very clearly states what you plan to do with their data, create a irrefutably compelling reason to subscribe, and email your list to ask them to re-subscribe. That might seem weird, but don't worry - EVERYONE is doing it!
But what if I am left with no-one?
Well it would probably be a sign that no-one was actually reading your emails anyway - sorry. Let's start again and aim to maximise the email subscription opportunities.
Do you have an active social media presence? Put an email signup form on your social media bios and remind people to sign-up with the occasional post.
If you're going to focus hard on your email sign-up prompts then you need to make sure it's god dam enticing! You are asking people to opt-in to receive email communication from you - why should they!? Are your emails that good? Do you offer them a good reason to sign up?
Email newsletter signup boxes should be available on your website and they should be easy to find, opt-in and opt-out. If you don't utilise the opportunity your website provides then you have very little chance of growing that list.
Key GDPR compliancy prompts
- Say goodbye to pre-ticked boxes (someone tell Ryan Air)
- No more silent opt-ins when someone makes a purchase or uses your service (unless it's vital to the service)
- If you are going to share the email address with a "third party", each third party must now be individually identified.
- You'll need to keep evidence that you have received express consent, including proof that the user knew exactly what they were signing up for.
- Unsubscribe options needs to be easy and accessible
On the subject of unsubscribe, you might want to set up an email preferences page to discourage total unsubscribes. Perhaps you have one email list but you send four varieties of campaigns - do you want this user to blanket unsubscribe from all of them? Or do you want to give them the option to opt back in to one of those campaigns which is actually quite relevant to them? Giving users a preference page can sometimes save you from a total unsubscribe.
What else goes GDPR include?
We have only discussed email marketing because we get asked about this a lot, but the new GDPR legislation is relevant to ALL data privacy and that goes beyond email marketing. The GDPR website refers to "personal data" as any information related to a natural person of 'data subject', that can be used to directly or indirectly identify that person. It can be anything from a name, a photo, an email address, bank details, posts on social networking sites, medical information, or a computer IP address.
We have only dealt with one element of personal data in this blog post and clearly there are also huge changes which need to take affect such as website cookies, user profiles and even how we handle our CRM's and sales data.