May 25 has happened but businesses all over the EU are still scrambling to become ‘GDPR compliant’. If your business depends on email marketing, whether it be in the form of newsletters or larger scale campaigns, then ask yourself this question: should you be scrambling too?
GDPR is a reaction to the growth in the digital economy over the last decade. Personal data has become extremely valuable. The regulations are being introduced in order to change the way in which personal data is collected and stored. That’s the much-quoted description, but the real objective is to increase consumer trust in the digital economy, allowing it to grow. Abuse of sensitive personal data and ruthless use of unapproved contact databases has meant that where marketing is concerned, consumer and customer trust is at an all-time low.
Here’s how the EU’s executive body, the Commission, sums up the goal:
The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy.
What this means for marketing by email
Email marketing relies on collecting personal data to build an email database. Of the six key data requirements that all pertain to data, three of them are relevant to email marketing:
- Individuals, data should be collected for specified, explicit and legitimate purposes and not further processed in a way that renders it incompatible.
- Data is only kept in a form that permits identification of data subjects for only as long as is necessary for the purposes for which they have been collected.
- Individuals data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What changes do I need to make?
The first thing to bear in mind is that since May 25th it is no longer ok to simply ‘collect’ email addresses – the recipient needs to ‘opt-in’. However, if they opt-in to receiving newsletters and later you want to send them a marketing email you will need their consent for that as well. Otherwise you may be at risk of receiving one of the new hefty GDPR related fines.
You also need to step up your security where storing data is concerned. If you have all your customers email addresses in an unprotected spreadsheet this is a breach of the new regulations – so take steps to store that data in a more secure way. If you get hacked, lose or damage the data, or it accidentally gets used for the wrong purposes, you will be liable.
How to make your current contact database comply with GDPR
You need to audit your existing mailing lists. Make sure that you know what people have opted into and how. If this proves impossible then there are two ways to rectify the situation (and avoid a potential 20 million euro fine): delete all your existing contacts and start again OR ask everyone to give their consent again. Chances are you yourself have already had emails from companies asking you for the latter.
Plan for the future
Don’t just be reactionary. You need to make sure that the actions you take either inform new, sustainable processes or are repeatable. Looking at your year ahead are there any new marketing initiatives? If so look closely at how GDPR impacts them and anything you will need to do to ensure compliance.
After May 25th data management in the digital economy will change forever. The way email marketing strategy works will be considerably different, especially for businesses that have been buying mailing lists. It may seem initially daunting but if you take the time to audit and change your email marketing practices, it’s relatively simple.
Please note the advice above is only guidance and does not claim to be legal advice. Each business will have unique challenges and PA Business Support encourages the reader to seek professional legal advice about the specific ramifications of GDPR on their business.