The new European Union legislation known as the General Data Protection Regulation, or GDPR, enters into effect on May 25th, 2018. That means you only have a few more weeks to prepare. Now is the time to make sure that you’re following best practices with your email marketing strategy in order to be in compliance with the new law.
For the past few months, the GDPR has dominated headlines in Europe and even in North America. It establishes new rights for online users regarding their personal data, including more control over how this data is used, stored, and processed.
Although the law is being put forth by the EU, any business that is processing personal data of EU citizens is subject to the new restrictions and requirements. That means if you have any European subscribers to your emails, or you’re collecting personal data from customers in the EU for your ecommerce store, you need to be ready.
Make sure you’ve taken the necessary steps to align your email marketing strategy with the new regulation by following our GDPR checklist:
First Step: Get proper consent from new contacts
Make sure that your opt-in forms are up to date and clearly communicate to new subscribers what they can expect after signup.
One of the main tenets of the GDPR is the importance of receiving consent from users to process their personal data. This consent should be “freely given” through a positive action based on very clear information regarding how their data will be used.
To make sure that you’re collecting consent in the right way, there are a few steps you need to follow:
Although these restrictions may seem like they’ll hurt your business, it’s actually good for your email deliverability and customer relationships. That’s because these steps will ensure that people are signing up for the right reason: they want to receive your emails. This will create more engagement for your campaigns, leading to better deliverability, and happier customers because they’re getting what they want.
Second Step: Make sure contacts in your existing lists have given proper consent
The GDPR is retroactive, meaning it applies to contacts who are already in your database as well.
Becoming GDPR-compliant also means checking to ensure that you have the consent of contacts in your current lists as well. This process consists of two parts:
Even if your contacts did sign up through an active opt-in, it’s still not a bad idea to clean your list with a re-opt-in campaign anyway. This helps with engagement rates and removes any potentially expired or inactive email addresses.
Third Step: Make data access requests easy for contacts
Under the GDPR, your clients have the right to access, modify, or change any personal data of theirs that you have at any time.
As I mentioned earlier, the new regulation gives online users more rights and control over how their personal information is used. It’s imperative that you make it easy for users to exercise these rights if you want to avoid penalties under the GDPR. Here are a few things to keep in mind that should help:
Fourth Step: Check to make sure that all of your third-party software providers are also GDPR-compliant
You are responsible for your contacts’ personal data, don’t just entrust it to anyone.
If you’re like most businesses these days, then you’re likely using multiple different third-party software tools to help process and store your customer data. It’s always a good idea to check with these providers and make sure that they’re following best practices in compliance with the GDPR (like Sendinblue 😉 ).
Feeling lost? Make sure you’ve covered all the steps with our GDPR checklist below!
Product Marketing Manager @Sendinblue. I love helping SMBs and eCommerce businesses reach a larger audience by writing on digital marketing best practices and advanced techniques. In my free time, you can probably find me skateboarding or tinkering in an overly-complex spreadsheet. 😉