GDPR compliance for email marketing is as important as the focus on website compliance. Consumers are concerned about their privacy when they do business with companies online. And for good reason. Personal information has been stolen or sold; financial information has been compromised.
Over time, consumers have felt less and less in control of their data and who has access to it, including data for email marketing newsletters. At the same time, email marketers are developing digital campaigns that include collecting personal data from users.
Governments have responded with regulations for personal data protection. One of the most important and thorough sets of regulations has come from the EU, in the name of General Data Privacy Regulations (GDPR).
Any company doing business with citizens of EU countries (internal or external) must comply with these privacy protection regulations or face potential fines.
What are the Basics of GDPR Requirements?
- Companies must get the consent of EU citizens before they collect and store their personal information.
- Businesses must clearly inform users and customers if their personal information will be shared with third parties, such as affiliates. Customers/users have the right to refuse to have their information shared with third parties.
- If a breach should occur, companies have 72 hours to inform their users/customers.
- Users may request their data profiles, and companies must supply them. This will include all data that has been collected about them.
- Users have the right to request that all of their personal data be deleted from a company’s system.
- There are regulations regarding website security measures that companies must put in place related to personal data collection.
- Companies of a certain size must have in-house data protection officers.
Need to make sure your website is GDPR compliant?
Admiral VRM includes a certified Consent Management Platform and can help you get compliant quickly. Find out more.
Email Marketing Subscriptions Fall Under GDPR Regulations
Multiple studies have demonstrated the value of building email newsletter subscriptions for retention and revenue diversification. Admiral's email growth solution has helped publishers add 1000's of email subscriptions quickly, and can do so in a GDPR compliance-for-email manner.
Example of Digital Trends using Admiral VRM platform to offer a choice of email signup or unlocking ad revenue:
Most users will not take the time to study those other documents. And less-than-ethical practices include “burying” those rights in lengthy documents written in “legalize,” especially the disclosure that personal data will be shared with third parties without opting out.
If you offer an email subscription, then you will want to squarely include your GDPR compliance requirements in each newsletter to demonstrate your integrity and maintain your reputation. Users will feel comfortable and far more trustful having an easy method of exercising their options each time they receive your emails.
It’s All About User Consent and Choices
There is no doubt that email marketing campaigns reap big benefits. Research shows that these campaigns have an ROI that beats most other forms of marketing. But new GDPR regulations will come to play as these campaigns are designed and implemented.
As you look at being fully transparent, take a look at what your emails have and do not have relative to GDPR compliance. Here is a list of best practices:
- You have a secure method for collecting and storing personal data on your website. (Admiral email signup automation can help.)
- You have a request for user consent to which they must respond to begin receiving your emails.
- Your consent to opt-in is in a simple common language that anyone can understand. This can be a challenge if you have been writing policies containing legal language and style.
- During the opt-in process, you have explained in detail what the subscriber will receive.
- You have separate opt-in consent for emails other than your newsletter.
- You have disclosed if third parties will have access and have given the option for a user to refuse that sharing.
- You have made it easy and quick to unsubscribe. When they click that “unsubscribe” button, they are assured that their personal data will be removed from your system.
If you are missing items on this list, then you should take steps to correct them.
3 Critical Steps for GDPR Compliance for Email Marketing
Here are three steps you can take to ensure that your emails are GDPR-compliant:
1) Include Proactive Email Subscription Opt-In
Users give consent by opting to receive your emails on your website and/or blog. You have an option for a single or a double opt-in process. Whichever you choose, there are things you should do to ensure your using GDPR-compliant email marketing.
Single Opt-Ins: the user will subscribe through a single form.
A double opt-in shows further proof that your subscriber has signed up. An additional point might be added that if the confirmation is not provided, the consumer’s personal data provided in the first opt-in form will be purged from the company’s system.
2) Clear and Easy Newsletter Unsubscribe Option
GDPR compliance for email requires that companies provide the option for users to unsubscribe from email marketing newsletters. Each of your emails should have an unsubscribe button. When a subscriber clicks that unsubscribe button, he should be taken to a confirmation page that tells him his data will be removed from the company’s list. Many unsubscribe features do not include it. You should.
Here’s a typical easy unsubscribe option from LaddyGo.com, a women’s clothier:
It’s easy to unsubscribe, but what does “from the newsletter only” mean? Can LaddyGo still send emails offering special savings? Probably.
Users should be given the option to unsubscribe from all types of email marketing if you send more than just your newsletter to subscribers. Here is an email preference list from a grocer that lets subscribers choose which types they wish to receive:
3) Tell Users How Their Data is Secured and Shared
GDPR requires that you inform your site users that when they do subscribe to any of your emails, they know that their data is securely stored. Further, if you do share their information with third parties, they must be informed.
To prove full compliance, this information should be disclosed during the opt-in process, not just in your policies. And always, users must be given the choice to opt-out of their data being shared with others
These three steps will ensure that you are in GDPR compliance for email marketing campaigns and newsletters. Fortunately, you can find help if you want to be certain that you are doing this right. Admiral is both a top registered CMP (consent management platform) and has modules to automate the collection of email signups quickly from visitors. Request a demo with Admiral to find out more.
About the author: Alison Lee is an experienced writer and editor with over a decade of professional writing experience. Alison serves as Editor-in-chief at Subjecto, a site offering writing, editing, and proofreading instruction and services. Alison is passionate about creating great content that educates and inspires. Her interests include reading books, collecting records, and traveling the globe.