The GDPR Compliance deadline of May 25th has already passed, so in case you’re a bit behind here’s what you need to know about GDPR as a marketer.
Please note: This blog is not official legal advice, and we recommend ensuring you’re fully compliant with your legal counsel.
First What is GDPR?
GDPR is European Union’s General Data Protection Regulation.
If you communicate or have business relations with European Union citizens, you will certainly need to adjust your marketing practices to avoid hefty fines. That means if you have just one European Union citizen that subscribes to your newsletter this applies to you! The European Union’s General Data Protection Regulation goal is to protect individuals and their personal information. This impacts the way marketers can collect, share, and use personally identifiable information.
This “personal information” can include several different types of data including:
- Email addresses
- Names
- Photos
- Bank info
- Social media posts
- Medical information
- Computer IP addresses
What are the penalties if you ignore GDPR?
If you do not comply you can be looking at “fines of up to €20 million for more serious offenses, and 2% of annual global turnover (sales) for offenses like not having your records in order or not notifying the authorities of a breach .”
That’s significant!
Compliance is largely going to impact your email marketing initiatives, so we’re going to focus our attention on that.
Here are a few tips:
- Make it clear what people are signing up for:
“One of the biggest concepts of the GDPR is consent – do your subscribers really know what they’re signing up for ?”
When asking for an email address, be extremely clear about asking for consent – not just consent to send them a free guide, ebook, etc., but also consent to continue emailing them in future.
It’s also no longer okay to simply include a pre-checked box – you know the kind that requires the person to UNCHECK it in order NOT to be sent emails?
Instead, your subscribers will need to consciously, clearly, and intentionally request to join your list and receive emails from you.
You’ll also need to get permission if you want to send different TYPES of emails to your subscribers; for instance, if a customer has given you their email address so you can contact them about product recalls, you can’t turn around and suddenly start sending them promotional emails!
Action item: On your email opt-in forms, include wording that makes it clear what people are signing up for. If you’re offering a free product in exchange for the email, include a (NOT pre-checked) checkbox asking if they would also like to receive regular marketing emails from your company. It’s no longer enough to simply use wording like, “By entering your email you agree to receive my guide and regular emails” – (Kim Garst writes in her blog)
- Don’t Ask For More Info Than You Need
Analyze the information you’re asking for. If it’s not crucial or super relevant then stop asking for it.
- Make it easy for your subscribers to change or delete their info
GDPR gives EU citizens “the right to be forgotten”. Making it easy for a customer to withdraw their consent is essential. Simply make it easy for subscribers to unsubscribe, then make sure you don’t email them again! If you want to end up in hot water email a subscriber who has unsubscribed prior!
“Also, once they unsubscribe, it’s also important that their info is removed from any third-party vendors you use (e.g., Stripe), OR, that you clearly state that you’re not responsible for what happens after people leave your site in your privacy policy.” – (Kim Garst writes in her blog )
- A double opt-in process is now an even more crucial best practice.
Before double opt-in was recommended to ensure a subscriber really wants to receive your emails. Once they opted-in for an email they would then have to click on a link in their email to confirm. (This prevents other people from registering other folks for emails they don’t want, or accidental misspellings, etc.) Before just considered good practice, it is now highly recommended with GDPR in place. Just imagine someone subscribing to someone else that does not want to receive your emails. Your company will be at fault!
- Keep records of people’s consent
Double opt-in is great. Just make sure you can prove that folks have in fact opted-in. Your email marketing service will likely help keep track of most that data, but double check!
- Include a clear link to your privacy policy or terms of use
“When people opt-in to your list, there should be an obvious link to your privacy policy or terms of use that they can click for more info.
Basically, this page should explain how you plan to use their personal data, how you plan to protect that data, who will be able to view that data, etc.
You should also know how your vendors or service providers (e.g., Stripe, PayPal) are using that data…OR ELSE include a disclaimer that you aren’t responsible for what happens when people leave your site.
Finally, your privacy policy should clearly explain who you are, why you have the right to use their data (because they opted in), and that people have the right to complain to the ICO if there’s an issue with the way you’re handling their data.
Link to this page on every page of your website, especially on pages where people are sharing their email or other personal information – like any landing pages or sales pages.”– (Kim Garst writes in her blog)
- Make sure your website is switched to HTTPS
You should already be doing this for SEO purposes! But if you’re not GDPR is another reason to ensure personal data is protected!
- Write down your procedures
You need to have a written record of your policies and procedures as they relate to GDPR. This includes items such as:
How will you delete personal data?
How will you protect personal data?
What will you do if your email or website is hacked and personal data is compromised?
- Remove contacts that don’t comply with GDPR
This law is retroactive, so if you have not appropriately gathered email contact information in the past it’s best to remove those lists to stay safe!
In Conclusion:
Take the time to review your collection, storage, sharing, and “right to be forgotten” processes to ensure you are compliant. In all reality, if you have been doing the “right things” to protect consumer privacy/rights all along then you are in good shape, but with a few nuances to double check.
That Company takes our responsibilities to protect consumer data very seriously. We have already made the necessary updates to our privacy policies and have taken great care in building our email lists. If for any reason you are on our newsletter list and you would like to discontinue receiving it, please click the unsubscribe button that’s included with every email and we will never email you again. Thank you to all of our subscribers. We look forward to keeping you informed of the latest digital marketing trends. We appreciate you and look to best guide you as you grow your business.
References:
Garst, Kim. “Are You GDPR Ready? What Marketers Need to Know.” Are You GDPR Ready? What Marketers Need to Know – Kim Garst| Marketing Strategies That WORK, kimgarst.com/gdpr-what-marketers-need-to-know.