The incoming GDPR means the acquisition and use of personal data must be transparent and explicit. But how will that affect email marketing and what should email marketers do to stay within the law? Darine Fayed explains how the new data regulation will work and why GDPR & email will, actually, result in better quality communications going forward.
Not familiar with the acronym GDPR? It’s now a commonplace term. There’s not a week that goes by without a conference, webinar or roundtable organised on this subject – not to mention the daily articles written. The new General Data Protection Regulation is causing concern among professionals, and understandably so. When it comes into force on 25 May 2018, companies with European customers will no longer be able to use email marketing in the same way. No more aggressive approaches to information gathering or purchasing databases. Explicit consent from the recipient will now have to be proven before sending any emails. A blessing in disguise? This is what I will address in this article.
GDPR signals the end of the forced opt-in
The European Union’s intention is clear: to use GDPR to ensure the proper use and acquisition of personal data. Up to now, the rules have been unclear and based on various different local laws. The new text specifies unequivocally: the acquisition and use of personal data must be transparent and explicit.
In other words, the GDPR signals the end of forced opt-in or opt-in by default, a favourite technique of marketers. This approach consists of pre-ticking an opt-in box on a form (subscription to a newsletter, promotion alert, etc.) in order to gather email addresses on mass. In this instance, the request is implicit and at no point is the user clearly informed about how their information will be used. This technique will therefore be illegal from 25 May 2018.
At Mailjet, we recommend going one step further and using a double opt-in approach to comply with this regulation change. This technique consists of asking for the user’s consent twice before including them in your database. This way there can be no doubt at all that the contact has clearly given their approval to receive your emails, as well as ensuring the accuracy of the email address given. It is also a convenient way to document the consent given, by storing the date and time stamp of the confirmation email link of the given consent.
Double opt-in, the example of Skyscanner
Let’s take Skyscanner as an example to get a better understanding of how double opt-in works (we have no affiliation with that company of course!). The travel comparison site asks its users if you want to receive price alerts. An email is automatically sent as soon as Skyscanner detects a change in the prices for a trip.
Users wishing to get this price alert must first enter their email address in an opt-in form (that specifies the reason for the opt-in).
They then receive an automatic email asking them to confirm their email address to finalise the alert subscription. The contact will not receive price alerts from Skyscanner if they do not confirm this.
The travel comparison site essentially gets the user’s consent twice before including them in their database of contacts. This automatic email can also be an opportunity to explain how the email address will be used, as well as how they can opt-out at any time, also to include a link back to your website or your online privacy policy to give more information for the customer. The process is relatively simple to implement, is widely adopted and fully complies with the new regulation on the subject.
This also allows companies an opportunity to build its customer relationship from the onset. The client will receive clear communication and will likely appreciate this clarity that will allow higher brand confidence and trust. It’s also an opportunity to use your brand voice for brand recognition and customer loyalty.
What about contacts recruited before GDPR?
Of course, there will be a before and after 25 May 2018 point. Companies must anticipate this evolution as the GDPR requires adjustments in order to be fully compliant when the date arrives.
So far, we have discussed specific changes (or adjustments as the case may be) regarding recruiting new subscribers. However, you must not think that your existing database of contacts is exempt. This is also affected by the new regulation and a verification of that list should be made.
If the GDPR is followed to the letter, companies will only be able to use contacts for whom they have actual proof of their consent. If you do not have consent, you have until 25 May 2018 to obtain it. You should bear in mind that the quicker you adapt your strategy for recruiting subscribers, the less tedious the ‘re-opt-in’ work will be. At Mailjet, we advise marketers to make use of all their touchpoints to gather the specific consent before 25 May 2018.
GDPR & email – a quality future
We can objectively answer ‘no’ to the question ‘does GDPR mean the death of email marketing?’. On the contrary, the new regulation will encourage companies to pay more attention to email marketing which will improve the quality of this communication and therefore engage their recipients more.
Finally, don’t forget that the GDPR has officially been in force since 24 May 2016. The date of 25 May 2018 is therefore a deadline which must not be missed or significant penalties may be imposed. By this, we mean administrative fines up to 4% of the company’s overall annual turnover or 20 million euros, whichever is greater! You have been warned.
Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.
Leave your thoughts