So, May was a fun month this year!
I thought I would focus on one aspect of GDPR in this piece, and that is the role of email marketing in this new holy consumer data world.
The main message that every business owner needs to remember is that it is still OK to send emails to consumers or to people who have subscribed to your newsletter list. There are just a few rules and best practices that you must abide by regarding how you have previously collected that data and how you are collecting it going forwards.
Data you collect for email marketing needs to be freely given and specific and the consent you receive needs to be informed and unambiguous.
To quote some official wording, freely given data is “Data that is given to you by a consumer for the obvious intent of you being able to message them”. Therefore, data that you collect in an obvious and GDPR compliant subscribe form is freely given. Data that is collected during an ecommerce checkout process and then used for email marketing without any consent is NOT freely given.
Data collected on a physical sign-up form (e.g. data capture cards at consumer shows) is fine if consent is also collected. DO NOT throw away such materials though after data-entry or at least store an electronic copy of them in a secure online storage area so that consent can be verified if ever challenged.
Specific data is data that is specifically relevant to allowing you to send email communications to the consumer. At the ‘safest’ level, this is just Name & Email Address. ‘Extra Value’ data such as Date of Birth, Postcode, Age of Children, etc is still allowable but you need to be able to justify WHY you want to collect such extra data. Consider NOT making such data mandatory on your subscribe forms.
If you haven’t already then you need to look at data you have from previous data capture activity prior to May 25th and rank it by ‘Justified’ and ‘Nice to have’. If you don’t sell outside of the UK, then ‘Country of residence’ is justified whereas ‘Favourite Book’ isn’t!
You MUST ensure that consent for email marketing is given by the consumer. The starting point for this is to make sure the consumer is informed that they are about to give you data for that specific function. Everything around consent needs to be transparent and unambiguous; for example, consumers need to click/tap the opt-in box to AGREE and NOT to opt-out and you must be able to prove consent was given on ALL records that you are currently sending marketing emails to (pre & post May 25th, 2018). If you cannot prove consent was given to you then delete the record!
For consumer email marketing it feels to me that purchased lists are dead now. The riskiest data you may hold is any previously purchased data. Even if you have emailed them lots of times in previous years it is still risky if you cannot prove consent for YOU to email them (you are storing & using that data). If you went through the exercise of getting these recipients to opt in to your newsletters again ahead of May 25th then they are fine though because they have now agreed consent with you.
A consumer also now has the right to request that you delete any data you have on them (The Right to be Forgotten). This means you need to know where the data is!
For email marketing you should only store data in one secure location (e.g. a CRM system or online email marketing system) so it is time to consolidate the various spreadsheets and Google Drive documents that you have always relied on and get the data into one safe digital place. Consumers also have the right to view and update the data you store about them.
They also provide links in emails you send to allow a recipient to view and change their own data and the unsubscribe process is easy and effective and it is impossible for you to accidentally mail someone who has unsubscribed.
So, to round off…if you need help then a great starting point is to Google ‘Mailchimp GDPR’ and read and learn.