Understanding GDPR and how it affects you will determine how you manage the strict new regulations. Here are some key points that are also useful for email marketers. Read on.

Make sure your mailing list is GDPR-compliant.

To start, check your mailing list to make sure you have explicit consent and all data is necessary. If you don't have explicit consent and it's unnecessary, remove the user from your list.

If you have explicit consent for all contacts, ensure that personal data is secure by using a reputable email service provider with strong security controls.

Make sure there are robust policies in place for how the personal data of users is collected and stored: what kind of information is being captured; how long it will be stored for; where it will be stored; how it will be used; whether there are any third parties that may use this information. You should also make sure you have a GDPR-compliant privacy policy in place.

Have a clear process for handling requests from users to see their data, delete their data or request they cease receiving marketing communications from you.

Give permission a prominent spot in your signup forms.

Email marketing is fundamentally about sending messages to people who want them. That's why you must give permission a prominent spot in your signup forms.

The GDPR requires explicit consent before sending an email newsletter to prospective or current customers. With this in mind, make sure your opt-in process is unambiguous.

Use checkboxes to indicate that users are opting in to your communications, rather than automatically signing everyone up for a newsletter when they purchase something from you online (make sure the opt-in box is unchecked by default). Using clear language like 'tick this box if you would like to receive our monthly email newsletter' will help make the process user-friendly. There will be no misunderstandings that could lead to legal action being taken against you later.

Double Opt-In

A double opt-in process means that users are sent an email after submitting their details on your website, asking them to confirm their subscription before being added to your list. Think of it as extra insurance against inadvertent subscriptions and potential complaints down the line. If customers don't respond within 72 hours, you should delete their details from your database because they haven't given explicit consent by confirming their request by clicking on the link provided in the email. A double opt-in process also helps ensures that someone isn't using fake or throwaway emails when they subscribe (a legitimate concern since we all know that inboxes love getting spammed).

Limit the information you ask for to what's strictly necessary for the services.

You should only ask for the information that you need to provide the service that your user is asking for. So, for example, if you are sending an email newsletter, you'll probably need their name to personalize emails and their email address to send them emails. However, if you're not going to use a person's gender or job role when personalizing your email, don't ask for it!

If you are collecting data from a form on your website (like a contact form), then make sure that the form clearly states what data will be used. And remember: don't ask for information that isn't strictly necessary. For example, I've recently seen some forms asking people to submit their full name and gender as well as their phone number and postcode. This is unnecessary! If all they want is my phone number or email address, why do they need anything else?

To fulfill the second requirement of GDPR, the privacy policy link must be visible on all your marketing channels. When users see this link, they'll know exactly where to go to learn more about your business's data collection practices.

Here are some tactics you can use to display your company's privacy policy:

  • Add a privacy policy link to your email signup forms. This will help users access and view the policies before submitting their information. Many companies often include links in their email footers and on their website and social media pages.
  • Include a disclaimer on all marketing material that references a privacy policy page with further information. This way, users will be alerted to such policies while being pointed in the right direction if they wish to learn more about them.

To be GDPR compliant, there are several measures you need to take. As mentioned, one of the key tenets of this new legislation is to give members of your contact list more control over how their data is used. They have the right to know what information about them is being collected, with whom that data is being shared and for what purpose.

You can offer more transparency and give consumers control over their data by including an unsubscribe link in every email that you send out as part of your marketing communications strategy. It's a legal requirement under GDPR, but it's also good practice as it allows subscribers to opt-out if they so choose.

Whether your business operates exclusively within the UK or across Europe-wide borders, all marketing emails sent must now feature a clear link through which recipients can unsubscribe from future communications. The link must be accessible and quick to use; this means making sure people aren't required to fill out any forms when opting out - simply clicking on the link should suffice, and they should be automatically removed from any future contact lists/marketing campaigns.

Confirm an opt-in request by sending a confirmation email.

Send a confirmation email once you've received an opt-in request via email. Be careful not to include any marketing content in your confirmation email, as some anti-spam laws prohibit "precheck marketing." As a rule of thumb, the only contact details you should include are those for unsubscribing from your communications.

Make sure that you give people the option to unsubscribe from all emails, rather than just specific types (e.g. sales emails). If they aren't interested in receiving newsletters or notifications anymore, they may be more likely than not to hit the unsubscribe button and be done with it simply. And if they change their minds again later on down the road, they can always choose to opt back in again at that time if they so choose.

Suggest other ways of keeping in touch if users opt-out.

If someone unsubscribes from your mailing list, don't assume they've lost all interest in your company. They may no longer want to receive emails from you, but that could be because they're receiving too many. Instead of giving up on them entirely, consider these other ways of keeping in touch:

  • Follow them on social media and engage with their posts.
  • Send them a coupon for their next in-store visit.
  • Send them a direct message on social media (if you have a business profile). If a user hasn't been to your website since the update and there isn't any way to contact them directly: Call them! It may seem like an old-fashioned approach, but it could be just the thing to make someone feel valued by your brand again.

GDPR doesn't have to be scary, but it does need to be respected.

  • What is GDPR? The General Data Protection Regulation (GDPR) is a new framework for data protection that was implemented by the European Commission. It replaced an old legal framework from 1995 and has brought greater harmonization to data privacy laws across Europe.
  • What GDPR means for email marketers: When it comes to email marketing, one of the most significant changes GDPR brings is that you now need permission from your customers to send them emails. This permission can be explicitly given or implied through checking a box at the checkout, making a purchase, or requesting information about your products and services. You must provide evidence of this consent before sending any marketing emails. If you don't have written consent for someone's details on file, it may be wiser not to contact them rather than risk breaking the law.
  • Why it is important to be GDPR compliant: Under GDPR guidelines, companies who fail to comply with regulations can incur penalties of up to 20 million Euros or 4% of a company's global annual turnover—whichever is higher! This means that even if your company operates outside of Europe but still attempts to market its products or services there (or simply sells products or services in Euros), you could potentially be hit with some hefty fines if you are not compliant with GDPR rules and regulations. In addition to preventing huge penalties that could seriously cripple your business, being fully compliant with GDPR also protects your brand reputation by encouraging consumers' trust in how you handle their private data.
  • What should I do if I am not GDPR compliant?: Reach out to us! We'll help ensure that your business complies with the latest privacy guidelines. No matter where your customers are located in the world—and however they choose to pay—you'll never risk falling foul of online data laws again!