From 25th May 2018 all EU members will have to conform to this new privacy law (Brexit will not change this immediately and it is unlikely to in the longer term). Changes will affect every company which collects and uses email data from anyone within the EU. This will give the public more privacy and more choice about who holds their data and what it is used for.
Marketers will only be able to send emails to people who have specifically opted in to receive messages, this consent will need to be ‘freely given, specific, informed and unambiguous’. GDPR confirms that this affirmation action could be by checking a box on a website – silence, pre-ticked boxes or inactivity, however, are not acceptable.
GDPR requires the recipient is provided with adequate information on how their data will be used, and given the opportunity to object to this.
GDPR also requires that these consent confirmations are recorded, as ‘the burden of proof that sufficient confirmation has been given lies with the company’, and if challenged they will have to show proof of the consent.
These new regulations on recording consent will also apply to existing data. If your database includes subscribers you cannot prove physically opted in you might not be able to send them emails anymore.
As well as the rules being stricter, so will the penalties of non-compliance. Penalties for businesses who do not adhere to the rules could be fined up to 20 million euros or 4% of the company’s total global annual turnover, whichever is the higher.
So what do you need to do specifically for e-newsletters?
- Unless you can prove with written documentation that everyone on your newsletter list has consented, you will need to re-contact and gain their consent.
- When adding new contacts, ensure you have their written consent – a quick email asking them to confirm, or use the built in automation within your e-newsletter software.
- If you are gathering contact via paper, e.g. at a trade show, then ensure they ticket the box for newsletter when providing their details. These papers then need to be kept; we recommend scanning and storing on Dropbox for our clients.
It is probably most sensible to start these tasks sooner rather than later when every company in Europe will be trying to re-validate their customer data!