Data collection is integral to every email marketing strategy—and the rules have just been changed. The General Data Protection Regulation (GDPR) legislation was enforced in the European Union (EU) in May 2018, disrupting third-party data collection. But it doesn’t just affect Europe—any company with a web presence is subject to these regulations.
What is the GDPR?
The GDPR is Europe’s new data protection laws, affecting how companies can process and handle personal data. It’s purpose is to give EU consumers greater protection rights against companies collecting data.
Who does the GDPR affect outside of Europe?
If your business markets your products or services over the Web, it’s subject to these data protection laws. This basically affects any company in e-commerce, hospitality, travel or the software service industries, along with any business that’s identified a European market.
How does the GDPR affect B2B marketing practices outside the EU?
Marketers will need to take a much closer look at data permission, data access and data focus. And failure to maintain GDPR compliance is no joke. Companies can receive up to a 4% fine of their annual global revenue for failure to report a data breach.
What marketers need to know about the GDPR:
No more automatic email opt-ins.
When it comes to email marketing campaigns, data permission is a big area marketers will have to address. Regarding data permission, email opt-ins now must contain a ‘clear affirmative action’. This means people need to physically confirm that they want to be contacted, eliminating the use of pre-ticked boxes that automatically opt them in.
Here’s an example:
You can’t market to referrals.
A popular marketing strategy, “refer a friend” programs usually require a prospect or customer to give the company a friends email address in order to receive an offer—typically a discount or bonus. In order to stay GDPR compliant, the referee’s email address cannot be stored or processed. An initial notification can be sent to them after the referral, but no marketing material or follow-up may be sent unless the referee gives explicit consent to contact them.
Users must be able to remove personal data themselves.
Regarding data access, all EU citizens now have the “right to be forgotten.” This means that individuals have the right to request removal of personal data from the Internet. In terms of marketing, marketers must make sure users have clear ability to access or remove their personal data for marketing use—such as having an “Unsubscribe” link and giving the user access to email preferences.
You need to justify all personal data collected.
The GDPR legally requires you to justify the processing of all personal data you collect. This means marketers need to decide what data they actually need versus what would be “nice to have”. For example, while it may be nice knowing your prospects age, if you can’t prove why that data’s needed you’re out of compliance.
Consumer protection rights are becoming more and more serious, so make sure your business is compliant in every aspect. Understanding these new data collection laws will help you avoid significant fines and a damaged reputation down the road.