GDPR: What Europe’s New Privacy Law Means for Email Marketers

Currently, local spam regulations in the European Union (EU) differ significantly from country to country under the Directive on Privacy and Electronic Communication (also known as the EU E-Privacy Directive). While the E-Privacy Directive outlines overall goals, each member state is free to translate these goals into local law. The result: Different email laws for each of the 28 EU member states.



The General Data Protection Regulation (GDPR), the EU’s new privacy law, aims to bring order to a patchwork of privacy rules across the EU. As GDPR is a regulation, not a directive, it has binding legal force and will be immediately enforceable as law in all EU member states on May 25, 2018. Greater consistency across European countries should be great news for all email marketers, but GDPR also comes with quite a few changes that impact the email industry.

We sat down with some of the leading experts in the field of email and privacy law to talk about the nitty gritty details of GDPR, and what the new regulation means for email marketers.
………………………………
 OUR EXPERTS:
James Koons — Chief Privacy Officer at dotmailer
Andrew Bonar — co-Founder, Deliverability Ltd
Tim Roe — Deliverability and Compliance Director at RedEye. Leader of the GDPR working, email council of the DMA.
………………………………

WHO DOES GDPR IMPACT?
GDPR will affect every company that uses personal data from EU citizens. If you’re collecting email addresses and send email to subscribers in the EU, you’ll have to comply with GDPR—no matter where you’re based.
 
The UK, Germany, France, and other European countries represent valuable markets for many brands. But it’s not just the strategic importance of the market that makes GDPR important for all marketers, it’s also the large number of citizens that the new privacy law will protect.

WHILST CANADA AND THEIR RECENTLY INTRODUCED CANADIAN ANTI-SPAM LEGISLATION (CASL) WERE SEEN TO BE TOUGH BY SOME, THEY APPLIED WHEN SENDING TO ABOUT 35 MILLION INDIVIDUALS. WHEN SENDING TO BUSINESSES, THERE ARE LOOPHOLES, SIMILAR TO THE AUSTRALIAN REGULATION. COMBINED, AUSTRALIAN AND CANADIAN LEGISLATION SAFEGUARD LESS THAN 60 MILLION PEOPLE. 750 MILLION PEOPLE WILL FALL UNDER GDPR’S PROTECTIVE FRAMEWORK, WHICH IS 10 TIMES AS MANY PEOPLE—AND EUROPEAN LEGISLATION EXTENDS ALMOST THE SAME LEVEL OF PROTECTION TO BUSINESS MAILBOXES.

– ANDREW BONAR


WHAT CHANGES WILL GDPR BRING FOR EMAIL MARKETERS?
GDPR touches several aspects of email marketing, especially how marketers seek, collect, and record consent. Here’s what every email marketer needs to know:

STRICTER REGULATIONS FOR COLLECTING CONSENT
With GDPR in place, marketers will only be allowed to send email to people who’ve opted-in to receive messages. While this has already been the case in most European countries under the EU Privacy Directive, GDPR further specifies the nature of consent that’s required for commercial communication. Starting in May 2018, brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR.

GDPR CLARIFIES THAT AN AFFIRMATIVE ACTION SIGNALING CONSENT MAY INCLUDE CHECKING A BOX ON A WEBSITE, ‘CHOOSING TECHNICAL SETTINGS FOR INFORMATION SOCIETY SERVICES,’ OR ‘ANOTHER STATEMENT OR CONDUCT’ THAT CLEARLY INDICATES CONSENT TO THE PROCESSING. ‘SILENCE, PRE-TICKED BOXES, OR INACTIVITY,’ HOWEVER, IS NOT ADEQUATE.

– JAMES KOONS

In addition, the signup process must inform subscribers about the brand that’s collecting the consent and provide information about the purposes of collecting personal data.

THE GDPR DEMANDS THAT THE RECIPIENT IS PROVIDED WITH ADEQUATE INFORMATION ON HOW THEIR DATA WILL BE USED. FOR EXAMPLE, IF YOU INTEND TO PROFILE SOMEONE’S DATA TO DETERMINE WHAT OFFERS THEY RECEIVE, YOU MUST NOW TELL YOUR CUSTOMER THAT IS HOW YOU INTEND TO USE THE DATA AND GIVE THEM THE OPPORTUNITY TO OBJECT.

– TIM ROE

Put together, many practices that marketers previously used to grow their database won’t be compliant under GDPR. Someone left their email address to download a whitepaper or provided their contact information to enter a contest? If you didn’t tell them you’d use their personal data to send marketing messages—and if they didn’t actively agree that it is okay to use their data for that very reason—it won’t be legal to add those email addresses to your mailing list.

NEW REQUIREMENTS FOR CONSENT RECORD KEEPING
The GDPR not only sets the rules for how to collect consent, but also requires companies to keep record of these consents.

UNDER THE GDPR, THE BURDEN OF PROOF THAT SUFFICIENT CONSENT HAS BEEN GIVEN LIES WITH THE COMPANY. THIS MEANS THAT YOU WILL NEED TO PROVE AND SHOW REASONABLE EVIDENCE THAT YOU HAVE COMPLIED WITH THE GDPR IF YOU ARE CHALLENGED.

– TIM ROE

In some countries like Germany, the burden of proving consent has always been the responsibility of the company that collected the opt-in. For many other marketers, however, this requirement is a new challenge to tackle.

STORING CONSENT FORMS IS SOMETHING THAT MOST DATA OWNERS HAVE NEVER HAD TO DO BEFORE, BUT IN THE FUTURE, ALL FORMS WILL HAVE TO BE PRESENTED IF REQUESTED.

– JAMES KOONS

I SUGGEST IT WOULD BE SENSIBLE FOR MARKETERS TO INCLUDE A SCREEN GRAB OF THE PAGE OR APP WHERE THE CONSENT WAS OBTAINED. THAT IS SOMETHING YOUR PLATFORM IS NOT LIKELY SUPPORTING OUT OF THE BOX TODAY.

– ANDREW BONAR

GETTING YOUR EXISTING DATA UP TO THE NEW STANDARDS

Read The Full Article
 

0 Comments Write your comment

    1. Loading...