Consumers are concerned about their privacy when they do business with companies online. And for good reason. Personal information has been stolen or sold; financial information has been compromised. Over time, consumers have felt less and less in control of their data and who has access to it. At the same time, marketers are developing digital campaigns that include collecting personal data from users.
Governments have responded with regulations for personal data protection. One of the most important and thorough sets of regulations has come from the EU, in the name of General Data Privacy Regulations (GDPR).
Any company doing business in citizens of EU countries (internal or external) must comply with these privacy protection regulations or face potential fines.
What are the Basics of GDPR Requirements?
- Companies must get the consent of EU citizens before they collect and store their personal information.
- Businesses must clearly inform users and customers if their personal information will be shared with third parties, such as affiliates. Customers/users have the right to refuse to have their information shared with third parties.
- If a breach should occur, companies have 72 hours to inform their users/customers.
- Users may request their data profiles, and companies must supply them. This will include all data that has been collected about them.
- Users have the right to request that all of their personal data be deleted from a company’s system.
- There are regulations regarding website security measures that companies must put in place related to personal data collection.
- Companies of a certain size must have in-house data protection officers.
Email Subscriptions Fall Under GDPR Regulations
Multipe studies have demonstrated the value of building email newsletter subscriptions for retention and revenue diversification. Admiral’s email growth solution has helped publishers add 1000’s of email subscriptions quickly, and can do so in a GDPR compliant manner.
Example of Digital Trends using Admiral VRM platform to offer choice of email signup or unlocking ad revenue:
If you offer an email subscription, then you will want to squarely include your GDPR compliance requirements in each newsletter to demonstrate your integrity and maintain your reputation. Users will feel comfortable and far more trustful having an easy method of exercising their options each time they receive your emails.
It’s All About User Consent and Choices
There is no doubt that email campaigns reap big benefits. Research shows that these campaigns have an ROI that beats most other forms of marketing. But new GDPR regulations will come to play as these campaigns are designed and implemented.
As you look at being fully transparent, take a look at what your emails have and do not have relative to GDPR compliance. Here is a list of best practices:
- You have a secure method for collecting and storing personal data on your website. (Admiral email signup automation can help.)
- You have a request for user consent to which they must respond to begin receiving your emails.
- Your consent to opt-in is in a simple common language that anyone can understand. This can be a challenge if you have been writing policies containing legal language and style.
- During the opt-in process, you have explained in detail what the subscriber will receive.
- You have separate opt-in consent for emails other than your newsletter.
- You have disclosed if third parties will have access and have given the option for a user to refuse that sharing.
- You have made it easy and quick to unsubscribe. When they click that “unsubscribe” button, they are assured that their personal data will be removed from your system.
If you are missing items on this list, then you should take steps to correct them.
3 Critical Steps for GDPR Compiance for Email Newsletters
Here are three steps you can take to ensure that your emails are GDPR-compliant:
1) Include Proactive Email Subscription Opt-In
Users give consent by opting to receive your emails on your website and/or blog. You have an option for a single or a double opt-in process. Whichever you choose, there are things you should do to be GDPR-compliant.
Single Opt-Ins: the user will subscribe through a single form.
A double opt-in shows further proof that your subscriber has signed up. An additional point might be added that if the confirmation is not provided, the consumer’s personal data provided in the first opt-in form will be purged from the company’s system.
2) Clear and Easy Newsletter Unsubscribe Option
GDPR requires that companies provide the option for users to unsubscribe. Each of your emails should have an unsubscribe button. When a subscriber clicks that unsubscribe button, he should be taken to a confirmation page that tells him his data will be removed from the company’s list. Many unsubscribe features do not include it. You should.
Here’s a typical easy unsubscribe option from LaddyGo.com, a women’s clothier:
It’s easy to unsubscribe, but what does “from the newsletter only” mean? Can LaddyGo still send emails offering special savings? Probably.
Users should be given the option to unsubscribe from all types of emails if you send more than just your newsletter to subscribers. Here is an email preference list from a grocer that lets subscribers choose which types they wish to receive:
3) Tell Users How Their Data is Secured and Shared
GDPR requires that you inform your site users that when they do subscribe to any of your emails, they know that their data is securely stored. Further, if you do share their information with third parties, they must be informed.
To prove full compliance, this information should be disclosed during the opt-in process, not just in your policies. And always, users must be given the choice to opt-out of their data being shared with others
These three steps will ensure that you are in GDPR compliance as you proceed with your email campaigns.
Editor-in-chief at Subjecto
Admiral helps digital publishers grow visitor relationships via adblock recovery, per-site subscriptions, multi-site subscriptions, email subscriptions, social subscriptions, privacy consent and more, powered by Admiral’s one-tag, one-vendor, one visitor experience Visitor Relationship Management (VRM) platform.