Wondering what are the Europe GDPR Requirements for Email Marketing?
Want to make your Email Marketing campaigns GDPR compliant and avoid heavy fines and penalties?
Do the GDPR Requirements even apply to you?
Well, as I’ve discussed already in the previous articles, it does not matter if you don’t even dwell in the EU. If your visitors include people from this part of the world then you can face the brunt of the General Data Protection Regulation (GDPR).
New GDPR legislation has been brought in to help give customers more control over their data. This has led to many businesses getting data consultancy to not only make sure they’re compliant but also to find the patterns behind their business’s operations and convert them into effective actions.
It can be harder to make the necessary changes to become compliant, especially if you have any ongoing email campaigns.
And that’s quite obvious since you’re collecting email addresses and other information that can locate your subscriber, hence deemed as private information and therefore, GDPR safeguards apply to it.
So it’s necessary that not only your blog or website but the email campaigns are also GDPR compliant.
In this article, we will learn how to make your email campaigns GDPR compliant in general, as well as how to achieve this compliance as a user of the email marketing software, GetResponse.
However, before jumping right in, just in case you’re not aware of nuances of the
What Does Europe GDPR Requirements Have To Do With Making Money Online?
A very valid question.
After all, you visit this website to learn about making passive income online.
To learn and even imagine that how can you make hundreds or even thousands in a day to get some dopamine going in your body and hitting the right centers so that you can enter into this blissful trance for a couple of days where you imagine yourself rocking in a hammock on a sunny beach in Hawaii.
You’re not here to read some boring stuff littered with heavy legal and technical jargon. Right?
Well, I’m afraid that sometimes one has to swallow the bitter pill.
A successful person is not the one doing all the crazy and exciting stuff but he’s the one who spends his days and nights sorting out the repetitive chores and taking care of the boring stuff.
So coming to the question that why is it necessary to follow the EU GDPR Requirements to make money online?
Well, more than making money, you have to do it to save it as not following these regulations may cost you big time in form of fines and penalties and as they say that a penny saved is a penny earned, following these regulations can keep you from losing your precious pennies.
How will GDPR Affect your Email Marketing Campaigns?
The underlying principle of the GDPR legislation is unambiguous, clear, and explicit consent. This applies to all the facets of the web. Wherever the data of the users is being collected, stored, tracked, and processed. Doesn’t matter if it’s a blog, contact form, or even the email opt-in forms.
You need to be clear about your intentions of how and why the information is being collected.
This obviously impacts your email marketing as well as you now have to bring some changes in the way you seek, obtain, save and manage the
What this means is that when you collect information from your subscribers, you need to be wary of the following:
- New subscribers opt-in rules
- A system to track user consent
- Allowing your subscribers to request, edit and/or delete their information.
Given the above basic requirement, the following best practices are recommended:
Best Practices for GDPR Compliance
1. Always go for double opt-in
A single opt-in is when a user submits his/her email address and other information in the opt-in form and subscribes and gets subscribed to your email list immediately. There’s no additional confirmation received from the subscriber. The mere act of entering his information in the form is considered
To keep the risk of exposure at a minimum, the best practice is to always go for the double opt-in forms in your email campaigns.
What this means is that whenever the visitor subscribes to your email list, send them a confirmation email inquiring if they’re sure they want to subscribe.
Note that just sending an email to confirm the subscription does not constitute confirmation or consent. The subscriber needs to express his consent by performing a certain action (say, clicking a link).
If you’re a GetResponse user, I’ve written a separate article about how to create double opt-in forms in GetResponse? I hope you’ll find it useful.
2. The Disclaimer Fonts Should Be The Same Size As Your Normal Fonts On The Form
Instead of shoving the disclaimer or disclosure text somewhere in the corner and making it microscopic to save space, the font size should match the other fonts on your form.
As far as the font color is concerned, ideally, you should match the scheme of the overall form but make sure that you choose the color that does not make it invisible on the form. Such as keeping the background color and the text color the same.
3. Leave The Consent Checkboxes, “Unchecked”
Obviously, if you need explicit consent from your subscribers, you need to add certain checkboxes seeking their permissions to receive, say, periodic updates from you.
Now, what some webmasters do is that by default, they leave those boxes checked thus banking on the laziness of their subscribers who won’t even notice it and therefore, will end up as consenting subscribers.
However, you cannot do it anymore as you now need to leave the boxes unchecked so the true consent is when the subscriber actually checks the consent box himself.
Here’s an example of such a subscription form.
4. Review and Disclose your Data Practices
Well, as per the new Europe’s GDPR Requirements, You need to disclose your data practices which state what information you collect and how do you intend to use it.
5. Allow users to download, delete or modify their information
Your subscribers should be able to download, delete or modify their information in your database. This does not necessarily mean providing them with the interface to doing so. They can simply send you an email and you should oblige by it.
6. Keep a complete audit trail of how the user information ended up in your database
This information includes how the user subscribed to your email list, their location, consent history, and basically every piece of information that’d constitute as
In other words, if need be, you should be able to present enough information to prove that proper consent was received related to any particular information.
If you follow the above practice, you’d significantly reduce the risk of being prosecuted under the breach of GDPR compliance.
While you wrap your head around the above best practices, I believe it’s best to discuss a
GDPR Compliance – Frequently Asked Questions
Question 1. Does the GDPR compliance Only apply to the subscribers enlisted after May 25th, 2018?
NO. The GDPR law applies retrospectively to the subscribers who became part of your list even before this law saw the light of day.
What you can do now is to send your subscribers a confirmation email seeking consent if they want to be a part of your list. No response from them should be considered as a disagreement.
Question 2. Can you now buy email contact lists?
Many email marketers rely on third-party lists to convey their “message”. So the big question is, is this allowed under GDPR?
For me, it’s a grey area.
Let’s say A buys an email list from B. A creates an email and sends them to the contacts B’s contact list using his own domain. Is this practice allowed now?
Well, it’s highly NOT RECOMMENDED. The reason is that the data processor should be able to demonstrate consent and when you buy the list from a third party, it becomes difficult to prove the agreement or consent.
Let’s say that B indeed sought consent to receive emails from A and any other marketer. Even then A will have to confirm by performing due diligence on his part that the list indeed complies with GDPR.
Or in other words, the mere statement from the seller of data that the list complies with the GDPR does not absolve the buyer from the repercussions.
Under GDPR, it’s the data buyer’s responsibility to carry out due diligence on the seller to make sure:
- The data is current.
- The seller has permission from the individual to pass their data onto you.
- The individual’s consent for your type of planned marketing is valid.
- The consent is recent enough to still be valid.
To understand further, here’s an informative article discussing the same in detail.
Summary – How to Follow Europe GDPR Requirements For Email Marketing?
Before ending this article, it’s best to summarize whatever we’ve learned to make sure that we don’t miss anything important.
In order to make your email campaigns GDPR compliant, you should:
- Avoid, single opt-in subscription forms and use the double opt-in instead. In case you already have a single opt-in.
- The GDPR field should have an unmarked checkbox where the subscriber has to explicitly mark it to express his consent.
- I’d also recommend keeping the color and size of the text of the GDPR field(s) the same as other fields in your subscription form.
- Maintain a proper system of consent-tracking so that you can pull the records easily should you need to perform an audit.
- If you have subscribers from Europe before 25th May 2018, you may need to send them a confirmation email seeking confirmation if they agree to receive marketing emails from you.