GDPR & email marketing

GDPR (General Data Protection Regulation) is coming into effect in May and this will have an impact on organisations who collect and use personal data. A classic example of such usage is where businesses have an email newsletter signup on their website – if that sounds like you, read on.

Disclaimer: we are not GDPR legal experts so this is our ‘common sense’ web perspective angle. However,  coming up next, we’ve got a post from Tony Dowling, of the GDPR Alliance.

Note: some businesses are telling themselves “oh, we’re B2B. So it doesn’t effect us“. They are wrong. Don’t put your head in the sand.

Firstly, from my reading of GDPR, a lot of it should be common sense:

  • you can only email people stuff if you have their formal ‘consent
  • Make sure that people are aware of what they are signing up for. You can’t change the goal posts later on (not without asking for consent again).
  • If people want to unsubscribe, let them – and make sure they stay unsubscribed

Note: there is a grey area with what is classed as legitimate practices as you go about your business; however, if you ask me, consent is key.

If your email list has been generated via the ‘double optin’ method (see next), then that’s a very good start.

Double Optin

Single optin is where a person visits a website, puts their email address in the ‘newsletter signup’ box and, hey presto, they are signed up to receive future updates. The flaw to this approach is that you could put in ‘[email protected] and, unless that is Mark Zuckerberg is the person in question, then you have signed him up for something he didn’t want – urgh!

Double optin gets around this by taking an extra step – in this scenario, when you put ‘[email protected]’ into the newsletter signup field, a system then emails you, telling you what you have signed up for, and makes you click a link in the email – and until that link is clicked, you are not opted in; this is a much more fool proof method. Why doesn’t everyone do this already? Because it’s an extra step and most people won’t put it in place unless they are forced to – well now you are.

What to do

So, if you’ve got an email list which you are not 100% that everyone has fully given their consent, then you’ll need to address that as part of your steps to GDPR compliance.

We’ve been running since 2001 and have amassed a considerable email list over time, so, to clear that up we are doing a ‘data cleanse’ where we:

  1. Treat all the email addresses as having an unknown consent state
  2. Send a finite series of emails*, all which try to encourage consent
  3. If they give consent, they are back on our full (alebeit reduced) email list
  4. If they don’t do anything, they are automatically fully unsubscribed
  5. Finally, amend any current website signup  forms to be compliant/use double optin etc.

(*I admit it’s a little chicken and egg as, if we’re unsure of consent, why are we emailing them. However, I’m hoping that common sense prevails and anyone investigating can see that this is part of a documented, cleansing process).

We use a powerful CRM, email marketing, automation system called Active Campaign. Active Campaign allows us to create the above steps as an automated process. In the screenshot below (from a client’s Active Campaign account), you can see we have a flow chart of steps which will automatically be taken, with set delays (“Wait for 1 week(s)”), and then alternative action is taken based on what the user has (or has not) done.

Closing Thoughts

Whilst the above does not give you GDPR Compliance (as that has wider reaching implications, which the next blog post will touch on more), it does ensure that your email list is clean in terms of consent.

Hope that helps

Joel

 

Tags: , , , ,
No Comments

Leave a Reply