Before we launch into how to plan for the future of your email marketing in a post-GDPR world, let’s quickly take stock of everything we’ve learnt so far.
So, as you can see, we have focussed on what you do with the data you already have not the data you’ll be collecting in the future. The key point here is you will need explicit consent (that must be clear, positive and transparent) in order to send your email marketing campaigns to new subscribers or customers.
We’ve been asked the following question by a number of our clients:
“Do I need to show a customer has checked a ‘tick box’ in every case to add them to my database? For example I have a sign-up box on my website that clearly says ‘Sign-up here to receive our marketing updates direct to your inbox’. The only field is to enter the email address, and if they don’t want to be contacted, they don’t have to subscribe.”
Here’s what the legal team at Stephens Scown told us:
“Explicit consent is needed: it must be clear, positive and transparent.
“Alongside this, demonstrable positive action is required. For instance, the contact must have taken a positive step to indicate they want to subscribe. You cannot, for example, run an opt-out system. How you get explicit consent really depends on how you are collecting the data and what you are using it for.”
We’re well aware this could detract from the beautiful looking sign up form you currently have on your website. Our advice here is, if there is limited space on your website in which to add this text, consider swapping the enews subscription box for a ‘Call To Action’, which links to a landing page where the form is contained, with the details of how the data will be used. You could also include a preference centre on this page which allows the subscriber to tell you exactly what they want to hear about and enables you to ensure you’re sending out the right message to the right people. Automated emails can be used on successful submission of the form, as long as it is clear this will happen before they subscribe.
If a subscriber is using a contact form, entering a prize draw or making a purchase, best practice dictates that moving forwards, there should be an addition of a ‘tick box’ (definitely not unchecking a prefilled box) to confirm they would like to receive email marketing with details of content and frequency.
Finally, with many fear-mongering articles out there warning of fines up to €20 million (or 4% of worldwide turnover, whichever is higher) for non-compliance, another big worry many people have for the future is what will happen if they continue sending emails to subscribers who they can’t prove have checked a box to give consent to receiving email marketing.
The key thing to remember here is most people will already be compliant, or near compliant if they have been operating best practices under the DPA, and in line with the current Privacy and Electronic Communications Regulations. However, everyone should be checking and verifying their own position and taking steps to rectify highlighted areas, which is not just permission, but also storage and transmission of data, as well as passwords and access.
In short, if you think you’re sailing close to the wind, then you probably are!