Irina Ivan - Digital Consultant

2iVisio Blog: insights on design, digital marketing, user experience

By: Irina Ivan | May 11, 2018

May 25th, 2018 is the deadline for companies dealing with users personal data to comply with the new General Data Protection Regulation, shortly known as GDPR.

There are many resources explaining the measures each company has to take, depending on the industry it operates in. Many companies, however, regardless of the industry, use e-mail as a means to communicate with their customers or potential customers, market their services or products to them. And because the e-mail address is part of the user personal data and falls under the new regulations, the first step for businesses to keep their email marketing campaigns rolling is to adhere to GDPR when it comes to how they get the consent to contact people by e-mail.

Why is consent a sore spot for e-mail marketers?

Until now, an e-mail address stored in the contacts list meant one more message good to go. Storing an e-mail address didn't raise any problems at all: pre-checked boxes, sign-up based on social media accounts, over-sophisticated terms and conditions and many other similar practices fuelled e-mail marketing on a more or less legal and ethical base with the one thing they needed to get started – recipients.

The days when you can still elude straightforward consent for using the e-mail address in marketing are counted. According to the 4th article of GDPR, consent is a “freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

In practice, email marketers will find themselves no longer able to rely on emails provided without the owners being presented the perspective of receiving regular messages in their inbox.

What type of e-mails you need to let go of to become GDPR compliant

The category of emails you will need to discard from now on includes (but it's not limited to):

  • emails provided on very different stated purposes: e.g for downloading a white paper or for being contacted by the customer support about a specific problem

  • e-mails from users logged in with their Facebook, Google or other social media account, who granted you the permission to collect their e-mail address, without being explained what the e-mail will be used for. The challenge will be to re-adjust the quick login flows based on social media accounts so they can include a request for the explicit consent to subscribe to newsletters. So far, haven't seen many adjustments here and big names handling millions of users data still don't explain to the users that their e-mail will be used for establishing a communication with them. Moreover, the user's preference to receive emails is by default enabled after logging with Facebook.

Consent for e-mail address processing as a result of signing up with Facebook
  • e-mails from users who had the option to receive emails pre-checked when filling in an online form

  • e-mails from users who had the option to receive e-mails as the default one and could only choose to withdraw consent. (in this case, the consent expressed as a clear affirmative action is questionable).

Subscription to newsletter on sign-up forms

The consent is not GDPR compliant unless you can prove it

Apart from being freely given, specific, informed and unambiguous, the consent must also be traceable. This means that, in order to market your business to someone by e-mail, you'll have to be able to prove that he/she expressed their consent.

This new regulation pushes businesses one step further towards digitalization. So, if you think that changing business cards with several people during a networking event makes them automatically eligible to be part of your e-mailing lists, forget it. Each business that wants to keep communication by e-mail with their customers or leads alive, needs to invest in processes and technology that will help them log the users' intent to receive emails.

What to do if the e-mails in your list were not obtained according to GDPR standards?

The answer is simple: you ask for a re-consent.

Contrary to some widely spread opinions, GDPR doesn't make it an obligation for businesses to ask for re-consent if the consent obtained before GDPR era is compliant with the new regulations.

“Where processing is based on consent pursuant to Directive 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation, so as to allow the controller to continue such processing after the date of application of this Regulation” .

Recital 171 EU GDPR

Asking for the re-consent will be one of the biggest challenges e-mail marketers will need to overcome, the main fear being that many of their contacts will no longer re-consent and therefore they'll not be eligible anymore for their campaigns.

Looking on the bright side, GDPR offers email marketers the opportunity to rebuild relations with their recipients, create more engaged audiences and focus on the quality rather than quantity.

To learn more on the adjustments you'll need to make, read also our guide for helping e-mail marketers become GDPR compliant.


Be the first to comment ...

Post a Comment