The new European regulation on the processing and handling of personal data, known as the General Data Protection Regulation (or GDPR), went into effect on May 25, 2018. We understand many are still confused as to what it means for email marketing.

GDPR (or General Data Protection Regulation), and is essentially a new set of rules designed to give citizens more control over their personal data.

But I’m not in the EU…

GDPR was created for citizens of the EU, but do not think that means you are off the hook if you work in the US.

The regulation affects all businesses, whether or not your customers are located in the EU.

Under GDPR, businesses cannot process customer data unless it’s for a lawful purpose or those businesses have received explicit instructions from the customer to do so.

GDPR requires companies to collect and process data keeps personally identifiable information (PII) secure. Any company that has not been careful will soon find themselves in trouble with the EU.

Any company found to be in violation of the GDPR can be fined up to 4% of their global sales (we are talking well into the millions, and maybe even billions of dollars). Did that catch your attention?

Given recent breaches from seemingly bulletproof companies like Facebook, and the regulation sent most scrambling to update their policies and let customers know they’re handling sensitive info with care.

How Will GDPR Affect Email Marketing?

In a nutshell, it will force companies to take a long hard look at what personal data they’re collecting, and more importantly, how securely they’re storing it.

Personal data is especially prevalent regarding email marketing, given that a good amount of that information is collected during most email signup processes.

GDPR has put more regulations on email marketing than ever before. One of the biggest changes enacted by the new law is the concept of consent. In the past some questionable tactics could be used by marketers to solicit contact information of potential customers without actually receiving real consent. Some tactics included:

• Purchased/scraped lists: Buying or scraping contact information from the internet for people who have never heard from your business and sending them unsolicited emails. While this was often more popular in the late 90s to mid-2000s, we still have seen it happening in the past few years too.
• Opt-out: Automatically subscribing users to your emails when they give you their contact information for any reason (e.g. for a purchase). This places the burden to opt-out on the contact, rather than giving them the choice to opt-in. Many ecommerce businesses are guilty of this.
• Passive opt-in: Giving contacts the “choice” to opt-in, but having the box already pre-checked. This system requires the subscriber to uncheck the box if they do not want to receive emails from you.

According to the GDPR, these tactics are no longer allowed if you have any customers who reside in the European Union. Instead, consent must be clearly given in the form of a positive action (usually this means checking a box). That means marketers are going to have to find new ways to grow their lists.

But, before you start panicking like it’s the end of the world, consider the benefits that the GDPR brings. The new requirements actually present marketers the opportunity to build stronger relationships with their subscribers and customers.

While the tactics I mentioned above might yield a higher number of contacts in your email list, that is not always case and not necessarily the best thing for your business. Many businesses find that after a contact receives an email after being subscribed through one of those methods, the contact eventually — or immediately — unsubscribes because they were not actually interested in receiving your emails.

The key to successful compliance with GDPR is to acquire positive consent. You can be sure that they’re interested in what you have to offer, and this leads to more quality contacts and better engagement rates in your emails.

It is my hope that you are now convinced that following the GDPR guidelines on consent is in the best interest of your business. But wait! I’m sure you are now asking the question, how do you actually acquire proper consent from your contacts at the time of signup?

Here is an infographic from SendinBlue showing you the dos and don’t of creating a GDPR-compliant list growth strategy: