In May of this year, the European Union’s (EU) new General Data Protection Regulation (GDPR) came into effect with more compliance changes on email marketing in the UK in an effort to protect the data and fundamental privacy rights of all EU citizens. The Census noted that only 30 percent of respondents said that they were in compliance prior to the implementation of the GDPR. Only 47 perfect state they are currently in compliance. And, as much as 23 percent were not even aware of the legal changes that might affect their email marketing activities.
While there are many updated terms and conditions within the GDPR, we always pay particular attention to consent when dealing with email. The definition of consent has been changed under the GDPR, stating:
‘any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.’ (Articles 4 & 32).
Note, there is not much difference between ‘unambiguous’ and ‘explicit’, so the requirement of a “clear affirmative action” strongly suggests the need for opt-in consent, where pre-checked boxes are not allowed.
In addition, conditional or bundled consent when signing up for another offer is not allowed, and opting out should be a simple process. Proof of consent is required, in which record keeping may be a challenge for some marketers under GDPR. And, as we gather behavioral data on subscribers, we will need to ensure that the subscribers are notified that they are being ‘profiled’ and also given an opportunity to opt out.
As the name suggests, GDPR is a Regulation not a Directive, which means it will go into force across all EU Member States. And whether your business is inside or outside the UK, if you are emailing to a UK citizen, you will need to ensure you are in compliance with this regulation.
For more information o the particulars of GDPR, review the whitepaper entitled, The General Protect Regulation (GDPR), A practical guide for businesses, by Blue Sheep.