Have you heard about the GDPR?
Or the General Data Protection Regulation?
The GDPR, while essentially an EU law has the potential to impact all businesses globally. So, if you haven’t paid much attention to it yet, please read on. This information is really important and it will help you protect your business.
Disclaimer: Please note that I’m not a lawyer. This is not legal advice. The information I’m sharing with you has been sourced from other channels. It’s aim is to help you with your email marketing activities. I encourage you to search for more information online or seek legal advise on how it applies to your business.
What is the GDPR?
GDPR stands for the General Data Protection Regulation. It is a privacy law from the European Union (EU). This law will come into effect on 25 May 2018.
What is the aim of the GDPR?
The GDPR is designed to provide greater protection to your personal information, including how it’s collected, stored, and used.
There are strict requirements placed on companies that possess the personal data of people located in the EU.
Who does it apply to?
It applies to anyone or any business who collects data from residents of the European Union. This includes your email list and website data.
The GDPR will come into effect from 25 May 2018.
It is important to note that the GDPR applies retroactively. This means that it applies to anyone from the EU who joined your email list in the past and are still on your list.
My business isn't in the EU, why does it apply to me?
Firstly - it doesn’t matter that your business isn’t in the EU.
If you have European residents as email subscribers or customers, or if you have the possibility of having them signing up to your email list, the GDPR applies to you.
Failing to comply by 25 May 2018 could cost your business a lot of money. There are fines of up to €20 million or up to 4% of your annual global turnover depending on the severity of the breach.
How does it apply to my email marketing activities?
In a nutshell, you cannot email any European resident if they didn't specifically sign up for your emails. And this applies even if they signed up to receive a freebie.
This means that if people signed up to download an opt-in gift from you, that's the only thing you can send to them. You cannot send any other information, newsletters or promotions without further permission and explicit consent.
What do I need to do?
Basically, you need to email all your European subscribers or any subscriber from an unknown location. And you need to ask them if they give you their permission to continue sending emails to them.
You need their confirmation before 25 May 2018.
If you don’t receive confirmation then you need to DELETE them from your list.
What else should I do?
Update your email sign-up process to make sure any European resident who subscribes consents to receiving your newsletters and promotional emails too.
Make sure separate consent is obtained for each purpose. Your subscribers have to clearly request to join your email list and receive emails from you.
Don’t ask for more information than you actually need. This means if you’re building an email list, you only need the first name and email address.
Make it easy for subscribers to change or delete their information at any time. And make sure you have a clear and working “Unsubscribe” and “Edit your preferences” options in your newsletters and promotional emails.
If someone unsubscribes from your list, then you must delete them and never email them again. The exception is only if they subscribe to you again.
Keep records of people’s consent.
Make sure the email marketing software you are using is GDPR compliant and that they have a compliant data processing agreement in place.
If you’re using email marketing, don’t be discouraged. If you keep building a good relationship and providing content of value, then your readers will want to stick around.
If they don’t want to hear from you, that's okay. You, I’m sure, will have heard me say “quality over quantity” before!
Although this can all sound a bit challenging, this regulation should protect us all. And in the long run, the people who give you their details are the ones who really want to hear from you. They are the people who value what you do and what you have to say.
I hope you found this helpful. You can read more about the GDPR and how it applies to Australian businesses on the Office of the Australian Information Commissioner website.
If you have any questions feel free to reach out and I'll be happy to help