Chances are, your email inbox has been full of companies you have long since forgotten about, pleading with you to resubscribe to their email list in advance of the introduction of GDPR later this month. And while, as a consumer, this may be a temporary annoyance, as a business owner, you may be wondering if you should do the same.
So, here’s what you need to know about email marketing consent under GDPR. It needs to be “freely given, specific, informed and unambiguous”. If you are already working on a system that meets these criteria, then you are good to go. If you are not or you are not sure, then you may need to resubscribe your email list to be on the safe side.
To help you decide whether or not your current subscription process meets the GDPR standard, here is a brief guide to each of these four points and what they could mean in practice.
This is arguably the most self-explanatory of the criteria. People must choose, voluntarily, to receive your emails, you must neither trick them into handing them over or coerce them into doing so. This means, for example, assuming consent unless an individual actively opts out, will be a complete no-no and if you have previously added people to your list because they made a purchase or sent you a query, you need to get on top of correct compliance.
This includes in situations where an individual is entering a competition, which means that from the end of this month it will no longer be legally possible simply to tell someone in the terms and conditions of the competition that their email will automatically be added to a marketing list from which they are free to unsubscribe.
Again, this is fairly self-explanatory, it essentially means that consent to receive marketing materials needs to be unbundled from other forms of consent such as agreeing to standard T&Cs and/or agreeing to receive another form of update, such as when there is a new release of a product a customer owns.
If you are used to getting email subscribers by offering a free ebook, for example, you will also need to be more explicit. If somebody gives you their email address so that you can send them the freebie, they have not necessarily agreed to be on your mailing list, too. Be specific with the sign-up boxes and forms you use.
This means what it says: individuals need to be clear about the manner in which their data will be used and the purpose for which it will be used. Marketers should note that there are special rules for children, which essentially mean that they are considered incapable of giving informed consent and hence to be GDPR-compliant you need to demonstrate that you have taken reasonable steps to verify that a parent/guardian has agreed to their data being used for the purpose for which it has been collected.
The final point really encapsulates all of the previous points and, indeed, the driving force behind GDPR. In simple terms, GDPR essentially puts the individual clearly in charge of their own data and supports their right to control how by whom and for what it is used. Data subjects can only do this if they are given all the information they need to make an informed decision in terms they can understand or, in other words, in plain English printed, or displayed clearly.