GDPR, What It Means for Your Marketing List

By Sarah Renard, Senior Marketing Coordinator

It’s that time again, to send your monthly or quarterly company e-newsletter to your list of hundreds, if not thousands of subscribers. So you go through your routine of adding new clients/prospects/contacts since your last e-mail blast to your existing list, build your newsletter and click ‘send’ then move on to your next ‘to do list’ item. Unfortunately, the recent GDPR regulations may cause a hiccup in your routine.

GDPR (General Data Protection Regulation) is the reason your inbox is filled with e-mails from all the websites you subscribe to or visit frequently letting you know they’ve updated their privacy policies. Please refer to our previous article, GDPR – Just Media Hype?, for an overview of GDPR, and how it may affect your company. If your mailing list includes contacts (clients, prospects, referral sources, etc.) in the EU, chances are there are some action items you should be taking.

From a marketing standpoint, GDPR is most concerned with your EU prospects and non-client contacts. GDPR is based on the actions of obtaining, maintaining and using EU contacts’ personal information, so in regard to existing client data, it’s understood you’re maintaining their data under a lawful basis. In other words, you need their information to fulfill your contract. However, if you’re collecting marketing related content, it’s always better to err on the side of caution and obtain consent to send them e-mail marketing campaigns.

When it comes to your prospects and other marketing contacts where maintaining their personal information doesn’t fall under lawful basis, then you need to obtain positive consent or delete their information. The deadline to obtain consent was May 25, 2018, so in theory if you did not receive consent from these contacts by then, it’s best you remove them from your records.

GDPR has a lot of moving parts and there’s a lot to comprehend but from a marketing perspective, here are a few items to get you started:

  1. Go directly to your e-mail marketing company (i.e. MailChimp, ConstantContact, ActiveCampaign). More likely than not, they already created all the tools you need to remain compliant, including GDPR compliant signup forms, e-mail templates, etc.
  2. Include an easy to read and find “Unsubscribe” link in all of your e-mail campaigns, and if someone unsubscribes, be sure to honor their request and unsubscribe them within 10 days.
  3. When obtaining consent, pre-checked boxes are not allowed.
  4. Silence is not considered consent. If you requested consent from contacts prior to May 25, 2018, and didn’t hear back, it is assumed they did not provide consent.
  5. When you do obtain consent from an EU contact, maintain proof and record of the consent.
  6. Consent only has to be given once.

Stay tuned for our next GDPR article, where we’ll dive into the roles and differences between a data processor and data controller.