GDPR for email marketing purposes

By the 25th May 2018 all companies in the EU will be getting GDPR ready but what does this mean for your business and how do implement these changes?

We take the first steps by giving you a simple insight into the process of becoming GDPR compliant for the purposes of email marketing.


Where do I start?

The best place to start is by asking yourself how you obtained your current contact information. If the answer is off the back of a business card or from an unknown source you had better get deleting and start from scratch.

GDPR guidelines set a high standard of consent and you need to ensure that you are being clear to your audience about how their data will be used, and it doesn’t stop there…they need to be able to physically opt in.

The next place to look at is your contact forms on your website. Any form that can obtain contact details from an individual must have a tick box which enables them to opt in. It should also have a privacy statement clearly stated next to the tick box – this is explained in more detail below.


Opting in explained

Opting in isn’t as simple as just ticking a box, you must have a clear privacy statement that customers can understand next to the tick box which informs them of how you are going to use their data.

The opt in privacy statement must also state how long you intent to store an individual’s information for. This must be realistic and may vary due to the nature of your organisation. For example, someone who is running a series of events for a whole year may have reason to obtain information for that period of time. Someone who has just bought one product off the internet and opts in doesn’t really have a life span so we suggest in this instance sending an opt in e-mail every six months will be sufficient.


What happens next?

This is what we call the double opt in – customers will now need to validate their information by being sent an automatic opt in email which asks them to confirm they are happy to be sent future information from your company. This email must also give full details of your privacy information to be compliant.


Are there any tools that can help me do this?

There are many email marketing software tools available to help you send automatic replies. The most common one which you may have heard of is MailChimp. Tools such as MailChimp allow you to send an automatic reply to the person signing up which gives them all the relevant information and asks them to confirm their details.


The privacy statement

Your privacy statements must adhere to the GDPR guidelines and must be very specific. Privacy statements must disclose the following:

  • How you intend to use the data
  • How long you intend to store it for
  • The right to be forgotten
  • How they can complain if they feel their data hasn’t been handled correctly


Allowing individuals to be forgotten

Once you have completed the steps above you must ensure that it is made clear to individuals that they have the right to be forgotten at any time. Once they opt out you must ensure they are sent an email telling them that they will have been deleted from your database(s). If you do not respond within 72 hours you could be reported, so it is extremely important that you follow this process.

If this blog interested you, you may wish to read out latest blog on growing your email marketing list.For further advice on how to become GDPR compliant please contact us here.

Author: Dave Williams

Dave Williams is the founder and director of onefoursix; a digital marketing agency based in Northampton. After setting up onefoursix in 2011, Dave has gone on to grow it to one of Northampton’s finest agencies. His expertise include social media, user experience and SEO.

Share this Post