Login

Learn about the upcoming General Data Protection Regulation

Attention email marketers: A new regulation has been put in place by the European Parliament, the Council of the European Union, and the European Commission to help protect the personal data of all individuals within the EU. This regulation is the General Data Protection Regulation (GDPR). It was adopted on April 27th, 2016 and will be enforced starting May 25th, 2018. The GDPR will replace the EU Protection Directive which contains current recommended guidelines regarding personal privacy.

So what does this mean for individuals in the U.S.?

This regulation applies if the data controller (organization that collects data from EU residents), processor (organization that processes date on behalf of data controller e.g. cloud service providers), or data subject (person) is based in the EU. However, the regulation also applies to organizations based outside the EU if they collect or process personal data of EU residents. So if an Email Service Provider or Email Marketer sends messages to a subscriber based within the European Union, this regulation will be applicable to them regardless of where they’re located.

What is personal data? According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

Defining consent

Starting in May 2018, brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” in order to be compliant with the GDPR.

Article 32 of the GDPR states specifics around acceptable consent:

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.”

This aligns with the explicit consents we require for email communication, as stated within our anti-spam policy.

Once the GDPR is in place, marketers may have to change their ways. Many practices that marketers previously used to opt-in email subscribers won’t be compliant under the GDPR. Strategies such as requiring an email address to download a whitepaper or providing contact information to enter a contest will no longer be compliant if you don’t tell them you could use their personal data to send marketing messages. A subscriber must actively agree that it is okay to use their data for that specific reason; otherwise, it won’t be legal to add those email addresses to their mailing list.

We know this is a lot to take in. To prepare for the new regulation, here’s what you can do:

  • Determine whether or not you are using email addresses from the EU. If the email has a .eu or other European extensions at the end, that’s a pretty good sign.  If your company currently collects IP information for website submissions, you may also need to consider using this information to determine their country of origin.
  • If your database includes subscribers whose permissions haven’t been collected according to the GDPR’s standards, or if you can’t provide sufficient proof of consent for some of your contacts, you will need to solicit permission from them once again, abiding to the standards set forth by these new regulations.
  • Review any requests for email addresses, including pop-up windows and sign-up forms, to make sure the language is clear and specific, and covers all the reasons for using that address.
  • Keep a record of all individual permissions to use their email address and be prepared to present the consents if asked.
  • Take steps to protect against potential breaches in security. Review your current data storage and security practices to see if additional measures should be added.

To learn all about the GDPR we encourage you to view all the information about it below:

gdprblog

More to explore…

MPP

Apple Mail Privacy Protection

What is Apple Mail Privacy Protection? Apple Mail Privacy Protection (MPP) is a feature available to Apple Mail users. MPP protects a user’s privacy by

Read More »
WhatCounts Marketing March 21, 2022

Media Manager upgrade

You may have noticed that your preferred browser provides a security warning for any mixed content. Recent changes in browsers such as Chrome, Firefox and

Read More »
WhatCounts Marketing November 19, 2020

Understanding DMARC

DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol that works alongside Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). What

Read More »
Chris Truitt September 29, 2020

Ready to See WhatCounts in Action?

Request a demo

© 2021 WhatCounts. All rights reserved. View our Privacy Policy or our Terms & Conditions.

Take your first step towards supercharged engagement!

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.

Accept & close
Decline