The mere entry into force of the EU General Data Protection Regulation on May 25, 2018 brought with it a number of changes. Vivien Beischau from Newsletter2Go (now part of Brevo) has put together 6 tips for you so that you know which requirements you have to observe for your email marketing since then.
Disclaimer
Implement the requirements of the GDPR in 6 steps
1. shipping only with double opt-in
If you wish to collect personal data, you always require the consent of the data subject or legal permission. This consent must be recorded and include a reference to the possibility of revocation at any time. For your email marketing, this means that you need permission in advance to send them your mailing. If there is no consent, you are not allowed to send them a newsletter.
It is important that you include a reference to the privacy policy in the consent email and on the registration form. Make sure that this can be viewed at any time.
The double opt-in: The double opt-in procedure is a legally secure newsletter registration. You enter your e-mail address in the registration form and are added to a mailing list. You will then receive a confirmation email, giving you the opportunity to confirm your registration in a legally compliant manner. The DOI process is complete once this e-mail has been confirmed.
2. use legally compliant shipping software
There are a few requirements for legally compliant mailing software that you should consider. Legally compliant mailing software is characterized, among other things, by the fact that the servers for sending the mailings are located in Germany. The service providers are audited and have the appropriate data protection certificates.
An order processing contract must always be concluded.
3. guarantee data security
You should be aware that you must ensure that no unauthorized persons have access to your customers' sensitive data. Suitable technical and organizational measures (passwords, encryption, etc.) must therefore be taken when processing data to ensure that the data is secure.
4. pay attention to data economy
When collecting data, you should pay attention to data minimization. This means that data is only collected for a specific purpose and may only be used for this purpose. Show your data subjects exactly what they are providing their data for. In addition, you must not collect any data that is not appropriate for the purpose.
Example: Only the e-mail address is required for a newsletter registration. Of course, you can also request other data, but this information is voluntary and must be marked as such.
5. complete your sign-up process
Transparency is important and creates trust. In email marketing, this applies to your newsletter registration form, for example. Communicate clearly what recipients will receive and what the data will be used for. And note that you may only mark the email address query as a mandatory field. All other information must not be mandatory in order for the newsletter subscription to be effective.
Another tip for the registration form: Point out that you can unsubscribe from the newsletter at any time. It is also advisable to include a link to the privacy policy, which must be accepted with a tick.
6. goodies are not free of charge
You can continue to motivate your customers to sign up to your newsletter with vouchers or promotions. You only need to inform your customers about this barter deal when offering goodies or freebies, such as whitepapers, infographics, e-books, etc., which are combined with a newsletter subscription. As payment is made with data, you must not describe the deal as "free" and must make it clear that the newsletter is being subscribed to.
All that remains to be said ...
... that with the GDPR coming into force, the protection of personal data takes top priority. If these requirements are implemented, you will be well on the way to making your email marketing GDPR-compliant and avoiding horrendous fines.