GDPR y email marketing
On May 25, 2018, the new General Data Protection Regulation (RGPD or GDPR) came into force. It is normal that when a new regulation is applied, doubts arise about its implementation and its implications for companies, so we will try to solve them in this article.
In this article
What is the GDPR?
The European Union has updated its regulations on data protection. This new standard is called the General Data Protection Regulation (RGPD, hereinafter), and is generally applied to all types of entities, from public authorities to small and medium-sized companies, without differentiating whether the treatment takes place within from the EU or outside, as long as it affects European citizens. The main novelties that this European directive brings are:
- They explicitly agree : the implicit consent that has been done in many data processing is “de facto” annulled and a real express and explicit consent is implemented. With the new regulation, the consent has to inform what the objectives of the treatment will be and the person responsible for it. You must be informed if the personal data that is the object of the treatment will be managed in third countries. It is recommended that this international management be carried out in EU countries.
- Controls on suppliers are increased: with access to data especially for suppliers from outside the EU. These should be more exhaustive and all aspects that affect the security of the information handled will be regulated by contract.
- Privacy by default: the approach to any new activity has to go through protecting the privacy of the information that is handled, from the moment of its conception.
- The rights over personal data are increasing: the right to be forgotten is established, which makes it possible to delete user data; the right to portability, which allows data to be carried from one provider to another and the right to object to profiling for marketing purposes with user information.
- Notification of incidents: incidents that have an impact on the security of information and personal data will have to be communicated to the control authorities and affected users within a maximum period of 72 hours.
You can check the percentage of compliance that your company has with respect to the GDPR with our self-assessment tool.
How does it affect email marketing?
The reality is that while this new regulation increases the protection of subscriber data, it does not prohibit anything that was not before. Spanish data protection legislation, made up of the LOPD and LSSI, was already one of the most restrictive in Europe, so the changes that have occurred do not affect email campaigns.
What tools are in Acumbamail to comply with the GDPR?
- To add a checkbox to a form, you must first add it as a field in the list where you have the form included. Within the list, click on the Fields tab and add a checkbox/boleaan field.
Then, go back to the form in the list and in step 3 of creating forms you can drag the checkbox field into the form template and modify the text with the editor. You can also make it mandatory to subscribe (for that, double-click, select the pencil icon and check Required to subscribe).
Does Acumbamail share customer data with third parties?
Acumbamail does not share in any case the data of its clients with third parties. The databases that you upload to Acumbamail will be private and you will be the only one who can make use of them. No commercial communication will ever be sent to your customers and your database will not be shared with any other company.
Should I ask my subscribers for consent to send them campaigns?
- When the recipients of your campaign are your customers: usually with customers contracts are signed (or accepted) in which it is clear that the personal data they provide you will become part of an electronic file registered with the Data Protection Agency. These customers have given their explicit consent when accepting this contract and, therefore, you can continue to send them emails.
- When the recipients voluntarily subscribed to your shipments: this case is quite clear, since most subscription systems use a method known as double opt-in (basically an email is sent to verify the address and thus make sure that the person subscriber is the owner of the email address). This acceptance by double opt-in is considered an explicit consent, so any email verified by double opt-in is considered valid to continue sending you campaigns.
In such cases that correspond to the vast majority of subscribers, it is not necessary to send a campaign of consent. Keep in mind that if you send this type of campaign, and more during these days, you're exposed to people not giving you their consent simply because of the gigantic volume of emails out there and you'll lose a large part of your database and business, so try to send it only to people who don't meet those assumptions.
How can I send campaign consent file?
If once you have read the previous section, you still want to send the campaign, in Acumbamail we have prepared a tool that will make it easier for you how to do it. The steps you need to do to do this are as follows:
1. Crea una campaña normal o clásica, selecciona tu lista y elige una plantilla de la categoría "básicas", por ejemplo "Básica notificación" (Recuerda que debes usar el nuevo editor).
2. Al editar la plantilla recuerda que debe ser lo más simple posible. Debe tener un texto explicando el motivo de la notificación, por ejemplo: que si quieren seguir recibiendo tus campañas y para cumplir con el GDPR necesitas que te den de nuevo su consentimiento.
3. Por último, debes meter un botón con el texto "renovar consentimiento", "volver a suscribirse" o el que tu consideres. Al editar el enlace de este botón debes darle a "Enlaces especiales" y a "Renovar consentimiento GDPR".Una vez que envíes tu campaña se creará en tu lista automáticamente un campo con el nombre "GDPR Aceptada" y se marcará a Verdadero para todos los suscriptores que hagan clic en el botón. Además en los suscriptores que hagan clic, se creará otro campo en tu lista con el nombre "GDPR Fecha" en el que se pondrá la fecha exacta en la que hicieron clic en el botón de consentimiento. Con esto ya tendrás el consentimiento mediante una acción afirmativa (pulsar el botón) y lo tendrás almacenado en tu lista de Acumbamail.
Subscribers who press the button will be taken to the "Thank you for subscribing" page, as they really re-subscribe to your notifications. Remember that you can change this page from the Notifications tab within a specific subscriber list. You can learn more about this aspect in Lists.