GDPR y email marketing
On May 25, 2018, the new General Data Protection Regulation (RGPD or GDPR) came into force. It is normal that when a new regulation is applied, doubts arise about its implementation and its implications for companies, so we will try to solve them in this article.
In this article
What is the GDPR?
The European Union has updated its regulations on data protection. This new standard is called the General Data Protection Regulation (RGPD, hereinafter), and is generally applied to all types of entities, from public authorities to small and medium-sized companies, without differentiating whether the treatment takes place within from the EU or outside, as long as it affects European citizens. The main novelties that this European directive brings are:
- Explicit consent : the implicit consent that has been done in many data processing is “de facto” annulled and a real express and explicit consent is implemented. With the new regulation, the consent has to inform what the objectives of the treatment will be and the person responsible for it. You must be informed if the personal data that is the object of the treatment will be managed in third countries. It is recommended that this international management be carried out in EU countries.
- Controls on suppliers are increased: with access to data especially for suppliers from outside the EU. These should be more exhaustive and all aspects that affect the security of the information handled will be regulated by contract.
- Privacy by default: the approach to any new activity has to go through protecting the privacy of the information that is handled, from the moment of its conception.
- The rights over personal data are increasing: the right to be forgotten is established, which makes it possible to delete user data; the right to portability, which allows data to be carried from one provider to another and the right to object to profiling for marketing purposes with user information.
- Notification of incidents: incidents that have an impact on the security of information and personal data will have to be communicated to the control authorities and affected users within a maximum period of 72 hours.
You can check the percentage of compliance that your company has with respect to the GDPR with our self-assessment tool.
How does it affect email marketing?
The reality is that while this new regulation increases the protection of subscriber data, it does not prohibit anything that was not before. Spanish data protection legislation, made up of the LOPD and LSSI, was already one of the most restrictive in Europe, so the changes that have occurred do not affect email campaigns.
What tools are in Acumbamail to comply with the GDPR?
Our forms are prepared to comply with the requirements of explicit consent, with a checkbox or box that the user must actively check that he accepts the privacy policy. Also in the form itself you can link to the privacy policy of your company.
- To add a checkbox to a form, you must first add it as a field in the list where you have the form included. Within the list, click on the Fields tab and add a checkbox/boleaan field.
Then, go back to the form in the list and in step 3 of creating forms you can drag the checkbox field into the form template and modify the text with the editor. You can also make it mandatory to subscribe (for that, double-click, select the pencil icon and check Required to subscribe).
You can add a link to your privacy policy directly in the text editor like this:
text .
Does Acumbamail share customer data with third parties?
Acumbamail does not share in any case the data of its clients with third parties. The databases that you upload to Acumbamail will be private and you will be the only one who can make use of them. No commercial communication will ever be sent to your customers and your database will not be shared with any other company.
Should I ask my subscribers for consent to send them campaigns?
- When the recipients of your campaigns are your customers: normally with customers contracts are signed (or accepted) in which it is clearly stated that the personal data they provide you will become part of an electronic file registered with the Data Protection Agency. These customers have given their explicit consent to accept this contract and you can continue to send them emails.
- When the recipients voluntarily subscribed to your shipments: this case is quite clear, since most subscription systems use a method known as double opt-in (basically an email is sent to verify the address and thus make sure that the person subscriber is the owner of the email address). This acceptance by double opt-in is considered an explicit consent, so any email verified by double opt-in is considered valid to continue sending you campaigns.
- When a registration is made without email verification but with acceptance of your privacy policy: when someone has accepted your privacy policy, the case is similar to that of an old client, since an acceptance of the clauses between which is the use of personal data for this type of purpose.
In this type of cases that correspond to the vast majority of subscribers, it is not necessary to send a consent campaign. Keep in mind that if you send this type of campaign, and more during these days, you expose yourself to people not giving you their consent simply because of the gigantic volume of emails there is and you will lose a large part of your database and your business, so try to send it only to people who do not meet those assumptions.
How can I send a consent campaign?
If after reading the previous section, you still want to send the consent campaign, in Acumbamail we have prepared a tool that will make it easier for you to do it. The steps you need to take to do it are as follows:
1. Create a normal or regular campaign, select your list and choose a template from the "basic" category, for example "Basic notification" (remember to use the new editor).
2. When editing the template, remember to keep it as simple as possible. It should have a text explaining the reason for the notification, for example: that if they want to continue receiving your campaigns and to comply with the GDPR you need them to give you their consent again.
3. Finally, you must insert a button with the text "renew consent", "resubscribe" or whatever you consider. When editing the link in this button, click on "Special links" and "Renew GDPR consent". Once you submit your campaigns, a field named "GDPR Accepted" will automatically be created in your list and marked to True for all subscribers who click the button. In addition, in the subscribers who click, another field will be created in your list with the name "GDPR Date" in which the exact date on which they clicked on the consent button will be put in place. With this, you will already have consent through an affirmative action (pressing the button) and you will have it stored in your Acumbamail list.
Subscribers who press the button will be taken to the "Thank you for subscribing" page, as they really re-subscribe to your notifications. Remember that you can change this page from the Notifications tab within a specific subscriber list. You can learn more about this aspect in Lists.