The General Data Protection Regulation (GDPR) is one of the strictest data privacy laws of today, and this post will explore how GDPR applies to email marketing.
It governs the collection, storage, processing, and sharing of personal data within the EU. The regulation came into effect in May 2018 and has significant implications for email marketing that no other data privacy laws have, including CAN-SPAM or CASL.
The GDPR also outlines 8 rights of the individual, which forms the basis of data privacy and protection for those in the EU:
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to a decision based solely on automated processing
The following article will go through each of these rights and how they apply to email marketing.
The Right of Access
This gives people the right to request a copy of their personal data from a business operating in the EU, to which they must comply.
The goal of this right is to provide transparency to consumers so that they have insight on what kind of personal data is being stored and how it might be used.
Thankfully the most popular email marketing platforms today have a profile export feature built for this purpose.
Further reading on The Right of Access
The Right to Rectification
If a business owns inaccurate or incomplete data about a person, then the person has the right to supplement this data so that it’s fixed in a timely manner.
For example, if someone named “Robert” registered for a business with their name incorrectly spelled “Rovert”, they can contact their customer service team to fix their name back to “Robert”.
Further reading on The Right to Rectification
The Right to Erasure
Also known as the right to be forgotten, this gives consumers the ability to request their personal data to be deleted.
This is most commonly done through:
- contact forms
- written email
- customer support chat
- telephone
In the world of email marketing, marketers are required to setup one-click unsubscribe links from their emails.
Further reading on The Right to Erasure
The Right to Restrict Processing
Instead of outright erasing personal data, consumers can alternatively restrict how their data is used by an organization.
The best example for this is in email preferences.
E-commerce brands almost always ask for your email address at checkout. Under GDPR, consumers can request their email to be used only for shipping notifications and not marketing messages.
Rather than unsubscribing, a preference page gives consumers the option to adjust what kind of marketing emails they receive from an organization.
Further reading on The Right to Restrict Processing
The Right to Data Portability
This has more to do with freedom of choice than it does with data privacy.
This right lets people obtain their personal data from a vendor to be reused for competitors.
For example, email marketers exercise this right when migrating between email service providers, such as from MailerLite to Klaviyo or vice versa.
Further reading on The Right to Data Portability
The Right to Object
The right to object is especially applicable to email marketers.
This forces email marketers to obtain explicit consent from consumers before sending them any form of marketing messages.
In addition to unsubscribing from a newsletter, consumers can also write in to formally object to any use of their data for direct marketing purposes.
However objecting to receiving marketing messages doesn’t mean that the organization will purge your data from their databases; organizations can still keep your user data in a suppressed profile, in which your information is available is in their possession.
To have your user data fully removed, you’ll have to exercise your right to erasure instead.
Further reading on The Right to Object
The Right Not to be Subject to a Decision Based Solely on Automated Processing
That’s a mouthful.
Automation is a huge part of our lives now, as it’s meant to streamline our workload by automating some of our tasks.
The GDPR requires human involvement for any decisions or profiling that an organization makes about a user profile that was subjected to automated processing, and gives consumers the right to object to this use of their data.
How this applies to email marketing is that people can object to our use of their shopping-behavioural data, preventing us from sending targeted messages via segmentation.
Further reading on The Right Not to be Subject to a Decision Based Solely on Automated Processing
Penalties & Concluding Thoughts
Failing to comply with GDPR can result in severe penalties. These penalties can be as high as €20 million or 4% of a company’s annual global revenue, whichever is greater.
Therefore, it is essential that email marketers understand and comply with GDPR regulations.
In summary, GDPR regulations have significant implications for email marketing. Email marketers must :
- be able to return a copy of a subscriber’s user data
- allow a subscriber to have their user data rectified
- allow a subscriber to have their user data to be completely erased
- let their subscriber restrict how their data is used, which includes profiling purposes
- allow a subscriber to reuse their user data for another vendor
- collect explicit consent
Navigating these data privacy laws can be a pain, which is why marketing agencies trust our white label email marketing services to get the job done for them.
Leave a Reply