Book a no obligation demo with one of our email experts. Discover how e-shot™ can help you:
One of our team will call you for a brief chat so we can cater the demo to your specific requirements and show you the relevant tools and features that will deliver you the best results.
26 Feb 2018 by Sadie Burgess
With the General Data Protection Regulation (GDPR), the European Union’s new privacy law, coming into effect on May 25th, 2018, now is the time for email marketers to ensure that their programs are compliant. (Not sure what GDPR is? see our article GDPR in a nutshell.)
One of the main areas of change compared to the current legislation is the way marketers need to collect and store consent. The new regulation requires that brands collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant.
The Information Commissioner’s Office of the UK (ICO) has provided a comprehensive guide on consent under GDPR. If you don’t fancy wading through the full 39-page guide just yet, here’s a breakdown of the five most important things you must know about email consent under GDPR
Recital 32:
“Silence, pre-ticked boxes or inactivity should not constitute consent.”
Under GDPR, email consent needs to be separate. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service.
Article 7(4):
“When assessing whether consent is freely given, utmost account shall be taken of whether… the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.”
Article 7(3):
“The data subject shall have the right to withdraw his or her consent at any time. (…) It shall be as easy to withdraw as to give consent.”
5 critical things to know about collecting and storing consent under the new GDPR.
Click to tweet
Article 7 (1):
“Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
Keeping evidence of consent means that you must be able to provide proof of:
• Who consented
• When they consented
• What they were told at the time of consent
• How they consented (e.g., during checkout, via Facebook form, etc.)
• Whether they have withdrawn consent
Recital 171:
“Where processing is based on consent pursuant to Directive 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation.”
Re-permission campaigns are a powerful way to update existing records to ensure GDPR compliant consent, but they do require detailed planning and execution. Remember: If you require an updated consent for GDPR compliance but your subscriber fails to engage with your re-permission campaign, you’ll have to remove them from your mailing list.
If you want to know more about how e-shot™ can help you ensure compliance to GDPR contact our team on 020 3320 8777 or view some of our other GDPR posts for more information.
More like this...
Join thousands of marketers and receive regular tips, tactics, how to's, invaluable insights and inspirations directly to your inbox.