As well as going ahead with the UK’s withdrawal from the European Union, on June 21, 2017, the Government has re-affirmed its intention to bring the EU General Data Protection Regulation (GDPR) into UK law, ensuring the country’s data protection framework is, “suitable for our new digital age, allowing citizens to better control their data.” But how will it affect marketers and aspects of their email marketing?

The General Data Protection Regulation (GDPR), the European Union’s (EU) newest online privacy law, is designed to bring order to a fragmentary set of privacy rules across the whole of the EU. As GDPR is a regulation, (can be legally enforced) and not a directive. It will become enforceable in EU member states on May 25, 2018. While more uniformity across European countries should be good news for email marketers. GDPR has brought with it a number of changes that will have an effect on the email industry.

Within the European Union at present, with the Directive on Privacy and Electronic Communication (E-Privacy Directive), spam conventions differ notably from state to state. While the E-Privacy Directive sketches overall objectives, every member is permitted to interpret these objectives into their own law. The consequence of this is radically differing email laws for each EU member state.

So, what does this new regulation mean for email marketers?

Who does this affect?

Because GDPR will affect every business that uses any personal data from EU citizens it will, therefore, impact upon numerous aspects of email marketing, particularly how marketers pursue, gather, and record consent, so if you’re collecting email addresses or send email to subscribers in the EU, you will have to conform to GDPR—irrespective of where you are located.

Will there be stricter regulations for collecting consent through email marketing?

When GDPR is in place, marketers will only be permitted to send email to people who have chosen to ‘opt-in’ to receive messages. Despite this is already being the case in most EU countries. GDPR does go on to specify the nature of the consent that will be required for commercial communications. In May 2018, businesses will have to collect confirmatory consent. This is; “freely given, specific, informed and unambiguous”, for your company to be GDPR compliant.

The signup process must also notify subscribers about the brand that is collecting consent. As well as this the information about the purposes of personal data collection must also be disclosed.

Basically, this means that methods used previously by marketers to grow their database, will not be GDPR compliant. For example, if someone entered their email address to download a form or gave their contact information to enter a competition, and you didn’t tell them you would use their personal information to mail marketing messages, and if they didn’t agree for that very reason, it will become be unlawful to include those email addresses in your mailing directory.

Consent record keeping; new requirements.

The GDPR has set the rules for how to collect consent. They have also required companies to keep a record of these consents.

Moving forward, email marketers will also be required to change how they collect and store consent. GDPR will apply to all existing data.

You will not be able to collect and store data:

  • If your databank has subscribers whose consent hasn’t been collected in line with GDPR’s standards.
  • If you are not able to provide adequate proof of consent

Therefore, you may not be allowed to send those subscribers email any longer.

What will happen if you are non-compliant?

The new regulation comes with tighter rules around consent. The GDPR are also stricter on the use of personal data. There will be greater penalties for businesses that don’t abide by the rules. Nonconformity with GDPR coms with fines of up to £17 Million or 4% of a business’s annual turnover (whichever is greater).

If you want to know more about GDPR and the effect it will have on your business, contact a member of our team today. Remember to follow us on social media to stay up-to-date with all the latest GDPR information.