You may have already heard about a new law coming to the EU governing mass emailing and email marketing. It has created concern among many companies scrambling to get their subscribers to “properly” opt-in. You may well have, ironically, received an email to that effect. So what does this mean for the people sending the emails – should you panic?
The General Data Protection Regulation (GDPR) is a regulation coming into force for all EU member states on 25th May 2018. If you send any emails to businesses or individuals within the EU after the deadline then you will need to work within the new regulations or you could face fines of up to €20 Million or 4% of a brand’s total global annual turnover – whichever is the greater. By the way, UK’s decision to leave the EU does not affect this, the Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
What are the challenges?
No “Soft Opt-In”
“Soft Opt-In” is when you have a list of email addresses which you have obtained through channels not specifically related to the marketing of your services, yet is reasonable to assume the people receiving the emails know who you are and might expect emails from you. They may be, for example, previous customers or part of your close business network. These lists are marketed to without first asking specific permission and expecting the recipient to “Opt-Out” if they do not want to receive any more – though a way to do so is made available on every email sent.
‘Soft Opt-in’ is seen as quite a grey area concerning current email laws. After all, what does “people who might expect to hear from you” mean? Previous customers? Your LinkedIn contacts? Some companies push it as far as paid-for lists where the recipient agreed to be contacted by “Third Parties”.
Opt-in must be specific
The GDPR takes a hard line against this practice. Consent will now have to be “freely given, specific, informed and unambiguous”. In order for recipients to receive your email, they must have specifically nominated themselves to receive it. The burden now falls on the sender to obtain consent before mailing, rather than with the recipient.
Another common tactic to bolster subscription rates is to use pre-filled checkboxes or clever wording to count as consent when offering something unrelated such as a free white paper or competition. The GDPR again outlaws this specifically. While giving consent may still include checking a box on a form, ‘choosing technical settings for information society services,’ or ‘other statement or conduct’ it goes further to say ‘silence, pre-ticked boxes, or inactivity,’ does not count as consent.
So what do you do now?
The time to act is now. If you have used any of these tactics in the past – or have lists in which addresses have been gathered outside of the new guidelines then they could become useless to you once the law comes into force. Business should pro-actively contact their soft opt-in subscribers with a request to sign up properly, also known as a “Double Opt-In”. This is seen as the best approach after the law comes into effect. There are no allowances for any lists created before the act and so any list compiled in any way that does not adhere to the new legislation is unlawful.
If you need any help getting your business ready for GDPR, contact Merriborn Media. Email our Managing Director, Trevor Merriden on firstname.lastname@example.org or 07771 926197. We are proud to have practised what we now preach. We have always believed in the privacy and integrity of subscribers to our free weekly newsletters and, as such, have had to make no changes to be up to date with GDRP and now advise existing clients in the same way.