If you’re like most companies, you’ve been working hard to make sure your email marketing efforts are GDPR compliant. But there’s one little-known aspect of GDPR that could trip you up: ensuring your email list is clean and up-to-date. In this blog post, we’ll show you how to get your email list GDPR compliant and avoid any potential fines.
What is GDPR and why do you need to be compliant?
The General Data Protection Regulation (GDPR) is a new EU data protection law that went into effect on May 25, 2018. The GDPR replaces the 1995 EU Data Protection Directive and sets out strict rules for how companies can collect, use, and store personal data.
If you’re not GDPR compliant, you could face hefty fines. The GDPR requires companies to get explicit consent from individuals before collecting their data, and fines for violating the GDPR can be up to 4% of a company’s global annual revenue or €20 million (whichever is greater), whichever is greater.
That’s why it’s important to make sure your email marketing is GDPR compliant. You can use GDPR Zendesk to make sure that you are in compliant with the GDPR. Here are a few things you need to do to make sure your email marketing is up to snuff.
1. Get explicit consent from your contacts
Under GDPR, you need to get explicit consent from individuals before collecting their data. This means that you can’t add people to your email list unless they’ve specifically given you permission to do so.
There are a few ways to get explicit consent from your contacts:
– Use an opt-in form on your website. This is the most common way to get explicit consent from contacts. An opt-in form is a form on your website that asks people to subscribe to your email list. To be GDPR compliant, make sure your opt-in forms include a checkbox that says something like, “I consent to receiving emails from XYZ Company.”
– Use a double opt-in process. A double opt-in process is when someone signs up for your email list and then they’re sent an email asking them to confirm their subscription. This is a good way to make sure people only sign up for your email list if they actually want to receive your emails.
– Get verbal consent. If you’re collecting data in person, you can get verbal consent from individuals. For example, if you’re at a trade show and someone gives you their business card, you can say something like, “Can I add you to our email list so we can keep you updated on our latest products and offers?” If they say yes, you can add them to your list. Just make sure you keep a record of when and where you got their consent.
2. Keep your email list clean and up-to-date
Under GDPR, you need to keep your email list clean and up-to-date. This means that you need to remove people from your list if they haven’t given you explicit consent to receive your emails, or if they’ve unsubscribed from your emails.
It’s also a good idea to periodically clean your email list, even if people haven’t unsubscribed from your emails. This is because people’s email addresses can change over time, and you don’t want to send emails to people who no longer want to receive them.
3. Use a GDPR-compliant email marketing service
If you’re not sure if your email marketing service is GDPR compliant, it’s a good idea to switch to a GDPR-compliant email marketing service. These services make it easy for you to get explicit consent from your contacts and keep your email list up-to-date.
There are a few GDPR-compliant email marketing services that you can choose from, including:
– Constant Contact
If you’re not sure which email marketing service to use, consult with an expert who can help you choose the right service for your business.
Making your email marketing GDPR compliant can seem like a daunting task, but following these three simple steps will help you get started. And remember, if you’re not sure what to do, consult with an expert who can help you make sure your email marketing is up to snuff.
The types of data you can collect and store
There are four main types of data that you can collect and store under GDPR:
– Personal data: This is any data that can be used to identify an individual, such as a name, email address, or IP address.
– Sensitive personal data: This is any data that could potentially be used to harm an individual, such as a health condition, financial information, or racial or ethnic information.
– Anonymous data: This is data that can’t be used to identify an individual, such as aggregate data.
– Pseudonymous data: This is data that can’t be used to identify an individual directly, but could potentially be used to do so indirectly, such as an email address or IP address.
Under GDPR, you can only collect and store data that’s necessary for your business. You also need to make sure that the data you collect is:
– Legitimate: You need to have a valid reason for collecting and storing the data.
– Necessary: The data you collect needs to be necessary for your business.
– Accurate: The data you collect needs to be accurate and up-to-date.
– Relevant: The data you collect needs to be relevant to your business.
– Timely: The data you collect needs to be timely and not out-of-date.
If you collect data that’s not necessary for your business, you need to delete it.
The consequences of not being GDPR compliant
If you’re not GDPR compliant, you could face a number of penalties, including:
– Fines: You could be fined up to 4% of your annual global turnover or €20 million (whichever is greater), whichever is greater.
– Suspension of data processing: You could be suspended from processing data for up to three months.
– Reputational damage: You could suffer reputational damage if your non-compliance is made public.
In addition to these penalties, you could also be sued by individuals whose data you’ve collected and stored without their consent. If you lose the lawsuit, you could be ordered to pay damages to the individual.