GDPR will come into effect on the 25th of May 2018. It is primarily being introduced to protect the personal data of subjects within the European Union. The aim is that the regulation will give individuals more control over their personal data by making Data Protection Laws more transparent. It will also change the way data subjects can be contacted. Now marketers cannot contact email users within the EU who have not given consent to be contacted.
Consent in email marketing is an area GDPR hopes to rectify. The regulation will mainly change the way marketers obtain and store data subjects consent in order to collect, handle and process personal information as they will have to align with the new GDPR principles. Consent must be obtained by the data subject and not assumed. Therefore, marketers must keep a record in order to prove how the data subject consented to subscribe to their emails.
The data collected also needs to be relevant for the purpose. Therefore, marketers can only use information for the intended purpose and cannot use the information for another purpose which is a very common method used by marketers to help grow databases. If marketers want to use the information for another purpose they must have further consent from the subject.
The data subject must opt-in to allow personal data to be processed. Pre-ticked boxed that assume that consent is given will not be accepted by the new law.
Data subjects within the EU cannot be contacted by marketers if they have not opted in to be contacted. Marketers can only contact email users if they have shown consent and the marketing company has the correct documentation to prove it.
To summarise data subjects opting in by ticking a box to give consent to receiving emails is suffice and does align with the new law. As long as the consent comes directly from the data subject and companies can prove it.
The new law will contain an obligatory clause in order to help enable data subjects to remove data from company’s databases if requested. The Take Down clause will allow a clear and transparent way for subjects to contact marketing companies and submit their request.
Currently, the majority of marketing companies do not store consent forms and thus are unfamiliar with the process. However, they will have to create a safe storage facility to keep the consent forms in order to comply with the new law. This is because the information could be requested by the ICO if companies are not able to present the consent forms they will be in breach of the regulation.
If the marketing companies are found to be noncompliant or in breach of the regulation they can face big fines. These fines can be up to 20 million Euros or 4% of the company’s global turnover. The fine will depend on which penalty is higher.
All of these consent measures are to forces email marketers to improve transparency for data collection and storage procedures. They must be honest and clear about the type of data that is being stored and how it is being stored. Companies that store information has to make sure that the data is kept accurate and safe.
All companies should have a moral obligation to their customers and employ proper business practices. In the past, email marketing companies received bad PR in the press due to security breaches from hackers. Therefore it is natural that data subjects are conscious about how safe their data is stored.
Educating customers about practice your company employs to keep personal information safe will create a valuable opportunity for companies to rebuild trust with their consumers.
It is important that data subjects understand that their personal information is being handled and processed appropriately for future business relationships.