GDPR and Email Marketing

The new general data protection regulation (EU GDPR) has a direct impact on marketing practices, including email marketing. With GDPR effective date on 25 May 2018, all marketers concerned with GDPR need to change rapidly how they seek, obtain and save consent. Mailjet being an Email Marketing actor, we gathered precious information for you to create this GDPR toolkit. Let our guide help you to understand, prepare and comply to the European regulation before the due date, and even after.

How will GDPR affect email marketing?

Email marketing under GDPR essentially means that, as an email marketer, you need to collect freely given, specific, informed and unambiguous consent (Article 32). To achieve compliance, you have to adopt new practices:

1. New consumer opt-in permission rules;

2. Proof of consent storing systems; and

3. A method through which consumers can ask their personal information removed.

Concerning the impact of EU GDPR on B2B and B2C in 2018, the new European reglementation applies to both business methods. Neither soft opt-in nor soft opt-out approaches are allowed, at Mailjet we recommend you to use double opt-in to align with GDPR compliance requirements. Along with how you achieve consent in your business, you should also take care about your third party data (more information on How to work with Third Party Solution Provider under GDPR?).

Profiling is also under the scope of the regulation: from its clear definition to the subjects’ rights, GDPR has strict requirements you need to comply with, or you are at risk of a fine.

How can I do email marketing under GDPR?

Even though the European regulation changes the marketing landscape, it is still possible to do email marketing. To help accomplish your email marketing objectives, we have elaborated this GDPR checklist of measures for your reference:

a – Take an audit of your current database.

• Do you know geographically where your contacts are?

• Do you capture an audit trail of consent?

b – Know your contacts and how you acquired them.

• Did you follow a double opt-in practice?

• Do you keep track of where and when your contact’ information is coming from?

• How did they end up in your database?

• Do you have enough information on permission and source to hold up in court if needed?

c – Review and disclose your data practices.

• Do you ask for consent at the point of collecting the data?

• Do you have a privacy policy that details how you collect, store, transfer and process your data using clear, concise language?

• Do you communicate this data privacy policy to your recipients?

d – Look at your upcoming initiatives to ensure compliance now.

• All new initiatives should take into consideration compliance so you don’t have to retroactively go back to adjust your processes.

More information on GDPR and Consent.

Can I still send email marketing campaigns to my existing contact list?

The general data protection regulation doesn’t only apply to the data collected on its effective date, May 25th 2018, but also to the data gathered before. Does the consent record of your existing contact lists proves that you have clear authorization to send email marketing campaigns to each contact? Any ambiguous records would mean obtaining new and expressed permission from the outdated contacts, in order to send email marketing communications properly.

Can I buy contact lists under GDPR?

While certain purchased lists with clear affirmative statement of consent within the original subscription may be allowed under GDPR, Mailjet strongly recommends against this in every way possible for deliverability concerns. What is permitted may not be good for your email strategy.

How can I get my email unsubscription right?

Every email marketers should ensure a proper way for their contacts to unsubscribe, in order to be compliant for the EU GDPR. The unsubscribe process under GDPR needs to be clear and simple. You should include the visible unsubscription link in each marketing email where your subscriber can:

1. Unsubscribe to this marketing communication

2. Unsubscribe to all of your communications

3. Contact a return email address

Allowing your contacts to easily subscribe and unsubscribe are equally important in achieving compliance with EU GDPR.

How can I profile my data under GDPR to send personalized and targeted emails?

As the new European regulation impacts profiling, you must comply to its requirements in order to send personalized and targeted emails. More information on our dedicated page for GDPR and Profiling.

Check out the email marketing checklist to make sure you’re working with 3rd party providers correctly as your business transitions to GDPR.