What you need to know about GDPR for emails
Disclaimer: This post may contain affiliate links to products or services that I recommend. I may receive a commission should you sign up through my link (but at no additional cost to you). I only suggest products and services that I wholeheartedly support and believe in and have either used myself or have used on behalf of a private client.
Even though GDPR “came out” some time ago, you may still wonder what GDPR means for your email marketing strategy or even what you need to do to make sure your emails comply with GDPR rules.
What you need to know about GDPR for emails
First off, let me say I’m no legal expert, so what I say here... do not take as legal advice in any way. Please do your own research. What I’m about to break down in this post will help you get a better understanding of what this GDPR thing is and what it means for your email marketing (even if you’ve yet to really focus on it yet! - and if that’s the case, read this).
So, I hate legalese - that’s the fancy word for all that legal gumpf that’s written in archaic English to satisfy some ancient accord and mostly to baffle the average person so they have to hire lawyers/ solicitors (talk about a clever marketing tactic if ever I did see one!).
But that being said, it’s a serious issue, because the EU decided they’d had enough of people's data being shared willy-nilly and without the person's consent.
So that’s what GDPR is all about… making sure the person who gives you access to their data has full access to what you do with that data as well as full control. This includes giving or retracting consent or permission for how their data is handled.
This includes information that is shared via a website through cookie-control, or even data exchanged as part of a purchase etc.
Tip: To make sure your website is data compliant you may want to check out the templates on The Contract Shop to cover your backside.
But what does GDPR mean for email?
This GDPR “stuff” only applies to your subscribers or customers if they live in the EU. So you need to make sure you have a way to identify anyone who comes across your site as an EU resident based on their IP address.
Luckily most email service provider (ESP) and marketing and shop platforms (eg. Shopify, Leadpages, Kartra) can now do this automatically.
So what action do you need to take?
Here are 5 things you need to consider to be GDPR compliant:
1. POSITIVE OPT-IN
The biggest (and most serious) thing you need to consider is that your email subscriber must take positive action to consent to receiving emails from you.
You may think that if they add their email address to an opt-in box that it’s obvious you’ll be sending them emails… unfortunately that’s not good enough.
They are signing up for the thing you’re offering (a discount code, free shipping, a free report or checklist), not to receive emails - even though you would think that they’d want more information or emails from you about your products, your subscriber has to say YES PLEASE to more emails.
That means having a check-box somewhere in the process of signing up for them to tick (no pre-ticked boxes are allowed) to say yes to more emails.
2. PROVIDE INFORMATION TO THE SUBSCRIBER HOW THEIR DATA IS MANAGED
Always have a link to your privacy policy so your subscriber knows how their data is used and the process they need to take to if they want to withdraw their consent. This may seem a little ridiculous because, really, how many people actually take the time to read that kind of information?
That’s true, but like I said before you want to cover your *ss/ rear-end on this. See The Contract Shop for templated privacy policies and cookie-data information.
3. MAKE SURE YOU USE PLATFORMS THAT HAVE THEIR OWN GDPR POLICIES
It’s not good enough using your work email inbox or gmail account to send emails to your subscribers. It’s advisable to use an ESP that has good GDPR policies and allows you, as a user of their service, to capture the correct information to recognise those in the EU (and their consent) and store this information correctly (I personally use ConvertKit).
4. RECORD AND KEEP THEIR CONSENT (OR NON-CONSENT) INFORMATION
Make sure your ESP has the ability to record this data in some way. You can initiate a tag to be added to your subscribers record so that you can segment those who have or have not consented to receive emails.
Of course, you ARE allowed to send them information about the “thing” they signed up for, but any other emails are prohibited.
5. CONTINUE TO USE GOOD PRACTICE WITH YOUR SUBSCRIBER INFORMATION
It’s all very well and good collecting the information and consent from your subscribers, but if you’re not acting upon their desires, then it makes capturing this information completely redundant.
You must make sure that you adhere to your subscribers wishes by only sending your emails to those who have given consent.
This may take the form of creating a segment of your list which you call Newsletter or Main List which filters out subscribers who have the consent tag (or are not required to positively opt-in in to consent).
If you want to know how to do this in ConvertKit, I show you my method of segmenting my subscribers when they come through my welcome sequence in this post here (watch the video from the point of phase two – 9 minutes 15 seconds). I’ll also create a tutorial on how I segment my broadcast emails too so watch out for that.
Rigorous testing is required
As with everything I share information about, I always say test, test, test – whether that’s a marketing message, copywriting formulas or like in this instance, technical connections.
Make sure the customer or subscriber journey works correctly. If you’re not in the EU, get a friend who is, to opt-in to your sign up form to test that their consent is recorded properly and that your automation emails are triggered based on whether this consent has been given etc.
If you have any questions about this or email marketing, please add your questions to the form on the contact page and I’ll get back to you as soon as I can!
Related content that may be of interest:
How to add a ConvertKit form to Squarespace