How does the GDPR law transform newsletter and email campaigns?

Throughout 2018, the GDPR law, standing for “General Data Protection Regulation,” will be enforced. Not only for very large enterprises, but also for small companies running emailing or newsletter campaigns.

Opt-in, opt-out, passive opt-in… How is a database formed?

When you want to send a newsletter, do emailing, or create a newsletter campaign, you obviously send your creation to an email address list containing more or less data, more or less closely related to your core target. This list includes addresses, but also, sometimes, related information: last name, first name, address, gender… All of which are considered sensitive data that require careful attention both in their use and their acquisition.

Without getting into pure technique, on the web, three types of content imports into databases stand out:

• Opt-In. This is the method that most respects the user’s choice, since the internet user enters their information explicitly and consciously. Above all, the potential uses of the entered information are precisely written, and they make an active choice regarding these uses, for example by clicking a checkbox, making a selection from a drop-down list, or clicking a button where the consequences of submission are expressly indicated.
• Opt-Out. Invisible by nature, the opt-out registers a user for a service without their consent, using data they enter for another service. A very simple example: by registering on an e-commerce site, the site also subscribes them to its newsletter, without asking their opinion or explaining this data transfer.
• Passive Opt-In. Even more pernicious, the passive opt-in, as its name suggests, is a hybrid of opt-in that indicates subscription to a service, but which “pre-authorizes” consent. Here again, for example, a registration form for a site that pre-checks a box for simultaneous subscription to a newsletter.

How to peacefully manage your mailing list with the GDPR?

With this simple definition in mind, what does the GDPR change in verifying the data of a newsletter or emailing database? It’s simple: ensuring the consent of ALL the contacts on your list. If you followed the first paragraph well, this simply means that all the addresses and the data attached to them must be Opt-In. Thus, verifying your mailing list is absolutely your responsibility: you must verify that all registered users have explicitly consented to the service in question and delete all the rest.

A task that may not be easy, but must absolutely be carried out so as not to be penalized by the GDPR, as we discussed in this other article. A new question arises: how to be certain not to repeat this tracking work over and over again? By thinking right from the data acquisition form to be Opt-In in complete transparency. This involves in particular:

• a clear formulation of all the services for which the user agrees to provide their data (newsletter, profiling…)
• leaving the complete choice of subscription or not, avoiding pre-filled checkboxes and therefore, practicing passive Opt-In, considered prohibited by the GDPR
• verifying that every internet user has the ability to modify or delete their data, or assert their right to be forgotten.

To have peace of mind regarding the new GDPR regulations for sending your newsletters and your emailing campaigns, contact us and get your online quote for your mailing project!