We live in an age of data privacy. The massive European privacy law known as GDPR created a new standard for data handling in the EU. In the U.S., California will be implementing data privacy regulation in 2020 and there has been talk of the United States passing some kind of federal data privacy law in the future.
For email marketing professionals the writing is on the wall: the time to get in line with these new privacy regulations is now. Even businesses that don’t do business in Europe and haven’t had to worry about GDPR yet will certainly be affected by California’s new law—once the nation’s most populous state imposes such regulations others likely aren’t far behind.
So what steps do you need to take? Marketers who use email marketing as part of their lead nurturing efforts can focus on a few key areas to make sure they are compliant with data privacy regulations from Frankfurt to San Francisco.
Confirm Proof of Consent
A significant impact of GDPR is that it requires companies to get consent from anyone receiving their emails—which is generally just a good practice anyway. If you already have significant mailing lists you’ll be fine as long as you have records that prove that those on your list opted in by checking a box or agreeing to terms and conditions at some point.
If you aren’t able to show that proof, you may need to send out a re-engagement email so that your subscribers can reconfirm consent.
Remember: Emails are Personal Data
GDPR and other privacy laws are all about safeguarding personal data. It’s worth remembering, then, that emails are considered personal data. Treat emails with the same level of respect and security you might treat someone’s home address or social security number—don’t be careless with how subscriber emails are stored and definitely do not pass along emails to third parties without subscriber consent.
“Double Opt-In” is Not Necessary—But It’s Not a Bad Idea Either
There are some who have falsely warned that these privacy laws will require all companies to get a “double opt-in” from would-be subscribers, meaning that people would have to confirm email acceptance twice. This is not true: current privacy laws require that you only collect consent once (and have proof of this).
Still, though, if you want to build an especially strong and engaging email list then getting subscribers to “double opt-in” will ensure that everyone in your email list is enthusiastic about your content and will likely engage more.
Always Communicate How Data Will Be Processed
A key element of GDPR and other laws is transparency over how data is used. As a result, you’ll want to make sure that all your future plans for marketing and email marketing involve clearly communicating what you intend to do once subscribers opt-in to your emails. All it takes is a quick sentence or two describing what kind of information or offers they’ll receive once they sign up to join your list.
The Buck Stops with You
Most important to note in the Age of Data Privacy—your business is responsible for following the letter of the law. Don’t think that you can pass off data security or privacy concerns to email service providers or other third parties. If you want to avoid warnings or fines, it’s smart to know exactly which data privacy laws could affect your business.