Send button on computer keyboard
Will continuing to send marketing emails put your business at risk of breaching GDPR?

Do the General Data Protection Regulations (GDPR) mean you can’t send any more marketing emails?

JD Wetherspoons, the UK’s largest pub chain, hit the industry headlines last year when it decided to delete its entire marketing list. GDPR has injected a sense of impending doom into email marketers worried that carefully cultivated lists will need to be trashed come GDPR day.

This is not the case. GDPR does not prevent direct marketing taking place, nor does it mean your lists have to be deleted and collected again from scratch. However, it does mean marketers have a greater responsibility in processing personal data, and some issues around consent to market may have to be looked at.

Read more 

VinciWorks adds Subject Access Request module to GDPR course

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Consent to send direct marketing emails must be compliant with GDPR

In essence, this means the person receiving the marketing email must have given their explicit consent to be marketed to, as well as have a clear way to opt-out that is not connected to the receipt of any other services.

GDPR requires evidence of how you are complying, so proof of consent storing systems are required, and the double opt-in method of recording consent is highly recommended. Of course, consent is not the only lawful basis to process data, so it might be worth even checking whether this is absolutely necessary.

The best way to assess existing consent under GDPR is to reconnect with a database. Asking all customers to re-acknowledge their consent statements in the run-up to GDPR gives marketers the opportunity to show they are taking the lead when it comes to protecting data and complying with the new regulations.

The first step is to audit your database. Then investigate who the contacts are and how they were acquired, and what additional information you may need from them to comply with GDPR. Review and disclose how you collect the information, including getting consent at the point of collecting data (uncoupled from any receipt of services), have a clear, updated privacy policy and communicate this to everyone who signs up.

The changes to email marketing may mean social media plays a more important role in a marketer’s toolbox. Engaging with customers via Facebook and Twitter removes the responsibility on the company to process large amounts of customer data. As people are spending more time on social media than old-fashioned email anyway, now might be a good time to consider the value in continuing to market by email, regardless of GDPR.

Download a free GDPR ready data protection policy template

Is your organisation’s data protection policy template up to date and GDPR compliant? VinciWorks has published a data protection policy template that can easily be edited to suit your organisation, staff and industry. You can download the policy by clicking the button below.

Download policy template

This blog is the third in a series of GDPR Mythbusters VinciWorks will be publishing to help businesses determine between helpful guidelines and scary myths.