May 25 2018

GDPR and ExpressPigeon

In the ESP industry everyone is concerned about General Data Protection Regulation (GDPR). GDPR is a new set of guidelines that dictates how individuals and companies may acquire, utilize, store, and delete the personal data of European Union (EU) citizens. GDPR becomes enforceable on 5/25/2018. Following GDPR regulations is your responsibility if you have subscribers based in the EU, even if you operate outside of the EU. Change is always hard to adapt to, but GDPR is actually great for email marketing and will likely improve your campaigns. GDPR gives people more control over their personal data and how others are allowed to use it. In the context of email marketing this means providing more transparency and clearly defined consent agreements for new subscribers. Even prior to GDPR, ExpressPigeon has always required its users to be transparent with subscriber opt-in and to be able to provide opt-in data upon request. So, the good news is that your email practices shouldn’t change much since our current terms and anti-spam policies were already quite strong. That said, there are a few new features that we will implement to ensure that you have all the right tools to comply to GDPR. In this blog post, we want to help you better understand how GDPR specifically affects your email marketing. If you handle customer data outside of email marketing or use other third-party tools that collect data, you should definitely check out the full set of regulations and talk to legal experts to ensure you understand the full extent of compliance.

Why You Should Care About GDPR

Whenever you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If the individual whose data you’ve obtained is a citizen of the European Union, you’re required to adhere to the new rules. Don’t Worry! We’ll explain the basics and provide some tips to help you transition. The GDPR was developed to modernize the current EU data protection laws with an increased focus on an individual’s rights and privacy. While some of the legislation is stricter and the penalties for non-compliance are tougher, the ultimate goal is to improve trust in the digital ecosystem. To that end, EU citizens will have several new rights to give them better control of their own data. Here are the most important user rights that apply to email marketing: Right to be forgotten empowers an individual to ask a company to delete ALL of the data associated with them. This requires you to provide more than an unsubscribe button. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user. Right of access allows your subscribers to ask exactly how you are using their data and for what purposes. If a request is made, you’ll need to provide a personal data report at no cost to them. Breach Notification is mandatory under the GDPR, which means you have 72 hours from becoming aware of the breach to notify customers. Right of portability lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’. ExpressPigeon allows customers to download user data if someone makes a ‘right of portability’ request. Now that each individual has the power to request or delete their data, it’s wise to consider what data you actually need and what data you can live without. The more data you collect, the more documentation and management is required to quickly address a data request. If you prefer to collect a lot of customer data for your marketing initiatives, it’s important to note that the GDPR definition of personal data covers a wide spectrum including things like behavioral data, IP addresses, biometric and financial data to name a few.

Marketing to people who have given their consent is a best practice that we believe to be one of the foundations of successful email marketing. If you’ve been building your list by getting user consent first, then GDPR will not change your lives much. On the other hand, if you have old lists or market to people who have not given proper consent, it’s time to change your practices. Although you might not grow as fast as you want, the long-term results will be much better. Consent is crucial within the new GDPR. Email marketers must obtain consent in accordance with the GDPR’s strict new requirements by ensuring active and explicit consent. Active consent means your subscribers need to initiate the consent. You can no longer include the checks within the checkbox and make the user remove it. The user must click the checkbox. Explicit consent means that you need to clearly communicate exactly what the user is agreeing to and what the data is being collected for. You must be as transparent as possible with your consent forms and you must keep a record of each subscriber’s consent. The burden of proof is on you. The most effective way to accomplish this is through double opt-in, which provides a paper trail of the transaction.

Time to Revalidate your Subscribers

If you are not sure whether or not the people on your current lists gave consent or you don’t have a record of it, you need to revalidate all of your EU subscribers now. Send your recipients a message with two button options. First a “Stay On List” button, which you can set to send them automatically to a new GDPR subscriber group within your ExpressPigeon account. The “Unsubscribe” button will unsubscribe the person from your list.

What ExpressPigeon is Doing to Help You With GDPR

At ExpressPigeon, we have been following the GDPR developments. As we mentioned earlier, our current policies are not changing much because we have always believed in more transparency when obtaining subscribers. That said, there are a few features and changes that we are working on to help you deal with some of the new rules: We are reviewing our consent forms and making improvements to make it easier for our customers to be more explicit and to facilitate active opt-in. We are making sure that all of our current features are optimized to help our customers adhere to GDPR. We are considering new features that will help customers comply such as other data portability functionality and detailed data reporting. If you are transparent and respect every individual subscriber, your email marketing will succeed. That is what we have always believed that the GDPR will help more organizations to build trust and improve the digital marketplace for everyone. If you have specific questions about how GDPR affects your email marketing or have suggestions on how we can improve ExpressPigeon for GDPR compliance, we want to hear from you!

For more information on GDPR please check out our knowledge base.

GDPR requirements will be enforced starting on May 25, 2018.

This blog is for informational purposes and is not meant for legal advice.

Posted By Igor Polevoy