On May 25, 2018 the European Union’s new privacy law, General Data Protection Regulation, GDPR, goes into effect. Even if you’re a US based marketer – you’re still required to comply if you have any European Union based subscribers on your list. The intent is for all parties who handle personal data – not just you, but partners like ReachMail, need to affirmatively respect and manage the privacy of consumers. Here’s how ReachMail complies with GDPR.
The permission requirements are generally more strict than may come to expect. According to Litmus - the five most important criteria to decide if the subscribers permission is valid is:
- No “pre-checked” opt-in box. The subscriber actually has to tick the box in order for their opt-in to be considered permission.
- Keep consent requests separate from “Terms and Conditions”. In other words – don’t lump in the opt-in process along with the signup process where the customer has to agree to opt-in along with your terms. It must be a separate process. So a customer can do business with you and not opt-in to your list.
- Make it easy to withdraw consent. If you use ReachMail then you can be assured we include an opt-out link on every email. Litmus also mentions that you can’t make people log-in or visit more than one page.
- Keep evidence of consent. If you use ReachMail we automatically track the IP address and Country Code when someone signs up using your sign up form.
- Check your consent practices and existing consents. Here Litmus recommends that if you don’t have permission that is compliant with GDPR then you need to do a re-engagement campaign.
However, we don’t recommend using a re-engagement campaign as a means to get affirmative permission. In our experience sending an email out requesting permission typically generates extremely low permissions (on the order of 1-2%) and extremely high spam complaints. Instead – review your subscriber list and analyze the permission status of each subscriber. Divide it into two parts – part 1 would be subscribers where you can document some sort of permission from the recipient. Part 2 is for all others. Based on your experience – if you have significant doubts about the permission status of part 2 we recommend to no longer market to that list. Why not send a re-permission request to those subscribers? I’ll give you an example of the numbers. If you had 1,000 subscribers in part 2 – a re-permission would yield probably 10 affirmatives. Your future deliverability would also be jeopardized because of the spam complaints. In the end the risk outweighs any possible reward.
To help make this processes easier we have included a country code field that populates off the geolocation of the IP address whenever someone clicks or opens one of your messages or if they sign up using a ReachMail sign up form. Using this field we have added two segments when you schedule and send messages by default called With European Country Code and Without European Country Code. Using these predefined segments in ReachMail will be able to better assist you in getting your list GDPR compliant today.