Last month, we talked about what GDPR law was and what you needed to do as a business owner in order to comply. This month, we are going to explain how to make sure your email marketing is in agreement with GDPR. Please note, these steps SHOULD be done if your business is in Europe or your business works with other companies in Europe. If your business is in the USA and does not work with companies in Europe, these next steps are best practice for your email marketing only.
In fact, these next 11 steps should be considered best practice for email marketing in general, not just GDPR. These steps will help with your email campaign’s open rates, click rates, bounces, spam reports, unsubscribes, and not-opens. And don’t we want the best for our business?
How to make sure your email marketing is GDPR compliant
Make it CLEAR what people are signing up for
Gone are the days where you can simply add your client to your email list, promising to send “a free guide or eBook on the such and such topic.” Likewise, it is no longer as simple as having a pre-checkmarked box on a form stating “sign me up for a newsletter” and automatically adding them to your list if they do not uncheck the box.
GDPR places heavy emphasis on making sure your subscribers really know what they are signing up for. They need to clearly and intentionally request to join your list. I hear you saying, “But if I don’t do those email list strategies, how will I ever have an email list?”
Just because you use these methods to obtain emails doesn’t mean they are quality emails. Wouldn’t you like to have low bounce and spam rates after you send your newsletter campaign? What about a higher open and click rate? Well, you will achieve this by getting quality emails and this step will help accomplish that. This topic could be featured in a blog post next month!
Ask only for the information you need on your forms
GDPR maintains that you should only request necessary information for your business. For example, if you have a form on your website asking the user to contact you, that form should only ask for your name, phone number, email and maybe a box asking you to explain what you want. You shouldn’t see questions like “How many people work in your office?” or “What’s your zodiac sign?” or “If you could be a horse, what type of horse would you be?” (Okay, some of these are silly, but you get our point!)
Go through your forms on your website and make sure you are only asking the important questions and nothing more. While you’re looking at your forms, remove your checkmarked box for signing up for your newsletter.
Make it easy for your subscribers to change or delete their information
GDPR law has a sub-clause called the Right to Be Forgotten (RTBF), which allows individuals to request that any records held on them by a company are permanently deleted. This means your subscribers should easily be able to unsubscribe or limit their information. Once they unsubscribe from your email list, they also need to be removed from any third party vendors (i.e. PayPal). A way around this is to clearly state that once the subscriber leaves your website, your privacy policy ends and you are not responsible for what happens on the third party site.
Many of the popular email marketing platforms have “unsubscribe” and “edit your preferences” linked into their templates. So you should be set here. Just make sure your third party vendors take action or that you add the clause into your privacy policy.
Avoid emailing people who have unsubscribed from your list
You should already know this and be practicing it. NEVER, EVER email someone who unsubscribed, even to ask why they did so. This is both common sense and a term in the GDPR. You may need to check your email platform to ensure that their email is automatically deleted once they unsubscribe, or, if needed, manually delete their email.
Use a double opt-in process when collecting emails
This has always been a best practice in collecting emails and now, with it as a GDPR term, it is a must. Look at how you collect your emails. Do you have the user simply add their email? Or do you follow up by asking them to confirm that they want your emails? The latter is an example of double opt-in.
If you do not have the double opt-in, look at your email platform. There should be an option to allow a double opt-in when collecting emails. By adding this extra step, you will get quality emails so your open and click rates are high and your unsubscribe, spam, and bounce rates are low. It’s also worth mentioning that this follows GDPR!
Keep copies of subscribers’ consent to being on your list
If you are using the double opt-in, you are covered. If you are collecting emails at an event, conference, etc, just save the form they signed up on and you will be fine. You need to prove how each person got on your email list if ever questioned.
Include a clear link to your privacy policy
Use a link to your privacy policy on your opt-in forms, website, emails, and any other way you collect emails. If you can get them to sign a form saying they read the privacy policy, even better!
Your privacy policy should explain:
- How you use your subscribers’ information and how you plan to protect their information, etc.
- How your third party vendors will use their information or have a disclaimer that you are not responsible for what happens when they leave your site.
- Explain who you are, that you are using their information because they opted-in, and that they have a right to opt-out at any time.
If you have any questions on this, consult a lawyer.
Make sure your website is an HTTPS site
We addressed this when we wrote about HTTPS requests, SSL certificates and “Not Secure” warnings. If you don’t know or don’t want to read our other articles, basically an HTTPS site makes your website more secured so hackers can’t access any information. If you need your site updated, contact us, we can do it for you.
Have your policies and procedures written out on how you collect and use personal information
Create a simple document explaining how you will delete and protect personal information and what you will do if your website is hacked.
Make sure your email platform is GDPR compliant
Most email platforms are compliant but it is your job to make sure! Go to your email platform website and search “GDPR Compliant.” If nothing shows up, call them, and maybe consider finding a new platform.
Remove emails that are not GDPR compliant
I hear you groan and say, “But my email list will get smaller!” Yes, yes it will, and it will be a list of emails that want your information and your product(s). You will get better leads, as well as improved open and click rates. Doesn’t that sound better than having a long email list with no leads, bounce rates, and smaller open and click rates? Go into your email platform and delete all emails that are not compliant with GDPR. And who knows, some email platforms charge less for fewer emails, so you could save money too!
I hope this list has helped you understand how GDPR can help with your email marketing and get your business to become compliant. If you need any help with your email marketing, let us know. We are here to help!