GDPR for Marketing: The Definitive Guide for 2018

GDPR for Marketing: The Definitive Guide for 2018

Post summary:

  • How does GDPR impact marketing?
  • Why GDPR is an opportunity for marketers
  • Nine practical tips on GDPR for marketing teams

In today’s connected world, personal data is being collected at an incredible rate.

The websites you use, the calls you make, the places you visit and even the photos you take are all recorded, measured and leave a digital footprint – a footprint that is fast becoming a prized resource.

In May 2017, The Economist called personal data “the world’s most valuable resource’ ahead of oil, because of how much it now informs the way companies communicate with their customers and how it positively impacts customer experience.

However, because personal data is so valuable, it’s vulnerable to theft or misuse and this has led to consumers demanding to know how companies use and store their personal data. This is because, overall, consumers are not convinced companies are doing enough to protect them.

A 2016 Consumer Privacy study by TRUSTe/NCSA found that 92% of online customers cite data security and privacy as a concern. While, according to a report published by the Chartered Institute of Marketing, 57% of consumers don’t trust brands to use their data responsibly.

Another concern  is that Symantec’s State of European Privacy Report found that 90% of businesses believe it’s too difficult to delete customer data and that 60% (!) do not have the systems in place to help them do so.

Clearly, there’s significant disconnect between consumers, their personal data and how the companies that collect it, use it.

Challenges organizations face if customers ask to have their data modified or deleted

It’s even more concerning when it comes to GDPR for marketing as 41% of marketers admit to not fully understanding both the law and best practice around the use of consumer’s personal data.

That’s right!

The people that use customer data the most don’t fully understand how they should use it.

It’s clear that something needs to be done to regulate the management of personal data, to protect consumer interests and police the companies that collect, store and use the data.

This is why in 2018, the European Union introduced GDPR – a new set of laws designed to safeguard personal data and inform the decisions of marketers in all member states.

What is GDPR?

The General Data Protection Regulation (GDPR) is a new digital privacy regulation that was introduced on the 25th May, 2018. It standardizes a wide range of different privacy legislation’s across the EU into one central set of regulations that will protect users in all member states.

Put simply, this means companies will now be required to build in privacy settings into their digital products and websites – and have them switched on by default. Companies also need to regularly conduct privacy impact assessments, strengthen the way they seek permission to use the data, document the ways they use personal data and improve the way they communicate data breaches.

And, because it’s a regulation and not a directive, it is legally binding – meaning it cannot be opted out of, or ignored. In fact, failing to comply could lead to fines of up to €20 million or 4% of your global turnover!

So, it’s fair to say that the EU is taking this extremely seriously.

Why introduce GDPR now?

GDPR is ‘the most far-reaching change to data protection in a generation’ and is a dramatic shift in the way the EU wants personal data to be managed.

The EU’s new approach to online privacy puts individuals first, believing they should be protected and empowered, rather than exploited or ignored.

This new approach to data protection is the EU’s way of keeping companies big and small more accountable for their actions. EU regulators believe that companies have been exploiting personal data for their own gain and aren’t being transparent about how they were using it. GDPR has been designed to end all that and put the power back in the hands of the consumer.

But, why introduce it now?

The main reason for introducing this now is because the current EU data privacy regulations are still based on a document that was first adopted in 1980 (later updated in 1995).

This means that the data privacy principles that the EU works are outdated on don’t include considerations for social media, smartphones, or even advanced web technology (i.e Artificial Intelligence, Virtual Reality, etc).

Plus, the current regulation is only a directive, so companies (and countries) could easily opt-out.

From 25th May, 2018 this has no longer been the case.

While consistency in data privacy regulations across Europe should be good news for all marketers, GDPR also comes with quite a few challenges that impact marketing teams – especially marketing teams that communicate to customers based in the EU.

How does GDPR impact marketing?

On the surface, GDPR might seem extreme, especially for smaller businesses or solo-practitioners.

Realistically though, there are only 3 key areas that marketers need to worry about – data permission, data access and data focus.

Let’s take a look at each of these individually.

GDPR and marketing

1. Data Permission

Data permission is about how you manage email opt-ins –people who request to receive promotional material from you. You can’t assume that they want to be contacted. In the future, they need to express consent in a ‘freely given, specific, informed, and unambiguous’ way, which is reinforced by a ‘clear affirmative action’.

Wait, what does that mean?

In practice, this means that leads, customers, partners, etc. need to physically confirm that they want to be contacted. You need to make sure you’ve actively sought (and not assumed) permission from your prospects and customers, confirming they want to be contacted. Therefore, a pre-ticked box that automatically opts them in won’t cut it anymore – opt-ins need to be a deliberate choice.

For example, instead of assuming that visitors who fill out a web form want to receive marketing emails from SuperOffice (left), we now ask visitors to specifically opt-in to newsletters by ticking the sign up box (right).

GDPR compliant forms on website The only caveat is when it comes to refer a friend programs.

In most cases, refer a friend programs work when a prospect or customer enters a friends email address in order to claim an offer (i.e. a discount, sale, bonus, etc). Once they have entered a friend’s email address, an email is automatically sent from the company to the “friend” without gaining explicit consent to contact them. These emails are typically “notifications”, rather than promotional.

Providing this data is neither stored or processed, then it is considered GDPR compliant.

However, if the data is stored and used for marketing communications, then you are in violation.

To be clear:

No marketing communication is to be sent out to the referee’s email address.

2. Data Access

The right to be forgotten has become one of the most talked about rulings in EU Justice Court history. It gives people the right to have outdated or inaccurate personal data to be removed and has, in some instances, already been implemented by companies like Google, who were forced to remove pages from its search engine results in order to comply.

The introduction of the GDPR offers individuals a method to gain more control over how their data is collected and used – including the ability to access or remove it – in line with their right to be forgotten.

As a marketer, it will be your responsibility to make sure that your users can easily access their data and remove consent for its use.

Practically speaking, this can be as straightforward as including an unsubscribe link within your email marketing template and linking to a user profile that allows users to manage their email preferences (as shown in the example below).

Subscription management settings inline with GDPR compliance

Of course, it sounds easy enough.

Yet our own research of 4,500 email campaigns found that 8% of all emails do not include an unsubscribe link!

3. Data Focus

As marketers, we can all be guilty of collecting a little more data from a person than we actually need. Ask yourself, do I really need to know someone’s favorite movie before they can subscribe to our newsletter?

Probably not.

With this in mind, GDPR requires you to legally justify the processing of the personal data you collect.

Don’t worry; this is not as scary as it sounds.

What this means is that you need to focus on the data you need, and stop asking for the “nice to haves”. If you really need to know a visitors shoe size and inside leg measurement, and can prove why you need it, then you can continue asking for it. Otherwise, avoid collecting any unnecessary data and stick with the basics.

The cost of failing to comply

The deadline for GDPR has now passed and many businesses are already in “panic mode” to make sure they’re compliant. The trouble with this is that this leads to mistakes.

And these mistakes can be costly.

Especially as the Information Commissioner’s Office (ICO) has started to clamp down even harder on the misuse of personal data.

In fact, the ICO has already reported three incidents that involve household brand names who tried to use well-known email activation strategies to reach out to their database. The campaigns, which were sent out by Flybe, Honda and Morrisons, asked customers if they wanted to be contacted by email and to update their preferences.

How did they contact their customers, you might ask?

Well, they contacted them by email – even those customers that had previously opted out.

And this is a serious breach of compliance.

1. Flybe fined £70,000

In August 2016, Flybe sent an email to 3.3 million people in their database with the subject line “Are your details correct?”

It sounds like a smart strategy in theory, but unfortunately, these 3.3 million people had previously opted out (unsubscribed) to marketing emails and thereby gave no consent to be contacted.

Flybe fined for not being GDPR compliant

Source

The result? A fine of £70,000.

Key take away: If your customers have opted-out of marketing emails, don’t email them – it’s as simple as that. You are breaking the law if you do.

2. Honda Motor Europe fined £13,000

In a separate incident, Honda Motor Europe sent an email to 289,790 subscribers between May and August 2016 asking their database “would you like to hear from Honda?”.

This email was sent in order to clarify how many of the 289,000 subscribers would like to receive marketing emails going forward. But, once again, this email was sent to individuals who had specifically opted out.

This mistake earned Honda a £13,000 fine as a result.

Key take away: If you do not have explicit consent to email your customers, then don’t email them! Even asking for consent is classed as marketing and is in breach of the upcoming GDPR regulations.

3. Morrisons fined £10,500

In late 2016, UK supermarket chain Morrisons re-launched their “Match & More” loyalty program.

In a bid to get more members to take advantage of their offers, they sent out an email to all 230,000 members from their database, asking subscribers to update their account preferences. Unfortunately, this included 131,000 subscribers who had previously opted out and unsubscribed.

This slip up led to a fine of £10,500.

Key take away: In this case, it was the customer that reported Morrisons to the ICO. So, you have to be 100% sure that the subscribers you send an email to have opted-in. Now that customers are taking action into their own hands, you have to be even more careful.

These three examples should act as a clear warning sign to businesses – both big and small – to make sure you’re doing things right ahead of May 2018.

Who is affected most by GDPR in marketing?

If you have customers, then everyone inside your company will be affected by GDPR.

But, in the marketing department, there are three roles that will see the biggest change in their everyday work.

Let’s take a closer look at who this affects and how.

1. Email marketing managers

For B2B marketers, email addresses are the lifeblood of lead generation programs.

Often considered the start of the sales process, a user that willingly gives you his email address in exchange for more information, such as signing up to your mailing list or downloading a piece of content, is known as an “opt in”.

This is in stark contrast to firms that buy email lists or scrape (or copy) them from a website. Under the new GDPR regulation, buying lists (or scraping them) will be strictly forbidden.

Ensuring users opt-in to your B2B email marketing campaigns and give consent to be contacted is now a GDPR requirement for email marketing and you can no longer automatically add them to your email list and then waiting for them to opt out.

2. Marketing automation specialists

Marketing automation can be extremely powerful tool.

But, it can also land you in trouble with GDPR if not set up correctly.

If your marketing automation system sends out emails on behalf of your CRM system, then you could be facing eye-watering penalties from the ICO if an email is sent automatically to someone who has opted out.

You need to make sure that every name in your CRM database and every email in your automation system has given you permission to market to them. And, if someone opts out of an automated email sequence, that the two systems are updated to ensure that no further emails are sent. And no, having the next email already scheduled is not a valid excuse.

3. Public relations execs

Pitching new product releases or company information to journalists is no different than marketing to an employee of a business. While it’s possible that the liability for this consent will lie with media databases such as PRweb and MyNewsDesk, journalists will still have to give consent to be contacted by you instead of the traditional email outreach program.

This consent could be given through platforms like HARO, where journalists are asking you to contact them, or through requests made on social media platforms. So if you’re not on those platforms yet, now is the time to sign up!

Of course, if a journalist reaches out to you directly, they’ve expressed interest in talking to you.

GDPR is a golden opportunity for marketers

At this stage, you’re probably thinking that the way you do business will never be the same again.

But, there’s no real need to worry.

Sure, GDPR does sound intimidating and the fines issued by the ICO are enough to make you rethink your entire marketing strategy. But, in reality, this new legislation isn’t a set-back. In fact, it’s a great opportunity for you to do what marketers do best – that is create targeted marketing campaigns with people that are engaged with your brand.

Here’s why:

1. Gaining Consent

With GDPR, you need explicit consent to use an individual’s data. Your customers can also ask you exactly what information you have on them, who it is shared with and the purpose it has been used for.

The opportunity here lies in the fact that instead of a simple yes or no option when asking customers about data, you can now provide them with a range of options so that they can find out what they’re interested in. Through consent, you can gain insight into each individual’s interests to provide them with information that they want to receive.

This not only helps to be compliant with GDPR, but it also helps you further segment your customers and focus your communication based on specific interests, rather than sending a “one size fits all” email campaign.

2. Right to be Forgotten

Under GDPR, every individual has what’s called the “right to be forgotten”.

If requested by a customer, your business will need to remove all data you hold on that specific individual, across the whole organization. If you keep data in different places for different purposes, then this can cause issues.

The solution to this is to have a single platform that hosts the consent record of every single user. Having a single platform, like a CRM system, will help you keep track of all your permissions data and ensure you’re GDPR compliant.

The advantage of having a single platform is that it gives your customers the opportunity to switch consent on and off, for different purposes. This, in turn, gives you the opportunity to learn more about your customers and target them with more specific or relevant campaigns.

3. Transparency

People do business with other people (or organizations) that they know, like, and trust. Building trust comes through projecting transparency. You have to be upfront and honest about who you are and what you’re doing.

A study by Harris Interactive found that 93% of online shoppers cite the security of their personal data as a concern. You can overcome these concerns by being transparent with data. You need to demonstrate that an individual’s data is being treated with respect and held securely. If you can do that and show that you have your customer’s best interests at heart, then you will strengthen both trust and engagement with your customers.

9 practical tips on GDPR for marketing

In January 2017, Osterman Research, Inc published a paper and found that 73% of businesses are not ready to satisfy the compliance obligations of the GDPR. While a 2016 study by Symantec found that 23% of businesses feel they will only be partly compliant by the May 2018 deadline.

The good news is that if you’re still not sure if your business are GDPR compliant, we’ve created a short checklist that includes 9 practical tips to help you get closer to meeting the requirements.

  • Audit your mailing list. According to a study by W8 data, up to 75% of marketing databases have become obsolete from GDPR and only 25% of existing customer data meets GDPR requirements. Therefore, remove anyone where you do not have a record of their opt-in. For new subscribers, make sure that the potential subscriber confirms that he or she wants to join your mailing list by sending an automated email to confirm the subscription.
  • Review the way you’re collecting personal data. Are you still buying mailing lists? If so, now might be the time to start fresh with a new mailing list. In the UK, pub chain JD Whetherspoon took the unprecedented step of deleting their entire email marketing database (more than 650,000 email addresses). In a letter from their CEO (shown below),  John Hutson informed customers that all customer emails will be securely deleted. While that might be a terrifying prospect for some, it’s something to consider as you will then be guaranteed with a list of engaged and interested readers.

JD Whetherspoon deletes email marketing database

  • Do you create content that is tailored to your potential customers? Invest in a content marketing strategy by creating white papers, guides and eBooks that visitors can access and download in exchange for them sharing their contact information.
  • Invite visitors to add themselves to your mailing list by launching a pop up on your website. You can keep your mailing list neatly segmented by creating specific pop ups for product news, blog posts and general company news. Just remember to link to your privacy policy though, to ensure compliance – like we have done with our GDPR website pop up.

GDPR compliant website pop up

  • Educate your sales team about social selling techniques. Essentially, sales reps should connect with prospects on social media and share relevant content – rather than trying to reach new prospects by email.
  • The time for using Google docs or Excel spreadsheets to store customer data is over. Start centralizing your personal data collection into a CRM system. And make sure your users can access their data, review its proposed usage, and make any changes as necessary.
  • Understand the data you’re collecting in more detail. Is it all necessary, or are there elements that you can do without? When it comes to sign up forms, only ask for what you need, and what you will use. For B2B marketers, full name, email address and company name is usually more than enough.
  • Try using push notifications. A push notification is a pop up message that appears on a desktop or mobile device. Marketers can use push notifications to send a message to subscribers at any time. However, unlike email marketing campaigns, push notifications do not process personal data (IP addresses are anonymized) and users are required to give explicit consent in order to opt-in and receive notifications.
  • Update your privacy statement.  Review your current privacy statement and amend the statement accordingly to comply with GDPR requirements. Is the content in your privacy statement difficult to read? Or are you purposefully using terminology so that potential customers do not know what they are signing up to? If so, rewrite it and make it easy to read – like we have done here.

Conclusion

 

GDPR is a big change to the way in which companies operating in EU countries handle personal data, with fines of up to €20 million if you fail to comply. That’s why it’s important for you to seek advice from a lawyer as to what is or is not a legal requirement for your business.

Remember, GDPR hasn’t been designed to stop businesses from communicating with their customers. GDPR will lead to an increase in data quality, which is why the best and most resourceful marketers are seeing the bigger picture in that it’s an opportunity to delve deeper into the needs of their prospects and customers, rather than using the traditional “one-size-fits-all” approach to marketing.

That being said, the rules for GDPR compliance are quite simple – don’t contact someone unless they specifically ask to be. Don’t assume they want to hear from you. Don’t cold contact them, and don’t send them irrelevant information that they didn’t request.

If you can do all that, then you’re on your way to being GDPR compliant.

Is your marketing team ready for GDPR?

P.S. If you enjoyed reading this post, you can share it easily here.

GDPR for Customer relationships

Disclaimer: The content in this blog post (including all responses to comments) is not to be considered legal advice and should be used for information purposes only.

Marketing

About Steven MacDonald

Steven MacDonald

Steven Macdonald is a digital marketer based in Tallinn, Estonia. Steven has been creating blog content writing since 2010 and has appeared as a featured writer for Content Marketing Institute, Marketing Profs and Smart Insights. Since working with SuperOffice, he has led the growth from 0 to 2 million visitors per year. You can connect with Steven on LinkedIn and Twitter.

115 Comments

Darren Revell

about 1 year ago

Amazing read Steven, thanks for your hard work. I work with recruiters and there seems a theory that you must by the 25th of May next year re-ask the people you hold data on for a new GDPR compliant permission to market to them. By way of an example a 5 year old recruitment firm might have 30,000 candidates in its CRM, 80% of it maybe for candidates they did not place, but held onto the data as they may suit future jobs. Is there anything you can share on that?

Reply

Steven MacDonald

about 1 year ago

Hi Darren. Thanks for the comment and I appreciate the kind words. This is a great question! Personally, I would only store candidates that I have consent from. This way, you can be 100% confident of being GDPR compliant.

Reply

Simon Neal

about 1 year ago

Really interesting and eye opening read. Implications are potentially huge, especially with the much spoken about UK ICO "Public know your rights" campaign !

Reply

Steven MacDonald

about 1 year ago

Completely agree, Simon!

Reply

Kevin Nightingale

about 1 year ago

Hi Steven, I'm updating sign-up forms on my company site and found your article really helpful. Thanks!

Reply

Steven MacDonald

about 1 year ago

Thanks, Kevin! This is exactly why I wanted to share this new post - to provide helpful tips to marketers working with GDPR.

Reply

Roman

about 11 months ago

Hi! What about advertising? Especially about remarketing campaigns? And one more question - this great article was posted 8 September, 2017. But comments - "about 1 month ago"??

Reply

Steven MacDonald

about 11 months ago

Great question, Roman! GDPR shouldn't impact marketing retargeting campaigns, as these campaigns are retargeting to anonymous visitors. As for the date, we continue to update this article based on new information that is published on the GDPR. Hence comments from the past.

Reply

Will Broadfoot

about 11 months ago

Hi - interesting article but doesn't address the B2B marketing world, where the key consideration is 'legitimate interest' rather than expressed opt-in. Would be nice to see a follow-up on this? Cheers

Reply

Steven MacDonald

about 11 months ago

Great comment, Will. I'll get right on it!

Reply

Ash

about 9 months ago

Great read, Steven! As we are moving to a world of positive opt ins, if our current consent process and audit trails originate from automatic opt in (tick boxes to opt out), would we then have to re-permission all of these records or can we still use that original consent?

Reply

Steven MacDonald

about 9 months ago

Thank you. Ash! At SuperOffice, we're going to use original consent and not re-permission. However, just as with anything GDPR related, I do recommend you seek legal advice on how you communicate to your opt-in list, just to be sure.

Reply

sian

about 9 months ago

this may sound a daft question but if you have been using a database that contains opt outs - is it okay to mail those that havent specifically opted out to ask them if they are happy to hear from you? Also existing customers who have signed a joining form that expresses we will be contacting them with relevant information (some signed it many many years ago) - does that allow us to continue to contact as it is a membership agreement or do we need to go back to all customers (ie members) to ask for permission? many thanks

Reply

Steven MacDonald

about 9 months ago

Hi Sian, There's no such thing as a daft question when it comes to GDPR. My comments below. 1. As long as a subscriber has not officially opted-out, it should be OK to send an email asking if they are happy to continue hearing from you. 2. For customers, you have every right to contact them. However, you should also allow them to choose the type of communication they receive, rather than send them all of your campaigns. Things like product updates, changes to T&C's etc, will be fine. And as always, I recommend speaking with someone on your legal team, just to clarify. Hope these answers help.

Reply

Catriona

about 9 months ago

Great post, thank you. A question for you - we have some corporate customers who email us directly with product orders. Each individual product ordered relates to one of their employees. So they also email us each employee's email address. We then email the product to the individual employee and we also manually enter each employee into our CRM to market to them. That email address is usually the employee's company email address, but sometimes is a personal email address. So.... would an order for employees placed by an employer be deemed 'consent' to email those individuals marketing information? Also, where an individual who doesn't yet exist on our database orders from us online, is that consent to email them in the future? ie. is a purchase consent? Or do they have to have some sort of tickbox like we will have for marketing signups? Confusing! Thank you so much!

Reply

Steven MacDonald

about 9 months ago

Hi Catriona, thanks for commenting. Great question! It does sound confusing, which is why unfortunately, I'm not sure I can give an answer here other than to speak with your legal team.

Reply

Joris

about 8 months ago

In your post you refer to the explicit opt-in.... doesn't your slide-in popup needs a tick box then to ask for this consent?

Reply

Steven MacDonald

about 8 months ago

Great comment, Joris. Fortunately, pop ups don't require a tick box as it falls under "freely given consent" and is a deliberate choice from a prospect or customer. The example in the post refers to contact forms that come with a pre-filled tick-box. In those case, users need to explicitly opt-in.

Reply

Ylva Ljungqvist

about 7 months ago

Great read Steven, Thank you! A question related to social media and Facebook/Insta specifically. Will it still be legal to upload your "old customer email database" to Facebook to create custom audiences and target ads to current customers on FB and Instagram? Assuming you haven't specified this use of the email addresses when they were collected.

Reply

Steven MacDonald

about 7 months ago

Hi Yiva! Marketing to customers in a post-GDPR world is possible, providing they have ways to opt-out. So in this case, you might want to include settings on your marketing communications page that allow customers to opt-out of receiving ads on social platforms.

Reply

Paul T

about 6 months ago

Hi Steven, We have a current list of subscribers all opted-in when registering for an account on our eCommerce website. These subscribers were a single opt-in (no confirmation email). These subscribers have been accumulated over a number of years. All subscribers have the option to update their subscription in their "My Account" section of our website as well as being able to unsubscribe at the bottom of all our email campaigns. Our question is: due to the new rules, do we need to do anything with our current list of subscribers? Do we need to send them an email asking to confirm their subscription? There are many references online that state this isn't necessary for existing subscribers, however going forward ALL new subscribers must have a "double opt-in" email verification.

Reply

Steven MacDonald

about 6 months ago

Hi Paul. You nailed it with your last comment. It's not necessary to re-confirm opt-in if you have sent those subscribers marketing messages in the past. However, as you write, going forward all new subscribers must opt-in to receive emails from you.

Reply

Sam

about 6 months ago

Hey Steven, I'm planning to run a giveaway on my website. To enter the giveaway the person has to enter their email address which they need to confirm via double opt-in. On the confirm email I have the following wording: "Thanks for entering "[name]". To receive your first entry you must confirm your email. By confirming you also get to receive the VIP Money Nest newsletter, we email twice a month showcasing the key financial lessons never taught in school. Plus we also interview readers breaking down exactly how they've managed to retire way before the norm, oh and occasionally giveaway books! Of course, you may unsubscribe at any time (link to privacy policy). We hate spam and never share your details with anyone. **Link: Confirm entrance & get VIP Money Nest Newsletter** Regards, [site_name]" Naturally we won't email anyone who didn't confirm their email, is this compliant? Many thanks.

Reply

Steven MacDonald

about 6 months ago

Hi Sam, I'm no legal expert, so I recommend you run this past a professional. But, here's my take on it: If you run a giveaway, the person who opts-in to the give away is not opting in to receive newsletters from you. This is a different opt in and thus, in my opinion, not compliant with GDPR. Do seek support from a legal team though, to be sure.

Reply

Sam

about 6 months ago

Now what about if I didn't mention the email newsletter in the confirmation link but simply had some small print saying you give consent to be emailed marketing messages twice a month when you confirm your email for the giveaway? The difference is this time it's not so obvious? And the confirmation link doesn't mention agreeing to marketing messages. Thanks, Sam

Reply

Steven MacDonald

about 6 months ago

In my opinion, you should only add new subscribers to an opt-in list if they specifically tick a box agreeing to sign up for newsletters.

Reply

Sam

about 6 months ago

Thanks Steve, What about previous giveaway's I've run in the past which marketing emails have previously been sent to. Can I continue to email these people or do I need to get them to re-opt in? Sam

Reply

Steven MacDonald

about 6 months ago

You're welcome, Sam. If you have previously sent them email campaigns, then you should be OK to continue to market to them - providing they can opt-out at any time.

Reply

Sam

about 6 months ago

Thanks Steve much appreciated. Sam

Reply

Paul Dale

about 6 months ago

Hi Steven, great post. Over the past 6 months I have been building up a list of potential new customers/contacts to target. I have done this through LinkedIn, company websites etc and then sent targeted e-mailers. None of the new customers had ever had to opt-in to receiving my e-mailers. Am I right to assume once the regulation is in place in May I can send a very brief email with a form (as per your suggestion in the Data Protection selection of this post) and would therefore be doing nothing outside of the new regulations? Another question is say you have 'X' amount of current customers that exist of your CRM database and they opt out, can you still hold there data but just not send them e-mailers? Thanks Paul

Reply

Steven MacDonald

about 6 months ago

Hi Paul, providing you have consent to store their information, then you can keep their data in your CRM system if they opt-out of marketing messages.

Reply

Gina black

about 6 months ago

My company have asked me to keep email addresses and if we’ve not heard from them in 3 mths to go back to them by email to see if they’d like more information. I’ve not got any consent to hold this data. I guess this will be a no no under GDPR!

Reply

Steven MacDonald

about 6 months ago

That's right, Gina. GDPR is all about consent. Without it, you cannot store or communicate with them.

Reply

Martin

about 6 months ago

Hi Steven, We have a database of active and inactive patients. So we should be doing work now to get the active patients to expressly opt in to being contacted for X Y and Z. With those which are inactive, we occasionally try to contact them with re-activation e-mails or texts (excluding those which have already opted out), but will we be able to do this post 25th May? Will we need to contact them all before this date to ask for them to expressly opt in and only send out reactivation e-mails and texts to those which have opted in post 25th May? Many thanks in advance.

Reply

Steven MacDonald

about 6 months ago

Hi Martin, thanks for leaving a comment. If you have sent email campaigns to your patients in the past, then it should be OK to continue sending campaigns to them in the future. If they have opted out, then you should remove them from your mailing list.

Reply

Martin

about 6 months ago

So where a relationship already exists we can continue to contact people (whether active or inactive) without having their explicit permission, but offer the opt out whether it's on e-mail or text? Should we be concerned with the old active/inactive patients and getting them moved across to the new explicit permission? With new patients we will need to be compliant with getting express permission moving forwards.

Reply

Kathryn

about 6 months ago

Steven - THANK YOU for this article. So... pop-ups don't require tick boxes? I read that in one of your comments above. All of my opt-ins come from people going to a landing page and clicking a link, which opens up a pop-up. There they can opt-in for the thing they want to opt-in for (a free checklist for example). On those pop-ups I have a disclaimer similar to the one in your "Try SuperOffice CRM for Free" sample image (the left-hand one, no box to tick), which tells them they are being added to my email list. Curious if you believe that suffices. I am hoping so! I help entrepreneurs who want online businesses but struggle with "the techie stuff," if that info is relevant. I'm a Canadian, so I am familiar with CASL (Canada's GDPR from what I understand) and doing my best to keep meticulous records of opt-ins and be compliant. This stuff can be scary for us solopreneurs!

Reply

Steven MacDonald

about 6 months ago

Hi Kathryn. You are welcome! And I agree, it can be scary. We're updating all of our web forms to be like the form shown on the right. This way, it's 100% clear that the visitor is opting in to receive email marketing campaigns. As for your pop up, I would include a checkbox. In my example, the pop up message was inviting people to sign up for email updates. If it was for a checklist or a white paper, then I would have included a checkbox.

Reply

Sarah Marsh

about 6 months ago

Thanks for this article - very useful. If I understand correctly, GDPR is all about marketing emails - so communication to existing customers is not caught by GDPR, provided that communication is not marketing anything - is that right?

Reply

Steven MacDonald

about 6 months ago

That's correct, Sarah. There's slightly different rules prospects and existing customers.

Reply

Adam

about 6 months ago

Hello Steven, Thank you for a very helpful article. I have a website where customers will be asked to opt-in at the time they register for an account. There will be a unsubscribe option on all emails they receive but we do also need to provide a facility within their account to enable them to update their communication preferences at any time?

Reply

Steven MacDonald

about 6 months ago

Hi Adam, thanks for the comment. That's a good idea! Although it's not a requirement, I do think that allowing your customers to choose the type of marketing messages they receive is the right thing to do. Plus, by segmenting your campaigns, you will see an increase in your email marketing response rates - see our case study here https://www.superoffice.com/blog/email-marketing-strategy/

Reply

David

about 6 months ago

Thank you for the article on GDPR and marketing, Steven. I found it a very interesting read and will pass it on to my colleagues. Thanks David

Reply

Paulo Rodrigues

about 6 months ago

Hi Steven. Excellent article on a subject that still creates some confusion. I am the owner of a small company that sells household goods through advertising on social networks such as facebook for example. 90% of sales are made over the phone. Calls are recorded and the customer is informed of the call recording. Some customer data is required to process the sale. There is no form for the client to consent to the registration of personal data, because everything is done by telephone. if during the call the customer is asked for his authorization for us to register the data, and once the call is recorded, will this procedure be sufficient to comply with the proof that the client authorized? What do you think about that? I'm really lost on this subject and I'll be grateful for your information. Regards

Reply

Steven MacDonald

about 6 months ago

Hi Paulo, thank you for the kind words. Glad you enjoyed the article. If your client accepts that his or her data is being entered into your system and that the call is recorded (and the customer is aware), I see no reason why this shouldn't comply with GDPR.

Reply

Helene

about 6 months ago

Hi Steve, Great read! I have gathered quite a few leads for my newsletter through Facebook lead ads. However, it is not possible to delete the leads gathered from the lead form. If a user chooses to opt out in the future, it is still possible to download the lead ad list from Facebook, where their information is still stored. I understand GDPR is all about enabling users to completely removing themselves from a company's database. Do you know if it is still GDPR friendly that the leads are stored in Facebook, as long as they're deleted from the CRM system? Thanks!

Reply

Steven MacDonald

about 6 months ago

Hi Helene, that's a great question. To be honest, I don't know the answer. Have you reached out to Facebook? If so, what did they say?

Reply

John Andrew Hazlewood

about 5 months ago

I have a team that sorts through hotel websites and when we find one that we think can use our service we search for the email address and send them an email. They have a contact page with an email so they are open to getting an email from us. Is that illegal?

Reply

Steven MacDonald

about 5 months ago

Hi John, I would seek out permission to email them first, before sending them anything. Perhaps you can try to call them and speak them on the go gauge interest?

Reply

Abby Clarke

about 5 months ago

Thanks a bunch for sharing this with all of us. You really helped me understand what GDPR is all about!

Reply

Andy Batty

about 5 months ago

Suppose i want to write to a prospective client and offer our services. i find the company is xyz ltd and the man's name is John Smith. Can i send him a one to one email if Ive guessed his email address is john.smith@xyz.co.uk i'm not adding him to a database but it would be a 'sales' email

Reply

Steven MacDonald

about 5 months ago

Hi Andy, sorry for the delay here - I've been getting this checked by our DPO. You can send an email if you guess someone's email address, proving you have established a legitimate interest. But, this email has to be sent on a one-to-one basis, and not part of a group email.

Reply

Gary Barnett

about 5 months ago

Hi - With the FlyBe example, if there had been no prize draw offer/sweeps or any kind of incentive, and this was just asking for an updating of, say "Contact details" and not marketing preferences, would that have been considered a breach I wonder? Many thanks - Great work!

Reply

Steven MacDonald

about 5 months ago

Hi Gary! The reason why FlyBe were fined was because they sent out an email to people who had previously opted out.

Reply

Jennifer Fernando

about 5 months ago

Awesome post. Thank your for sharing such a nice article on GDPR.

Reply

R Gilbey

about 5 months ago

Thanks Steven, pleased to see you are replying to comments. Currently we gather directors addresses from Companies House website, so info that's in the public domain and then add them to a posted mail merge which gets sent out periodically, if someone replies saying no thanks we take them off the list. Moving forward is this strategy okay to continue?

Reply

Steven MacDonald

about 5 months ago

Thanks, Richard, I'm trying my best! If someone asks you to take them off a mailing list, then you should honor their request. But, to give you a better answer on whether or not you can continue with this strategy, what do consider a "posted mail merge"?

Reply

James

about 5 months ago

Hi Steven, great article. Thank you. One question though, sometimes you get several pop ups when you browse the net, These pop ups are often adverts from a website you had previously visited. They dropped a java script cookie on you when you visited their site and so whenever you go online you get promotional pop ups and reminders so you can go back to their site and make a purchase. (This is effectively retargeting). Under GDPR, will this from of marketing be compliant.?

Reply

Steven MacDonald

about 5 months ago

Hi James, good question! Retargeting anonymous website visitors should be fine.

Reply

R Gilbey

about 5 months ago

Sorry, I don't appear to be able to launch the reply button to your response, regarding your reply, we consider a posted mail merge to be a one page letter printed and posted with a prepaid business response envelope.

Reply

Steven MacDonald

about 5 months ago

Thanks, Richard. To be honest, I'm not sure if this is compliant under GDPR. I don't know how it impacts direct mail.

Reply

Jennie Holmes

about 5 months ago

Wish I had found this earlier! One of the best pieces of content I've read around GDPR. Thank you.

Reply

Steven MacDonald

about 5 months ago

Thanks, Jennie! And a special thanks for including our examples on webforms in your GDPR article (I've just shared it now!)

Reply

Michele

about 5 months ago

Hello Steven, I create databases of potentional customers from websites, linkedin etc, and always try to get the name of the marketing manager or director, and then we send out our company brochure. We have a return address envelopes, and also in the letter we have a statement saying that if they no longer wish to receive information then to email us and we will remove them from our database. Is this enough, or am I only allowed to send the brochures to the company and not a named person?

Reply

Steven MacDonald

about 5 months ago

Hi Michele. To be honest, I'm not 100% sure on this. I suggest sending these brochures to a company, and not a person. But, I recommend checking with a legal team just to be sure as it might be fine the way it is.

Reply

Claire Towler

about 5 months ago

HI Steven I work for firm of accountants. We have used a company called BvD who have various platforms to collect data from, Fame/Mint/Zypher. We have used this platform in the past to put a database together to contact potential clients and we pay to use this. On the BvD Mint welcome page, you are gives you all the tools you need to create these mailing lists. I am presuming they have sought consent from all the companies listed to be contacted by third parties for marketing purposes. Should I be seeking the relevant consent documents from BvD, in order comply with GDPR or as of 25 May should we not be attempting this kind of marketing exercise? I look forward to receiving your comments. Thanks

Reply

Steven MacDonald

about 5 months ago

Hi Claire, great question! I strongly recommend you seek out documented consent from BvD if you plan to continue with these activities and want to comply with GDPR.

Reply

Declan Brennan

about 5 months ago

With the new GDPR guidelines coming into place in the next couple of months, I was just hoping for some clarity in relation to photographs, now that they are considered data. On various nights we have a photographer come in & take images of people in the club. Some of the images people are posing & are aware of their photo being taken, and sometimes there are panning shots of the bar to capture people in a more natural state. We upload these images to Facebook, to help promote the bar. If any person has a particular issue with any of the images we immediately remove them. So, my question is whether we can continue to have a photographer take these style of shots? It would be nigh on impossible to stop every subject and ask for a model release form for any potential commercial use?

Reply

Steven MacDonald

about 5 months ago

That's a good question, Declan. To be honest, I don't know how this will be impacted by GDPR. Have you sought out legal advice?

Reply

Pam Neave

about 5 months ago

Hi Steven, For the past 15 years I have organised weekend sewing retreats 4 times a year at a hotel. I have a database/mailing list with approx 250 peoples names, adressess, phone numbers and email contact. I have never passed these details on to another person or organisation and always BCC when emailing. Most of my 'regulars' are now firm friends. Sometimes 'newbies' contact me to ask for info about the retreats - they hear about my weekends from their friends, sewing groups etc. I don't have a website and I don't advertise - it's all done by word of mouth or by me meeting and talking to people. On the rare occasion when someone has said that they are no longer interested in receiving info I have removed their details from my list. These days I contact my list by email to tell them what's on at the next retreat and to ask if they want to book. Do I need to use GDPR for a) my current list and/or b) new contacts. It's a daunting thought so I'm hoping you say NO................ Hopefully Pam

Reply

Steven MacDonald

about 5 months ago

Hi Pam, great question! If you're the sole owner of this data and you store it securely, then you should be fine to continue as is.

Reply

Pam Neave

about 5 months ago

Hi Steven Thank you sooooo much for your advice. You're a star.....what a relief! Pam x

Reply

John Farmer

about 5 months ago

Good article, One company I work with sells to 4000 firms over the phone. All marketing opt ins are given over the phone and logged by the telesales rep. Wondering how to deal with this in the GDPR world. The customers are giving positive consent but in a phone call. Customers can opt out of emails when they receive them of course. Anyone else have this situation or know how best to address?

Reply

Steven MacDonald

about 5 months ago

Hi John, I recommend following up by email to each person who opts in, whether that's a "thank you for subscribing" email or a "double opt-in/ verify your email address" email. This way, you're recording their opt in digitally.

Reply

Rainer Eck

about 5 months ago

Hi Steven, great article. Thank you for the listed details, very helpful. Your post and explanation helped us a lot to be GDPR ready and complaint. Thanks again! Rainer

Reply

Vitalii

about 5 months ago

Thanks for this summary!

Reply

Greg d'Aboville

about 5 months ago

Thanks for sharing your experience! Just a quick remark: I don't see any link to your privacy policy in your website pop-up (at least in the screenshot).

Reply

Steven MacDonald

about 4 months ago

Thanks for commenting, Greg. The good news is that the copy underneath the sign up button links to the privacy statement.

Reply

Konstantinos

about 4 months ago

What if i have a contact form that requires the visitor to accept my privacy policy by checking the box, if i cannot prove that at the time of the data submission the customer has accepted the privacy terms. In other words, in case of an audit, how can i indicate that the messages i have received after a date are done using the opt in check box?

Reply

Steven MacDonald

about 4 months ago

Good question, Konstantinos. Where is the data from the contact form sent? Can you include a digital record as soon as it has been stored?

Reply

Elaine Hepple

about 4 months ago

Fab article - I only wish I knew about GDPR when I started building my email list in November. I am an author and I have used multi author giveaways, and a company called Instafreebie to build my list. My ESP is Mailjet and I have had a lot of frustrating back and forth over the past few days about the GDPR - they don't answer questions, but send me links to their policies - which don't answer what I want to know. I have two questions, and I hope you can help. Above ^^ I read that people who are on your marketing list already don't need to be contacted, but Mailjet are telling me I need to contact legacy contacts to ask if they want to stay on my list. Is this true? I honestly don't think anybody will bother to respond to my email. I'm not sure I would bother. I have 5k subs right now, I might be lucky to end up with 5! Also, as an author I need reviews, so until now I have contacted book bloggers/reviewers to ask if they will read my book. Is this no longer allowed under the GDPR ruling?

Reply

Steven MacDonald

about 4 months ago

Hi Elaine, great questions and thanks for leaving a comment. I think if you were to ask 5 ESPs about GDPR, you would get 5 different answers. The truth is, it's difficult to have a clear answer. But, at SuperOffice, we've decided to continue to send email campaigns to subscribers without asking for permission again, as we've always included an unsubscribe link in our campaigns in case anyone wanted to opt-out. As for your outreach, you can continue to email bloggers/ reviewers, but on a one-to-one basis, not via email marketing campaigns (i.e. send the email from your personal mailbox, not an ESP solution). Hope this helps!

Reply

Jess

about 4 months ago

Hi Steven, Thanks for putting together an excellent and easy to understand resource for marketers. One area where I am not clear: Part A) if someone fills out your general contact form requesting information on a service, do they need to check off a box saying they agree to receive information from you or is this implied consent? In this case, the email may be stored via wordpress (or a back up like mailchimp), BUT you don't send them newsletters or promotions outside of your exchange? Thanks! Part B) If the above situation has an autoresponder with an unsubscribe option, is it then considered compliant? Thanks!

Reply

Steven MacDonald

about 4 months ago

Thanks, Jess! So, to answer your questions: A) If someone checks a box saying they want to receive information from you, then you can send them newsletters. If they fill out a form, but don't check the box for you to send emails, you cannot send any to them, but you can store their details. B) Personally, I would only send out emails if someone has explicitly opted-in to receive them, regardless of whether they are manual or automatic. Hope this helps!

Reply

Hazel

about 4 months ago

Hi I target companies from linked in public information, like to send an email (Company) email address as an introduction and include our brochure and ask if they would like to chat more? Is this still ok to do so under GDPR?

Reply

Steven MacDonald

about 4 months ago

Hi Hazel, I've just published a piece on email outreach and sales. Hopefully you can find the answer here: https://www.superoffice.com/blog/gdpr-sales/

Reply

Darren

about 4 months ago

Great post Steven. Most of GDPR seems straightforward but I have 3 Q's 1) we have 10,000+ customer details on our CRM many of whom did not opt-in 7 or 8 years ago when they placed their first order with us, are we ok to keep them on our DB as they still order and can we continue to send them emails as we have done previously? 2) We send forms to other companies to take down their customer details. Should we put a basic GDPR opt in at the bottom of these forms for them i.e. tick here if you agree to receive ................... 3) For short data collection hard copy forms how can you incorporate a privacy policy or is this needed as it would be online. Obviously it is easier to add this online as they just click a link but a paper copy is different and may not fit in all that privacy copy

Reply

Steven MacDonald

about 4 months ago

Thanks, Darren! 1. Yes, it's OK to send newsletters to customers, providing they have the option to unsubscribe from them. 2. Yes, you need to include a tick-box on these forms and make it clear what you do with their data. 3. Good question. Unfortunately, I'm not sure how to handle that.

Reply

Caroline

about 4 months ago

Hi Steven, I freelance for a choral charity which runs a membership scheme. As part of their membership, people are automatically signed up for a monthly e-newsletter which carries news about the charity and the music sector, and also news about training events (this last element is promotional, obviously). It's also available to non-members through sign-up via our website, and we store names and email addresses only on Mailchimp - newsletter broadcast is the sole activity undertaken using this dataset; full membership records are held and processed on a separate system. The team member who's implementing GDPR compliance feels that re-consent to receive the e-newsletter isn't necessary as it's part of the membership "contract", and that from 25 May new members can still be added automatically by the membership secretary, as effectively the e-newsletter is included in the servicing of their membership. It's set to double opt-in, so any member who chooses not to confirm sign-up is free to ignore the notification sent - and they can unsubscribe with each issue, of course. I'm a little worried that this activity doesn't count as legitimate interest, and would actually fall under the lawful basis of consent, given the promotional aspect (am currently erring on the side of caution and requesting re-consent from all newsletter subscribers). What are your views?

Reply

Steven MacDonald

about 4 months ago

Great question Caroline. I'm not sure I have the answer here, so I recommend you contact a lawyer, just to be sure.

Reply

Sonja

about 4 months ago

Hi, Really interesting article, thank you! Quick question : If clients have connected with us on Linkedin does that count as consent to contact them by email, given they are making their email and contact details avail ?

Reply

Steven MacDonald

about 4 months ago

Great question, Sonja! It counts as consent to contact them, but not to add them to your email marketing list. More information on social selling and LinkedIn can be found here: https://www.superoffice.com/blog/gdpr-sales/

Reply

Sajjad

about 4 months ago

Hi Steven, Thanks for your great article. quick question: do we need to make any changes in our marketing tools implementations after the GDPR? in terms of how they collect their data. tools like Adjust, Amplitude, batch etc. Thanks in advance

Reply

Steven MacDonald

about 4 months ago

Thanks for the comment, Sajjad! The implementation might not change, but I recommend informing your audience about how you use their data.

Reply

John

about 3 months ago

Great article, quick question... This is all a bit confusing... does this GDPR regulation only affect EU opt-ins? In other words, if we're a USA based company with no offices in the EU, but we have some EU customers on our current email list (that bought through our web site) can we just sort out all of our non-EU customers and not have to worry about those (such as US based people)? Then just focus on getting clear permission from the EU folks? Thanks!

Reply

Steven MacDonald

about 3 months ago

Hi John. Interesting question! Firstly, if you have EU customers, then you need to comply with GDPR. And although GDPR only impacts companies that store data on EU citizens, it's only a matter of time before something like this is implemented globally. Therefore, I recommend you start preparing for that today.

Reply

Adam Sowden

about 3 months ago

Great article thanks. Question, do I need to contact my current database (Who have all opted themselves in) and ask them to take an action confirming they still want to hear from me? Or is the fact that they've opted in themselves enough to comply? Thanks

Reply

Steven MacDonald

about 3 months ago

Great question Adam! How did your current database opt-in? Did they check a box themselves to receive emails from you? If so, then you will be OK.

Reply

Heather Sequeira

about 3 months ago

HI Steven Can I still use my existing MailChimp email list of 900 subscribers? Collected via a pop-up on my website which specifically asks people to add their name and email to subscribe to a newsletter about PTSD research and my training courses. However, without a tick box. I did not have Double Opt-in function, so they are all single opt-in However, I do send an automatic "thank you for subscribing" email which contains an unsubscribe link. My MailChimp exported list has data in the opt-in time but not in the optin ip column. Really appreciate your thoughts Heather

Reply

Steven MacDonald

about 3 months ago

Hi Heather, thanks for contributing with a question. Yes, you should be fine in your current set up :)

Reply

Ann Daly

about 3 months ago

Hi Steven Great info here, thanks for making it 'friendly' My Q is, I have a database of 5000+ names and email addresses built up over the past 18 years of trading, they all receive a monthly newsletter via iContact, which has an opt out option. All opt outs are automatically deleted. Is it ok to continue this format and then from May 25th onwards any new contacts I add will be using an opt in format or do I need to contact all 5000 of them individually via private email and ask them to opt in? Thanks in advance

Reply

Steven MacDonald

about 3 months ago

Hi Ann, thanks for commenting. Personally, I would send them a repermission email to see if they would like to continue receiving emails from you in the future. Yes, you will most likely lose a large percentage of the 5,000 that are currently on your list, but at least the ones that do re-subscribe are interested and engaged in your product or services.

Reply

Emma

about 3 months ago

Hi Steven, this is a really good blog and answered a lot of questions I still had after attending a specific GDPR course. In terms of a freelance PR consultant who does no marketing and only holds B2B data that has been obtained via business card or meeting, is it within the regulations to continue to send press releases etc?

Reply

Steven MacDonald

about 3 months ago

Hi Emma, thank you! In this case, you might be OK to continue as you have been doing. How do you send out the press releases? Can recipients unsubscribe/ opt-out?

Reply

Emma

about 3 months ago

Thanks. I have not previously included an opt out/unsubscribe option but will add this in.

Reply

Alfred

about 3 months ago

Hi Steven what should be included in an affiliate website for GDPR? Thanks

Reply

Steven MacDonald

about 3 months ago

Thanks, Alfred! I've never worked with an affiliate site before, so I do not have any specific GDPR recommendations.

Reply

Phil Bland

about 2 months ago

Hi Steven, There ares some helpful answers in this forum. Maybe you can help me with this one too. I've sent connection requests to say c.30,000 LinkedIn members and c.10,000 have accepted my request to connect with them. They are now 1st degree connections in my network on LinkedIn. The vast majority, through their account settings, have agreed with LinkedIn that their email address is shared with 1st degree connections. As a result, I have the ability to export their email addresses outside of the LinkedIn platform. I understand that when doing so I would become the data processor in place of LinkedIn. If I want to reach out to these 1st degree contacts via email, outside of the LinkedIn platform, to market a new software product for example: First, am I allowed to contact them outside of LinkedIn at all in these circumstances? Or do I need to contact them within the LinkedIn platform? I'd prefer the former. Second, if I email, do I need to get express confirmation from them that they want to receive emails from me / my company about the product? Would this be considered as double-confirmation given we originally connected? Third, can I include marketing information in this email about the software product, in addition to the request for their assent? Finally, can you recommend any information sources which deal specifically with these questions? Thanks, Phil

Reply

Steven MacDonald

about 2 months ago

Hi Phil, Glad to hear that you're enjoying the piece. 30,000 requests? Wow, that's a lot of invites! To answer your questions: 1. Yes, you are allowed to contact them outside of LinkedIn. But, you should to contact them by phone first, before you send an email. 2. Connecting on LinkedIn is not consent to send emails. You can store their data, but if you want to add them to a mailing list, you need to get their consent. This can be done via your initial sales email or when on the phone. 3. You should not include marketing messages in your sales email. It should be a one-to-one sales email based on a legitimate interest. For more information on GDPR and sales or GDPR and email marketing, check out the links below: https://www.superoffice.com/blog/gdpr-sales/ https://www.superoffice.com/blog/gdpr-email-marketing/ Best, Steven

Reply

Shaunna-Grace

about 2 months ago

Hi Steven, We sent out an email before the deadline asking people to opt in/opt out etc. We are about to do a large email campaign, what do we do to the contacts who haven't given us an answer? Are we able to continue emailing them?

Reply

Steven MacDonald

about 2 months ago

Hi Shaunna-Grace! Great question. I recommend removing anyone that didn't opt in to your re-permission email list and that you only send your campaign to people that specifically opted-in. I've covered this in more detail here: https://www.superoffice.com/blog/gdpr-email-marketing/

Reply

Trudy Lawrence

about 2 months ago

Hi Steven, Great article - I've shared it with my colleagues! You seem to really know what you're talking about, so I'm curious to hear your thoughts on the following. I've came across an article that discusses how data economy is about to drastically change under the GDPR. It even mentions the possibility of users selling their own data to marketers, data analysts, and businesses in general. That seems like an interesting forecast. What do you think?

Reply

Steven MacDonald

about 2 months ago

Great question, Trudy! And thank you for sharing it. I recently heard about a company in the US that aims to help citizens manage and sell their medical record data to healthcare companies. Considering how important personal data is, I can see this shifting to all industries, leading to a big impact on how marketers communicate with their audience.

Reply

Navneet

about 2 months ago

I was really confused about some of the rules with GDPR, but this article and your comments below cleared most of my doubts. Thanks, Nav

Reply

Steven MacDonald

about 2 months ago

You're welcome, Nav!

Reply

Leave a Comment

Sign up to a free SuperOffice CRM trial.

It’s free for 30 days. No credit card required.

Start Free Trial