[EN] GDPR Guide
Your practical guide to GDPR in email marketing
On 25 May 2018, the new, Europe-wide General Data Protection Regulation (EU GDPR) came into force. Its aim is to protect the personal data of natural persons. The EU GDPR therefore contains provisions governing the processing of personal data.
Due to its factual and geographical scope, the EU GDPR applies to every company within the EU that processes personal data in any way. No distinction is made between analogue and digital processing. Processing includes, for example, the collection, storage, retrieval, use, modification or deletion of personal data.
Personal data according to the EU GDPR is any information that relates to a natural person. This can include, for example, name, email address, telephone number, postal address or date of birth. However, data such as IP addresses, account details, usage behaviour, etc. are also considered personal data by the EU GDPR.
Conclusion: The EU GDPR also affects your company!
To make it as easy as possible for you to get started with this topic and its implementation in email marketing, we have summarised the most important areas of the GDPR where action is required in this Practical Guide. We wish you every success in implementing it!
Answers to the most important questions about the GDPR
We speak from experience! We use this experience, gained through constant dialogue with our customers, to make it as easy as possible for you to get started and implement your measures. In this section of our Practical Guide, we have compiled the most important and frequently asked questions about the General Data Protection Regulation.
As with all information on this topic, we have prepared the answers to the best of our knowledge and belief. Nevertheless, we would like to point out that our content does not replace legal advice, as only this can be tailored to your individual circumstances.
How does the GDPR affect my email marketing?
The EU GDPR has a very strong influence on email marketing, as effective email marketing simply cannot function without personal data. Email marketing typically involves the processing of a large amount of personal data, such as name, email address, date of birth or IP address. However, all responses, i.e. the entire opening, reading and clicking behaviour, also fall under the term personal data. It is therefore important to familiarise yourself with the rules of the GDPR and to take care to protect this data.
To whom may advertising emails be sent?
Advertising emails may only be sent to subscribers who have given their consent to receive such emails. Only if you comply with this requirement are you 100% legally compliant. It is best to seek legal advice to clarify whether and under what conditions it is permissible to send emails to subscribers who are in a contractual relationship with you (e.g. customers, partners, etc.).
We recommend: To be 100% legally compliant, obtain consent directly from the subscriber using a double opt-in process. This way, you have the consent stored directly in your email marketing system and can easily and quickly prove it in case of doubt.
How do I handle existing data?
Check which of your existing subscribers have given you verifiable consent to send them newsletters. Those subscribers who have already given their consent in accordance with the law may continue to be sent newsletters. For subscribers who have not given their express consent – neither in your email marketing system nor externally (e.g. through a contract, signature, etc.) – we recommend that you obtain this consent retrospectively directly from the subscriber using a double opt-in procedure.
Take advantage of the opportunity offered by the EU GDPR to build up a high-quality database.
What do I need to bear in mind when recording new data?
Take a close look at your subscriber sources. There are several ways in which a new subscriber can enter your database. These include imports, traditional forms and interfaces to external systems. In this context, check all sources to determine how you obtain consent from your subscribers and how this can be documented.
Valid consent also requires that the subscriber of your mailings has been informed about the storage and processing of their data. Integrate this information into the privacy policy on your website, for example.
We have summarised the areas you need to consider when entering new subscriber data in our whitepaper.
What do I need to bear in mind when registering subscribers?
According to the EU GDPR, your subscribers have the right to withdraw their consent at any time. You should therefore include an “Unsubscribe” button in all your mailings so that your subscribers can exercise their right directly.
Withdrawal of consent means that the subscriber’s data may no longer be processed for the purpose of sending a newsletter with immediate effect. This means that further processing of the subscriber’s data in the email marketing system – even if they have unsubscribed there – is no longer legal.
We provide you with a GDPR-compliant unsubscribe option in the eworx Marketing Suite – so you don't need to worry about deleting unsubscribed subscriber.
How to implement the GDPR in practice
Enough theory – let's talk about what really matters: implementation in practice. With the eworx Marketing Suite, we provide you with a GDPR-compliant email marketing system.
Our email marketing experts have come up with some great ideas for you, and we are providing you with new features that will support you in the actual implementation of legally compliant marketing processes.
Rights of data subjects
According to the new General Data Protection Regulation, data subjects have certain rights that they can assert against the controller. In the case of email marketing, the data subjects are your newsletter subscribers.
Our white paper provides an overview of the data subject rights that are relevant to email marketing. We have also highlighted three areas – information, correction and deletion – and show you how easy it is to comply with these rights in the eworx Marketing Suite.
Information
The data subjects – i.e. your newsletter subscribers – have the right to be informed by you whether personal data about them is being processed. If data is stored or processed, the respective subscriber also has the right to access this data.
Correction
The GDPR grants the data subject a right to correction of all data processed about them. There are several ways in which you can correct data in the eworx Marketing Suite. On the one hand, you can adjust data manually, and on the other hand, you can also leave it up to your subscribers.
Deletion
Data subjects have the right to have their personal data deleted. As a company, you must ensure that you comply with this request from the data subject in a timely manner. Complete deletion of the data is of course also possible in the eworx Marketing Suite.
Information obligation
According to the General Data Protection Regulation, the controller must provide the data subject with certain information about the use of data. In the context of email marketing, this means that when users register for your mailings, they must be informed about what will happen to the data they enter.
Professional email marketing software, such as the eworx Marketing Suite, naturally provides you with the most important information about the processing of the respective data.
Consent of subscribers
Consent is the basis for legally compliant email marketing. Personal data may only be processed for advertising purposes with the prior consent of the subscriber. According to the regulation, you must also be able to prove this consent in case of doubt. This is where the double opt-in procedure comes into play.
In our Practical Guide, we show you how you can document the consent of existing subscribers and integrate a legally compliant process for acquiring new subscribers in the eworx Marketing Suite.
Revocation of consent
Data subjects – i.e. your newsletter subscribers – have an unrestricted right of revocation within the scope of their data subject rights, which allows them to object to the processing of their personal data at any time. We recommend integrating an “unsubscribe” button in each of your mailings so that your subscribers can exercise their right directly.
The revocation not only includes a corresponding unsubscribe option, but also requires the deletion of personal data. This is where GDPR-compliant unsubscribing in the eworx Marketing Suite comes into play.
Anonymised statistics
Have you adequately informed your subscribers about the recording of their data and obtained their consent? Then there is hardly anything standing in the way of legally compliant email marketing in connection with the collection of personal data. Does your company's data protection policy go one step further? Then we have the perfect solution for you with anonymised statistics.
With the eworx Marketing Suite, we provide you with EU GDPR-compliant email marketing software, but would like to point out that the new regulation not only affects email marketing, but also other areas of your company that process personal data. Furthermore, we cannot address the specific circumstances of your company with the information we provide externally – we recommend that you seek advice from your legal expert.
Updated 2 days ago