The deadline for GDPR enforcement is only one month away, and the question we’re seeing more and more frequently is: “Can we still use our existing email marketing lists?”
If you’re not sure how the new regulations will affect your current email databases, here are some of the steps you might want to take:
Prior to GDPR enforcement
Ahead of the enforcement deadline (which is 25 May for anyone who is still unaware), get in touch with the people on your current database to inform them of any new information relating to how you process their data.
Assess your database
As we mentioned in our previous introduction to the GDPR, you will need to revisit your existing database, looking at both active and inactive users, to analyse whether or not you will be able to continue using it.
To ensure GDPR compliance, your database should show the following information:
- Date the consent was given
- Segmentation showing the areas of business that they consented to receive information about
- Reference to how the data was collected e.g. website enquiry form, newsletter signup etc.
- A ‘Do Not Contact’ list of people who have unsubscribed from receiving your emails
When it comes to your active email subscribers, there are a couple of different factors you might want to look at:
- Provable consent: If you have active email subscribers in your database who have provable “freely given, specific, informed and unambiguous” consent, then you’re in luck! If you can demonstrate that they have given consent that’s in line with GDPR requirements, then no further action is needed and you’re free to continue using their data (unless they unsubscribe, of course).
- No clear evidence of consent: Alternatively, there may be some people on your database who are active subscribers, but you don’t have any proof that they gave consent to receive your emails. In this case, if they are regularly engaging with your marketing emails (opening them, clicking through to your website etc.) you may be able to use the legal basis of ‘legitimate interests’ to continue using their data.
Side note: If an email is transactional or is considered to be a service message, rather than a marketing message, then you will be okay to send these to your customers.
When it comes to your inactive subscribers (those who haven’t opened or engaged with any of your emails in, let’s say, the past 6 months) you will be unlikely to have any legal basis for continuing to process their data, unless they have given recent consent to receive marketing.
If someone isn’t opening your emails, and you can’t demonstrate an ongoing customer relationship or GDPR compliant consent, they should be removed from your email list and their data should not be used for any further marketing purposes.
Remember that GDPR isn’t being introduced to stop you marketing your business to your customers and prospects, you just need to be aware of how you are collecting, storing and using data to ensure that personal data is processed in a lawful, fair and transparent way.
For more information about the new data protection regulations, you can read the rest of our GDPR series here: https://www.applieddigital.co.uk/blog/tag/GDPR
Or you can find more information here: