GDPR Requirements for Emailing Existing Customers

The European Union’s approach to online privacy sets new requirements for communications between email marketing companies and their existing customers.

The new General Data Protection Regulation (GDPR) legislation, to be introduced on May 25 2018, brings far-reaching changes that will make organizations accountable for their actions while empowering and protecting the users. This law also looks set to curb the menace of data exploitation for marketing purposes.

The existing laws fail to incorporate considerations for advanced web technology, smartphones or social media. Prior to the introduction of the GDPR, companies would be prudent re-assess their consent mechanisms to ensure that they are detailed and precise in their nature, are prominently displayed, and facilitate easy withdrawal.

As per the existing regulations, email marketers are only permitted to send emails to their previous clients or those that opted in to receive such emails at the time they were signing up to the organization’s mailing list. These provisions are retained under GDPR. In addition, companies are prohibited from emailing consumers who had not consented to electronic communications with the aim of asking them to opt in to emails. The law treats such emails as spam which could lead to significant fines.

GDPR obliges brands to seek consent separately from other terms and conditions. This would give subscribers the opportunity to understand what they are signing up to. In addition, marketers will be obliged to ensure that users can access their personal data at any time with options to remove their consent to the use of their information.

Pre-ticked opt-in boxes will no longer be regarded as a valid form of consent. The new law allows email marketers to only send emails to customers who actively opted in for electronic communications. Opt-out methods of communication will not be allowed under GDPR because they are similar to pre-ticked opt-in boxes.

If the email marketers must use personal data for separate means, they will be required to seek consent separately for each reason they want to use the consumers’ data. This provision aims to ensure that users have as much control over the use of their personal data as possible. The marketers will be obligated to inform the users of what the organization is about and to name any third parties with whom the organization would share the information.