GDPR-ready? How US email marketers can avoid hefty new EU fines
This coming May, companies across the globe will be expected to comply with stiff European Union privacy rules. However, many email marketers on this side of the Atlantic remain in the dark regarding new European standards.
The General Data Protection Regulation is a measure adopted by the European Union to protect user privacy and data of European citizens. While on the surface, this may appear insignificant to US marketing activities, the enactment of the GDPR will, in fact, present challenges for any US company doing business in EU countries to comply with tight regulations on data collection, privacy and disclosure.
To address these new regulations and ensure your marketing is compliant, follow these tips to keep ahead of the GDPR, which formally takes effect on May 25 of next year.
1. Make subscribing clear
The GDPR makes it critical for marketers to re-examine their current opt-in process. With the new regulation, subscribers must be told, and agree to, how their information will be used and what content they will be receiving — including newsletters, promotions or information about upcoming events.
Specifically, the GDPR requires that marketers provide two separate boxes, one exclusively reserved for receiving emails and one all-encompassing terms and conditions box.
To address this change, start by creating a clever statement to get subscribers excited like, “Yes! Sign me up to receive exclusive coupons, news and information in my inbox.” This not only confirms that they agree to the opt-in process, but creates a clear statement on the content they’ll soon be receiving.
A secondary statement and checkbox should then address the way marketers plan to use subscriber data if agreed to.
2. Eliminate jargon: Use clear and concise language
Going hand-in-hand with adding a subscription box, email marketers now have to carefully fine-tune messages to not only grab the attention of potential subscribers but also meet regulations by clearly defining how their information will be used.
If companies plan on providing their email list to other brands, they must obtain new permission from subscribers. Make sure to communicate with potential recipients clearly during the subscription process.
If you are sharing information with other companies, say so directly. Using language to deceive subscribers or hide true intentions will result in a violation of the regulations.
3. Keep your email systems secure: Develop cybersecurity protocols
Email security is one of the most important mandates email marketers must take note of. When requested, all personal data must now be entirely removed from computer and company systems, leaving no trace of it.
Additionally, in the event of a security breach, it must be reported to the data protection officer or supervising authority within 72 hours.
To meet these new requirements for marketers, use a system that allows finding, editing and removing email contacts to be done quickly and easily. This saves time and allows EU citizens the “right to be forgotten” and to be completely removed from all databases.
Additionally, review all current security protocols, and make sure a comprehensive security breach plan is in place. This helps prevent costly cyberattacks and can build credibility in marketing programs.
While these new regulations don’t apply to American consumers, it’s important for US businesses to understand and migrate toward these standards. This helps establish respect and build stronger relationships with customers who are truly interested in receiving information about or from companies.
Be sure to start making changes now to ensure compliance and leave a lasting impact on subscribers!
Some opinions expressed in this article may be those of a guest author and not necessarily Marketing Land. Staff authors are listed here.