GDPR – Email Marketing Compliance Guide 2018.
The GDPR go live date of the 25th of May has come and gone, in the last few weeks businesses of all shapes and sizes have been hurriedly re-opting in their email lists.
In the last few weeks we have all been sent a myriad of re-permission emails. As a quick litmus test I asked my co-workers how many re-opt in emails they clicked on to stay subscribed, the answer was staggeringly low. From a personal perspective, I received hundreds of re-permission emails, I only clicked on two of them, one of those forwarded me to an overly complicated form asking every question imaginable, so I ducked out.
On the other side of the spectrum, many companies – especially big ones such as: Amazon, Twitter, eBuyer and the likes of Loch Fyne restaurants have carried on mailing to their pre-GDPR subscriber list. How did they manage that? This then raises the question why small businesses all over the country have gone into meltdown, writing off their customer lists while a lot of the big players and many small ones have carried on as normal?
The GDPR misconception.
Large organisations would have likely employed the services of very expensive law firms to advise and assist with GDPR compliance, as such have happily carried on marketing.
Small businesses, clubs and associations are not in the position to employ expensive law firms – often having to resort to hearsay and Google searches.
This then raises the argument, Do I really have to delete my subscriber list post-GDPR if they did not re-opt-in? A lot of the big players such as eBuyer did not conduct noticeable re-permission campaigns.
In the lead up to GDPR small businesses were not given clear information and advice. There could be a suggestion that the ICO had a duty of care to better help small business and advise on GDPR compliance – instead most small businesses had to rely on hearsay on the internet or confusing legal documents published by the ICO.
Do I really have to delete my subscribers post GDPR?
The suggestion is that perhaps this is not the case, many large companies have not written off their customer and marketing lists. As a small company are you really obliged to simply delete your mailing list that you have carefully nurtured over many years?
To address this, the best port of call is what the ICO is actually saying. On the 27th April 2018 the Deputy Information Commissioner gave a great GDPR Q&A interview on BBC Radio 5. The Deputy Information Commissioner gave the following advice:
Question to ICO posed by small business owner ‘Andy’:
Can I can continue to email my clients?
Deputy Information Commissioner answer:
“If Andy already has an existing relationship with his clients, and he is selling them services or goods and they have already purchased things from him, then the law allows for that relationship to continue. Andy can continue to send marketing information to those members of the public that he is serving.”
The ICO, who are administering the law have made clear that companies do not need to simply write off their customer database for marketing purposes. As outlined, if your business has an existing relationship, then post-GDPR you can continue that relationship.
The consensus is that if you have already obtained consent, this could be through an existing relationship you have with your subscribers or via a pre-GDPR subscribe form, you do not need to re-obtain consent. This argument was also supported by Field and Fisher, a prominent European law firm, outlining the following:
“Does the GDPR mean we have to get fresh consents from our entire marketing database? In many (indeed, perhaps most) cases, the answer is no”
– Field Fisher Law
Can I continue emailing a customer who did not click on re-subscribe?
In most cases your customer database that you have taken care over years to build, there is no need to simply write if off post-GDPR. The ICO who enforce the law and Field Fisher clearly say that you can continue the existing relationships for marketing purposes.
The Deputy Information Commissioner on the BBC Radio 5 interview went on to clarify that businesses should use the “reasonable expectations” litmus test. If you have a long term relationship with your subscribers, they have a reasonable expectation of receiving your email newsletter, you are well within the new GDPR regulations to continue that relationship.
Can I continue emailing users who subscribed pre-GDPR?
A subscriber list does not always just contain customers, a certain element may be users who completed a newsletter signup form on your website pre-GDPR. The speculation is that with GDPR, we need to re-permission these subscribers too.
The simple answer again is no. GDPR is about relationships and and does not mean we have to write off existing relationships. Tozers report that “if you collected consent.. pre-GDPR, then you can continue to rely on that consent post-GDPR”, clearly arguing the case that we do not need to re-permission previous subscribers.
It is clear that there is a certain element of confusion about what we can and can’t do post-GDPR. As outlined by the ICO and other leading sources, most online hearsay is simply not the case. This then leads to the question, where did all this misinformation originate from?
It is likely that it came from the EU itself, ‘the-marketing-eye’ report that the EU performed a U-turn with regards to re-consent and drastically relaxed the rules – meaning that mosts businesses don’t actually need to re-consent their subscribers.
In a recent discussion with the DMA, this U-turn performed by the EU was something that the DMA claimed to achieved due to their lobbying.
Living in a post GDPR world.
While GDPR speculation may have seemed little daunting and all doom and gloom, leading sources have clearly demonstrated that this may not be the case.
As touched upon inside this article, GDPR allows us to continue existing relationships, without in most cases asking for re-consent. Many small businesses fell foul to misinformation and fear about what the post GDPR world could look like.
The lack of clear information for SME’s is something that the ICO are certainly guilty of, but we can be rest assured that in our post GDPR world, it is not the case that your lovingly created customer list needs to be simply deleted. The ICO’s ‘reasonable expectations’, allow relationships to continue and businesses to continue to talk to their customers.
- Pre-GDPR customer lists can still be used post-GDPR, even if the customer did not click on re-subscribe.
- The ICO define what is called ‘reasonable expectations’, allowing us to continue communicating with a subscriber if they are expecting our communications.
- Subscribers who completed a newsletter signup form pre-GDPR are still valid post-GDPR. No need to re-subscribe.
- ICO outline that existing relationships can be maintained. There is no requirement to re-opt-in an existing relationship.
Deputy Information Commissioner BBC Radio 5 Interview (27th April 2018), Field Fisher, Re-consenting to market under GDPR: https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/re-consenting-to-marketing-under-gdpr Tozers, will GDPR require new consent? https://www.tozers.co.uk/insights/do-i-need-to-ask-my-contacts-to-opt-in-again-once-gdpr-comes-into-force The marketing eye, GDPR consent: https://www.themarketingeye.com/blog/gdpr-b2b-vs-b2c-can-you-still-email-your-database/