GDPR (General Data Protection Regulation) came into effect in May 2018, orignated by the EU, it has now been adopted into UK law. GDPR regulates the way the that a business collects, uses and stores their contact's private information.
If you are looking to get into email marketing, or are already a user of email marketing software, then this section will give you everything you need to be fully compliant.
Since the launch of GDPR in May 2018, the main change that has taken place is that the U.K has left European Union (E.U), this happened at the end of January in 2021. Whilst GDPR is a European Law, the U.K had already decided to adopt it into domestic law. This means that U.K businesses continue to be required to observe and follow GDPR.
Now that GDPR has been in existence for three years, it has become quite established. There are lots of companies that have been offering compliance training for U.K businesses. This formal training has been incredibly effective in helping U.K businesses understand how to become fully compliant.
When GDPR was originally passed into law, it prohibited email marketing activities to businesses and consumers if the recipient had not followed a positive opt-in process to receive your emails. Very early on in the life of GDPR, the DMA (Data and Marketing Association) successfully lobbied to have the law changed for B2B email marketing activities. This means that GDPR now confirms that it is legal to send out email marketing to cold business email addresses that have not asked to receive your emails. This is termed as 'Legitimate Interests' in GDPR.
Whilst GDPR now says that it is perfectly legal to send out cold emails (either from publically available information or third party purchased data), email marketing software, such as Email Blaster and others will prohibit this kind of activity.
Commercial email marketing software suppliers, such as Email Blaster choose to follow the original intentions of GDPR as unsolicited emails can and often do result in domain and sender reputation damage both for service supplier and client. It's very common indeed for spam filtering organisations to black-list companies sending out unsolicited emails (or spam as it is often referred to as).
Since May 2018, up until the UK was no longer a member state of the EU, regulating and enforcing GDPR was handled centrally by the E.U. When the UK left the European Union in January 2021, these duties then passed to the UK's domestic governing body; The ICO (Information Commissioner's Office).
The ICO is an independent authority, which was set up to uphold UK citizen's information rights, promoting openness by public bodies and upholding data privacy for individuals. The ICO covers many types of legislation, all relating to protecting and governing the way that UK citizen's private data is collected, stored and used. These include The Data Protection Act, Privacy and Electronic Communications Regulations, Freedom of Information Act and NHS Regulations.
The UK has retained the guidelines as defined in the original EU legislation regarding the penalties and fines that can be imposed for a breach of GDPR. Failing to comply with the requirements of GDPR carry some pretty hefty penalties. A company or organisation found to be in breach of GDPR can be fined up to 20 million euros or 4% of their annual global turnover.
The ICO is able to fine any amount that is deemed appropriate, up to a cap of 20 million euros (or the sterling equivalent). Fines have been imposed on companies in breach of GDPR quite frequently over the last few years, these have mainly been for sending unsolicited direct marketing to consumers.
Probably the most high profile case over the last few years was the one successfully pursued by the ICO against Cambridge Analytica for a breach of GDPR, who were accused of the misuse of the personal data of 87 million people.