This blog attempts providing an overview of GDPR with a quick guide on how you can ensure compliance if you are using Mumara Campaigns.
What is GDPR?
GDPR is the new legislation came into effect from 25th of May 2018, and it has replaced the previous data protection laws of EU member states, i.e. Data Protection Act and Data Protection Regulation UK. The scope of the whole law is wide enough to cover every industry/business or entity whether in personal capacity or as an organization, collecting and processing the data belonging to EU residents. No matter they belong to a region outside of EU, unless they are collect and processing the EU residents personal data, GDPR would apply.
Does GDPR affect Email Marketing?
The straight answer is Yes it has already affected the email marketing. We believe that still there is a large portion of marketers/businesses unaware of these changes/updates, or some of them are confused that if there are some extra measures they need to take to ensure GDPR compliance. Mumara has a close connection with email marketing and marketers, this quick article has attempted to cover the most important updates of GDPR and how Mumara users can continue using the application without getting penalized.
Collection of Data/Consent
How you collect the data from the recipient’s end has become stricter with GDPR. Regulations and laws working other regions of the world like CAN-Spam or CSAL do talk about the importance of permission based email marketing. But with GDPR, they have expanded the scope of Consent. What they say it should be “Freely given, specific, informed and unambiguous“. Since we have mentioned that this is going to be a quick guide, therefore, we’ll discussing more specific points without going into the details.
Only Double Optin is Acceptable
For the users of MumaraEmail, this part of Permission being “Freely given, specific, informed and unambiguous“ is not hard nut to crack. Any kind of non-optin, single of soft optin permission is no longer acceptable to protect against the GDPR. You need to follow this compact process of getting the consent that Mumara Web Forms can offer. Use web form function of Mumara to easily create signup forms. Moreover, the process helps you trace back exact date when the contact provided consent and added to the system.
Consent should be separate from other terms and conditions. Using double optin forms powered by Mumara would help you keep the consent clear, separate and unbundled.
No Passive Opt-in
Passive optins are no longer acceptable under GDPR. The consent box should be unchecked, and the subscriber should actively check and provide consent instead you providing them readily ticked checkboxes to grab a passive consent.
Avoid Tricky Ways
As the consent should be specific and informed, you must not use the tricky ways to collect and later process the data for marketing purposes. Like if you are offering giveaway for an email address, you should clearly mentioned if the email will later be added to a mailing list and will be used to send newsletters. You can’t just collect an email to offer a freebie and later consider it as consent to send email newsletters.
Do an Audit
GDPR clearly emphasizes that the authorization must be unambiguous. What’s better way of collecting it when you have the contact’s email with confirmed status? Within Mumara, contacts can be categorized as Confirmed and Unconfirmed, and this would work more smoothly if you are using the Mumara signup forms for collecting the consent.
If some of the lists have contacts with ambiguous permission, try separating them out using the appropriate filtration option within segmentation. And resort to acquire a fresh and unambiguous consent that can comply with GDPR.
Clear and Easy Opt-Out
Consent that you have collected once isn’t valid for the lifetime. There should always exist a way for the subscribers/contacts to request the removal of their personal data. With Mumara, you can not only insert an unsubscribe link within your email, but also can use global email headers to take one more step and provide a Mailto unsubscribe (List_Unsubscribe).
Process Removal Request
Once you have collected the unsubscribe request, process it as soon as possible. The bare minimum you should do is to don’t send email to the contacts that has requested for removal. Mumara actively performs this function by updating the status of the contacts to Unsubscribe, contacts with an unsubscribe status in the list will not be included while sending of the future campaigns.
Profiling isn’t prohibited under GDPR but there are certain measures that you need to take and ensure that the data is being processed in compliance with GDPR. Profiling is using the personal data in certain automated workflow that would help you predict behavior of the contact or subscriber. Email marketing automation, drip campaigns, and trigger based email campaigns may fall in the scope of profiling. As mentioned, it isn’t prohibited but there are steps need to be taken.
- When you collect consent make it noticeable for the contact that you will use their personal information for profiling
- Or write it in the consumer agreement if it applies
- Provide contact/consumer a way to request stopping the use of his/her personal data for profiling (Half Profiling)
- Do other necessary steps defined in GDPR and falls under profiling scope