GDPR, Double Opt ins and Re-Subscription
As things stood at the end of 2017, email marketers were required to ask the contacts on their marketing lists to re-subscribe to enable them to continue sending marketing emails.
However, the EU made a rare U-Turn on this and in January 2018 this was changed and organisations can now send an email to an individual’s business email address provided there’s a clear and easy way for them to opt-out (unsubscribe). The change involves “Legitimate Interest” which means marketing emails can be sent in the existence of either consent OR Legitimate Interest.
What is Legitimate Interest?
What this means is that you have to be able to provide the reason why you email your leads or prospects and demonstrate that your contacts have an interest in your marketing communications, legitimately. That the goods or services that you offer will essentially benefit the business you are emailing and that the recipients are going to benefit or be interested in what you have to say.
This change means that the GDPR no longer differs from the UK Data Protection Act in this respect.
The ICO has said this, in relation to direct marketing “These rules on consent, the soft opt-in and the right to opt-out do not apply to electronic marketing messages sent to ‘corporate subscribers’ …… The only requirement is that the sender must identify itself and provide contact details.”
They go on to add that as long as “individual employees can opt out then you can email them without a confirmed opt-in”
Managing Web Based Subscription
If you have a form on your website encouraging a download of a white paper (or something other “of value”) in order to encourage people to hand over their email addresses then you can send the white paper to the subscriber AND send further marketing emails (provided there’s the unsubscribe option). HOWEVER, if an individual* does the same then you can still send the white paper but nothing else and you can’t keep their details on your database because the sending of the white paper has “fulfilled the transaction”
To overcome this, the form should have an “opt-In” option (not pre-selected) AND information as to how the data will be processed.
A double opt-in is NOT a requirement – you just have to provide proof of opt-in. However, using a double opt-in is a “better safe than sorry” approach.
Ideally, a business should look to capture (and store) evidence of Opt-In on new additions to email lists post May 25 2018 by capturing
- Date of Subscription
- Time of Subscription
- IP Address
- Consent Statement (e.g. tick in subscribe box)
Collecting Business Cards and Adding to a List
Many businesses collect contact details at trade and business shows by offering competitions, “drop your business card in this bowl to enter a competition to win a box of chocolates” for example. Now, unless you have a record of consent, you will no longer be able to add contacts to a database. So what’s the solution? Use a form to collect entries – names, email addresses as well as consent and this could be paper based, on a PC, phone or tablet.
Business Vs Personal Email Addresses
So, how do we work out which emails are a business address and which are personal?
- Add a form field to the subscription form asking for Company Name.
However, sole traders and some partnerships fall under the same regulation as B2C contacts with regards to this legislation so a way to get around this would be to also ask
- “How many employees work there” on the web form
And finally, rather than requesting people to re-opt-in, you should consider including information in the body of the email reminding people that they can always unsubscribe and the means to do so.
If you’d like more information about GDPR take a look at our other GDPR blog posts or contact us on 0117 370 0777 or via our online contact form.