Email and GDPR: Expected Changes – Data Strategy > Data


On May 25, the General Data Protection Regulation, also known as GDPR, will go into effect. This will bring significant changes to the way companies store, manage and use personal data.

I support

It is clear that these developments, aimed at improving the confidentiality of Internet users, are leading to changes in marketing practices and especially email marketing. Therefore, the General Data Protection Regulation (GDPR) introduces new restrictions that will be supplemented by the publication of the Electronic Privacy Regulation, which is still being ratified by the European Union. When that comes, electronic privacy should clarify questions about rights and obligations with respect to electronic communications and profiling.

General Data Protection Regulation: The New Rights of Internet Users

From May 2018, the rights of citizens will be enhanced to facilitate the management of their data. Therefore any company that processes data targeting EU citizens must be able to:

  • To be transparent about the hosting and use of collected data
  • To allow each user to consult/modify information about them
  • Delete all citizen data if requested
  • To transfer customer information to another entity to simplify changing service providers (telecommunications, subscriptions, etc.)

In addition, companies will have to indicate their contact details so that the people concerned can contact them and confirm their rights.

Often equipped with many marketing solutions, companies must adopt new processes in order to comply with the GDPR. To simplify these changes, synchronization of information within a single database is necessary to automate many tasks:

  • Automatic unsubscribe from a mailing list
  • Edit, export or delete data related to a specific Internet user

Apart from the manufacture of these processes, the unification of the information of the Internet user makes it possible to process all his data collected under several information systems thanks to a single processing.

General Data Protection and Email Regulations: Transparency in Collection Methods

Among the most lax countries regarding mandatory consent in email marketing, France has taken a major blow in the face of a trend aimed at development.

So far reserved for sending B2C emails, mandatory consent can extend to B2B recipients. As a reminder, enabling is not mandatory in B2B if the sender respects two rules:

  • The subject of the email should be consistent with the activity of the target
  • An unsubscribe link should be present in every email

The arrival of the GDPR could potentially change this process. In fact, pre-approval in B2B can become mandatory for professional email addresses. So this change may affect 99% of your databases because we generally avoid keeping emails of type: [email protected]

These items should be taken with caution because, at this time, they are not validated by ePrivacy. It is this regulation that will determine the final rights and obligations relating to email marketing.

What is certain today is that the General Data Protection Regulation (GDPR) requires companies to improve their procedures for collecting the consent of their Internet users:

  • Do not use a pre-selected square
  • Be clear and transparent about the final processing of the data. Each specific treatment will result in a specific approval.
  • Do not hide consent by accepting a contract, CGV, CGU …
  • Simplify the process to revoke consent given by an individual

Apart from the rights granted to individuals to protect their confidentiality, companies must implement these changes in order to properly respond to the proof of approval requested by the supervisory authorities as of May 25, 2018.

This proof of consent must be accompanied by other basic data: the source of consent (form, pop-up, etc.) and date of consent. Practically speaking, these new commitments will lead companies to prefer an email solution that will be able to meet these standards by:

  • Customizable forms linked to the database
  • Automatic addition and enrichment of system fields (origin, date, opt-in)
  • Double opt-in option

To improve your marketing tactics now, the best way is to respect one of the basic points of organization which is: Data protection by design and by default. This part aims to take into account the idea of ​​respecting the privacy of users by designing an information system, a database or even a collection device (a competition).

As you understand, although e-Privacy has yet to give its opinion on these changes, the GDPR will affect your entire email marketing.

Discover a white paper dedicated to the General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) Technical Document

I support

Leave a Comment