Site icon AWeber

6 Myths about the GDPR and Email Marketing Debunked

Update 5/16/18: We have Data Processing and Security Terms.

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.

Thousands of sources have published their “expert” advice about the law and how it applies to email marketing over the past several months.

But here’s the thing: Much of their advice is wrong or misleading — and it’s causing a lot of misunderstanding, confusion and fear among small businesses and entrepreneurs around the globe.

So, we decided to set the record straight.

We’ve already covered the steps you can take to help prepare for the GDPR. (Great news! If you’re an AWeber customer, you’re probably already doing a lot of those things.)

In this post, however, we’ll dispel some of the most common myths about the GDPR and email marketing. Use this information so you can confidently move forward.

Disclaimer: This blog post is for informational purposes only, and you should not consider it legal advice. We recommend that you seek legal and other professional counsel to determine exactly how the GDPR might apply to you.

Myth #1: “I need to send a re-engagement email to all of my existing subscribers to reconfirm consent.”

One myth we see everywhere is the idea that you must have all of your subscribers reconfirm their consent in order to be compliant with the GDPR.

This is false. Sort of.

Here’s the deal: It all depends on whether you can prove consent from your subscribers, or you have other lawful grounds for processing data, according to the GDPR.

(Want to succeed with email marketing? Then you need to sign up for Everyday Email, a FREE course that makes it simple and fun! 30 short, easy-to-follow tips sent to your inbox for 30 days.)

If you are relying on consent to determine lawfulness, ask yourself these three questions:

  1. Did my subscribers opt in to my list, and can I prove it?
  2. On my sign up form, did I clearly explain how I’d use subscribers’ data and what content I’d send them? Can I prove it?
  3. Can my subscribers unsubscribe from my list as easily as they subscribed?

To prove you received consent, you should use the following three data points:

  1. The date and time the subscriber opted in
  2. The source of the opt-in (e.g., www.mywebsite.com, “Added via API”)
  3. A screenshot of the data collection mechanism (i.e., your signup form or landing page)

You can easily find the date, time, and source information in your subscriber details within your AWeber account. Just look for the date and time when they opted in as well as the source of signup.

To prove you clearly explained how you’d be using data and what content you’d send to subscribers, save a copy or screenshot of the signup form you used to collect their personal data.

Now, let’s say you imported your list from another email service provider (ESP). In this case, you won’t have the source information within your AWeber subscriber details. However, you’re confident your list subscribed in a compliant way through your old ESP. If you don’t have this information available in your previous ESP, you probably can’t prove consent and should consider sending a re-engagement email.

Finally, let’s quickly touch on the third question: “Can my subscribers unsubscribe from my list as easily as they subscribed?”

The short answer: If you’re using AWeber, your subscribers already have the ability to unsubscribe on their own using the “Unsubscribe” link in the footer of all your emails. You can also make the unsubscribe option more obvious by adding it within the text of your email messages.

Here’s an example from Ann Handley’s newsletter, which I shared in my previous post with her bi-weekly:

“I can prove consent. Hooray!” 👍

If you answered “yes” to all three of the questions I mentioned previously, thumbs up, you’re able to prove consent and you can continue to engage your subscribers.

“I can’t prove consent. Bummer.” 👎

If you answered “no” to any of the three questions, and you can’t prove consent otherwise, then you should probably send a re-engagement email or delete those subscribers from your email list.

Here’s a sample re-engagement email you can send your subscribers. You can use AWeber’s Click Automations to tag subscribers who click the link to confirm their consent.

Subject: Still interested in receiving emails from me?

Hi there!

I hope you’ve been enjoying the content I have sent you, like {Insert all of the types of content you send (e.g., newsletters, sales, product info, etc.)}.

If you’d like to continue receiving emails from me, click the link below:

{Keep me on the list – LINK}

By confirming your subscription, we’ll continue sending you:

  • {Insert a list all of the things you plan to send to subscribers on this list}

Not interested anymore? That’s alright. If you don’t click the link above, we’ll take you off our list and stop emailing you. You can also unsubscribe here. (Note: Hyperlink the word “here” to the personalization token {!remove_web} in your email message.)

Thanks, and have a great day!

{Your Name}

In addition to confirming consent, you can also use your re-engagement email to create better segments of your subscribers, using AWeber’s Click Automations feature.

For example, let’s say you send a newsletter as well as product information to your subscribers. You can add multiple links within your re-engagement email to allow them to opt in to receive different types of content. When subscribers click any of the links, you can tag them appropriately and send them more targeted emails.

Here’s a sample re-engagement email that has multiple options:

Subject: Still interested in receiving emails from me?

Hi there!

I hope you’ve been enjoying the content I’ve been sending you, like {Insert all of the types of content you send (e.g., newsletters, sales, product info, etc.)}.

If you’d like to continue receiving emails from me, click one of the links below:

  • Keep sending me the newsletter {tag with gdpr-newsletter}
  • Keep sending me product information {tag with gdpr-productinfo}
  • Keep sending me both {tag with gdpr-newsletter and gdpr-productinfo}

Not interested anymore? That’s alright. If you don’t click any of the links above, we’ll take you off our list and stop emailing you. You can also unsubscribe here. (Note: Hyperlink the word “here” to the personalization token {!remove_web} in your email message.)

Thanks, and have a great day!

{Your Name}

It’s a best practice to generally wait about seven days after sending a re-engagement email before deleting any subscribers who do not click the link(s) to reconfirm their consent.

Myth #2: “I need to add GDPR checkboxes to all of my signup forms.”

Another rumor floating around is that you need to add checkboxes to your signup forms in order to be GDPR compliant. Some are even calling these “GDPR-friendly signup forms.”

This is false. Checkboxes are not required, and are completely optional.

Nowhere in the GDPR does it state that you need to add checkboxes to your signup forms.

What it does say, however, is that you need to clearly communicate how you will be processing subscribers’ personal data, whether using a descriptive sentence or two, or using a checkbox, if you so choose.

One reason to go the sentence-route? Unnecessarily adding multiple checkboxes to your forms may introduce the possibility of click fatigue and lower opt-in rates.

Here’s an example of a signup form that is GDPR compliant and does not include checkboxes:

So, when is it appropriate to use checkboxes? The GDPR requires that consent must be freely given by subscribers, and cannot be bundled with unrelated actions. Keeping this in mind, here are two examples where checkboxes are required to be compliant with the GDPR:

Example #1

Let’s say you’re a retailer and you want to send marketing emails to your customers after they make a purchase, as well as share their data with other companies within your retail group. Under the GDPR, you cannot bundle their purchase with consent to send marketing emails.

Instead, a separate consent should be captured at the point of purchase that is specific to the purpose of sending marketing emails or sharing their data with partner companies. You might decide to use a separate checkbox to capture this secondary consent.

Example #2

Let’s say you’re a financial institution and you want to allow third parties to use customers’ payment details for marketing purposes. Under GDPR, this type of processing activity (i.e., the sharing of payment information for marketing purposes) is not necessary for the performance of the contract or agreement with the customer. Consent must be freely given, and if a customer refuses consent, the institution would not be able to deny services or increase fees. That would be a violation of the GDPR.

If you would like to share subscribers’ data with other parties, you should use a checkbox to allow them to give their consent freely. And keep in mind that these checkboxes cannot be pre-checked.

Myth #3: “I need to use double opt-in to be compliant with the GDPR.”

Double opt-in (a.k.a confirmed opt-in) is when your subscribers sign up for something — like a newsletter — and then they’re asked to also confirm their subscription.

Some “experts” are stating that the GDPR requires double opt-in to prove consent.

This is incorrect.

As I mentioned in myth #1, the GDPR simply requires that you can prove the compliant consent. The act of entering personal information into a signup form and clicking “submit” can be considered an affirmative action, as long as the subscriber was clearly and directly informed of what they are accepting.

However, double opt-in is not necessarily a bad thing. There are lots of great reasons to use it, including better subscriber engagement and deliverability. You just don’t need to use it to be compliant with the GDPR.

Myth #4: “Subscribers’ personal data thats already in our database isn’t subject to the GDPR.”

This one is closely related to myth #1.

The GDPR applies to all personal data — even data that was collected prior to May 25, 2018.

If you cannot prove consent for all of your existing subscribers, you should send a re-engagement email to obtain that consent.

Myth #5: “My data is stored with my service provider, so it’s their responsibility to remain compliant with the GDPR, not mine.”

We touched on the relationship between data processors (e.g., AWeber) and data controllers  (i.e., you, the one sending the emails) in our previous GDPR blog post. But let’s dive deeper to dispel this myth.

Data processors and data controllers share responsibility for complying with the GDPR requirements. As an AWeber customer, you are still considered the data controller. You maintain control over how you use that data. AWeber is simply processing the data at your request.

So, it’s not an option to pass responsibility to a service provider who is processing data on your behalf. We recommend that you seek legal and other professional counsel to determine exactly your role and relationship to the data being processed.

Myth #6: “If I’m not compliant by May 25, I’ll get hit with huge fines.”

Anyone reading the GDPR fine print is likely nervous when they see the hefty fines associated with not being GDPR compliant. (Enough to make your palms sweat!)

However, EU officials indicate that fines would likely be a last resort.

“It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” she said. “The ICO’s commitment to guiding, advising, and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick.”

“While fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective,” she continued. “The GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow.”

If you’re taking the necessary steps to understand and follow the GDPR regulations and engage in good email marketing best practices, you are on the right path to protecting yourself.

Keep calm and email on

On the surface, the new GDPR may appear scary and ominous, but it’s actually pretty straight forward. And it’s a good thing for email marketers, too.

It really comes down to doing the right thing with the personal data you collect. Only send emails and information to people who’ve given you permission to do so for the purpose you told them.

To learn more about the GDPR, visit www.eugdpr.org.

Have questions? Comment below, or contact our team, and we’ll do our best to answer them.

Not an AWeber customer? Get the peace of mind of working with a trusted provider. Get started with AWeber for free today.

Exit mobile version