New European legislation on data privacy, known as the General Data Protection Regulation (GDPR), enters into effect in a few weeks.
If you have any European customers or subscribers, this law affects you. That means you will need to make sure your lead generation and email marketing practices are compliant to avoid being penalized. To help you get started, Sendinblue is proposing some best practices for your opt-in strategy that will help you avoid this and keep your contacts happy.
May 25, 2018 is the date to remember. This is when the GDPR goes into effect in Europe, which means you don’t have a whole lot of time to get ready.
We recommend that you start updating your signup forms, optins, and data collection practices to conform with the new requirements of this law as soon as possible.
To help streamline that process, we put together an infographic with some suggestions on how you can do this. In it, you will find:
- The primary differences from the current requirements regarding personal data
- Examples of best practices and common mistakes when creating opt-in forms for your site
Hello, yeah this piece of writing is genuinely nice and I have learned lot
of things from it on the topic of blogging. thanks.
Very good blog! Do you have any suggestions
for aspiring writers? I’m hoping to start my own site soon but
I’m a little lost on everything. Would you recommend starting with
a free platform like WordPress or go for
a paid option? There are so many options out there that I’m completely confused ..
Any suggestions? Kudos!
Hey Lauren — thanks for the kind words! If you’re just starting out, using a free WordPress.com site isn’t a bad route, but I would always recommend starting with a true WordPress.org installation if you want to have more customization and control and avoid any migration headaches in the future. It’s up to you though — the only way you can really go wrong is if you wait too long! 😉
Very clear and concise. The marketing integration issue is where to store those consents. They need to be stored with date, context and an expiry date based on your marketing policy. So a simple check on its not enough. This video explains the principles bit.do/DPMvideo
Thanks for the comment Ian — you’re absolutely right that storing this consent and being able to show proof of consent for a given contact is vitally important under the GDPR. Luckily, most tools (Sendinblue included) already does this for you. For more information on how we store data surrounding consent, feel free to check our post here –> https://blog.sendinblue.com/our-story-sendinblue-gdpr-compliance-plan/
Hi Catarina — thanks for your question.
Here’s a hypothetical situation: Restaurant with locations only in the US. EU Citizen joins restaurant email list while at one of the locations. Restaurant then emails customer as part of regular email marketing newsletter, but EU citizen receives the email in the EU.
Does that email alone have to be GDPR compliant? Or does the process of collecting the email list subscription in the first place have to also be GDPR compliant?
Or nothing has to be compliant?
Great question! I am not a lawyer, but I will do my best to answer your question.
The GDPR really centers on acquiring user consent for businesses to process personal data for EU citizens. This means that it really refers to the collection of this information and the processes for which the data subject has authorized this information to be used. In the case you mention above, as long as the process by which you collected the contact information of an EU citizen is GDPR-compliant (i.e. that contact gave you their information through a positive action, and that the terms of consent and types of processing this data would be used for are clear), then you should have nothing to worry about. Hope this helps!
Early in your infographic, under “What you need to know” there is the statement, “B2C contacts must provide consent in the form of…”.
This makes your infographic seem only pertinent to B2C – Business to Consumer. What about Business to Business?
Great question. The reason we mentioned B2C contacts here is that the GDPR has much less bearing on B2B communications. Most experts have agreed that professional emails (i.e. an email address in the form firstname.lastname@example.org or something similar) does not constitute personal data at the level required for GDPR restrictions. In this case, B2B communications just need to be based on a potential legitimate interest of the recipient, which is a much more relaxed protocol.
Hope this helps! Of course, if you’re really concerned about your B2B communications, it would still be best to seek the counsel of a lawyer who specializes in this field.
Could you please let me know where in the world your applications and data are hosted ?
Comments are closed
Ready to find your marketing zen?
Take the stress out of your work day with a solution that’s built for you!Get started free