Old News, New Rules
Although first mentioned back in 2016, the Regulation came into effect in the European Union countries in 2018. In addition to GDPR privacy updates, email marketing implements each change. If you thought it through and made the decision to comply with GDPR, you’ve done the right thing.
And How Did the Companies Prepare?
Until recently, there were different ways of building newsletter databases. From gathering emails by offering a free download to users, building a database of customers who’ve visited online shops, to adding contacts from participant lists of conferences, training courses or seminars, plus there have been cases of illegal practices, i.e., selling and buying contacts.
In the last month, we’ve received various emails from companies asking for permission to keep sending us their newsletters in the future. If the databases were collected legally, in compliance with the new GDPR regulation (users provided their email addresses or gave consent to receive updates about products or services that may interest them; there’s a legitimate interest in contacting them), it’s not necessary to ask for user permission to keep them in the mailing list. It is recommended to send users a “reminder” about what data we have about them, how and why we use and store them, and it’s always good to provide the possibility of opting out from the list.
Depending on the email collection method, some companies only sent a notification, others asked for new user consent to keep them on the list, and there were companies that segmented their recipients from scratch. There were some that deleted their mailing databases out of fear, being aware they’re not GDPR compliant. Here are a few examples of good and bad practises.
Samsung – Stay in the Loop
Even though the company doesn’t usually send many newsletters, they sent mobile users an email highlighting the updated privacy rules (http://www.samsung.com/hr/info/privacy/). But they forgot to include the opt-out option, so users cannot unsubscribe from the list by themselves, plus the message was sent from “firstname.lastname@example.org” address that doesn’t accept replies. So users were left with no options or insights about which data the company stores about them…
Newsletter example that includes all required info and options. This company has gathered personal data from its users in the correct and legitimate way from the start, so there was no need for asking permissions.
The newsletter is humorous in tone, but is it legitimate? It invites the users not to do anything if they want to stay on the mailing list. The other option is to unsubscribe using the button in the bottom. If the email addresses have been collected in compliance with GDPR so far, this could do. If not, the practice is not GDPR-compliant because users cannot passively give the permission for data usage.
Unfortunately, another bad example of user notification. Instead of asking for user permission to keep them on the list, there was an “unsubscribe” option in case users didn’t want to receive the newsletter anymore. Newsletter ends with a really weird “we apologize for GDPR spam”.
Just a Little More Time
As far as Serbia is concerned, we still have to wait for harmonization of laws with EU regulations and GDPR, when we’ll see how it will be applied in practice.
By: Lidija Mirić, Account Manager, Pioniri Zagreb