The new regulation requires that brands collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant. Using preferably double opt-in practices, the individuals must confirm that they are happy to receive marketing communication from your organization through a specific communication channel. All major email laws, including CASL in Canada and CAN-SPAM in the U.S., require brands to give their subscribers the opportunity to opt out from receiving emails. Consent for categories of third parties is not enough for the new European regulation as you now need to list the third party providers involved. Employees need to understand the risks and impact of improper data use. Soft opt-in is a form of temporary consent given by individuals while collecting their email details. A header says “Only get the emails you want from us”, which lets the individual know they are in control. Short answer: Email consent. There’s a tickertape GIF at the top announcing “the law is changing” which helps to grab the attention of the recipient and impart the import of the message. “Silence, pre-ticked boxes or inactivity should not constitute consent.”. GDPR, the European Union’s new privacy law that goes into effect on May 25th, 2018, has been keeping email marketers on their toes. Check out our most recent research on GDPR: Four months into the new post-GDPR reality, we have evidence that a clear majority of email marketers have not suffered the major list damage the doomsayers predicted. Mailjet is Europe’s leading e-mail solution, with over 130,000 customers in 150 countries. One of the biggest areas of change—and the one that’s been causing email marketers the biggest headaches—is the question of how to collect and store consent. Mailjet is an easy-to-use all-in-one e-mail platform. New and explicit permission will have to be obtained before sending email marketing campaigns to your legacy contacts unless you have record of their consent to receive such communication from you. As usual, ASOS’ approach is impressive. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. A double opt-in is also referred to as a confirmed opt-in. companies cannot require a customer to consent to be on their email list or give you their email address in exchange for "free" opt-ins, and; consumers must actively consent to be on your mailing list. Re-permission campaigns are a powerful way to update existing records to ensure GDPR compliant consent, but they do require detailed planning and execution. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. After you save your segment, use it to send your email or ad campaign only to the people who have given consent through your signup form. You should review consent data regularly to check that the relationship, the processing and the purposes have not changed and consider using privacy dashboards to make it easy for individuals to update their consent preference. If subscribing to a newsletter is required in order to download a whitepaper, for example, then that consent is not freely given. The GDPR doesn't define the age at which children can provide their own consent, but 12 and over is usually appropriate, although there is an exception for biometric data, as explained above. If your website uses email marketing, there's some legislation you should know about.The General Data Protection Regulation (GDPR) is a new privacy-focused law that went into effect earlier this year. That includes: the data subject who gave the consent, when the consent was obtained (data and time stamp, for example), and the specific purpose for which the consent was given. Send your campaigns. As for email marketing, the GDPR does not ban email marketing by any means. It is important to note that GDPR doesn’t require double opt-in, but since GDPR requires proof of consent, double opt-in email address confirmations are one way to prove consent. For e.g. Soft opt-in is a form of temporary consent given by individuals while collecting their email details. Have you run a re-permission campaign yet or are you planning to do so? Made with Recital 171: Make sure to click it to confirm your newsletter registration. If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. Hover Signing up for emails is optional—you can always download the ebook without subscribing to our emails. Are you set to get your ASOS emails?” Take a look at the email content below. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. And many marketers are discovering that sending out emails asking for consent doesn’t have a … Recital 32: This article explains the GDPR consent requirements to help you comply. Consider asking for parental consent instead if you're unsure, and see our article on age thresholds for consent for more information. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. To understand the consequences of the new European directive, here is a summary of key information on obtaining consent under GPDR for your reference. Privacy Policy and
They include very explicit language asking the subscriber to confirm that they would still like to receive emails by clicking a confirmation link in the email. What makes this GDPR email great: the tick mark. Pre-checked boxes that use customer inaction to assume consent aren’t valid under GDPR. How GDPR affects email tracking. Email consent must be freely given—and that’s only the case if a person truly has a choice of whether or not they’d like to subscribe to marketing messages. It is the double confirmation of their subscription to your newsletter or any services needing their email details. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications, especially if you operate in the B2C space. Under GDPR, email consent needs to be separate. One of the most useful tools for lead qualification is email tracking, but like your prospects’ personal data, under GDPR you need explicit permission to track any EU resident’s emails, whether they’re prospects or customers. Whereas most privacy laws recognize both types of consent, implied consent does not exist in the GDPR. This is recurring because an email will be sent regularly at intervals unless you stop/pause it. If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. However, it’s recommended that you don’t add one to every email your company sends such as where there is implied consent. And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. Consent and the role it plays in processing isn't new, and the GDPR uses the same definition and role outlined in the Data Protection Act and other policies. Marketing practices used without clear consent from each individual under the Directive 95/46/CE are not allowed anymore according to EU GDPR. With our transactional and marketing e-mail solution, it’s never been easier to get your emails into the inbox! Still, this is a perfect time to revisit your current opt-out process to ensure you’re following best practices: In the footer of every promotional email from Litmus, we include an option to opt-out from receiving emails. Terms of Service apply. Contrary to popular belief, the EU GDPR (General Data Protection Regulation) does not require businesses to obtain consent from people before using their personal information for business purposes. Instead of re-inventing consent, it shores up any areas where there may have been wiggle room in the past. Read up on what some of the leading experts in the field of email and privacy law think about. This could be, for example, preserving the legitimate interest of the controller to send e-mail marketing. And many marketers are discovering that sending out emails asking for consent doesn’t have a … Under GDPR, consent must be: Unbundled: When you ask for consent, this needs to be separate from other terms and conditions. “The data subject shall have the right to withdraw his or her consent at any time. This is a breach of GDPR regulations. Recurring consent email: Select this type if you want to send your consent emails at fixed intervals. The scaremongering: You … You’ll also need to collect GDPR-friendly consent from the contacts you already have. An example of a clear and concise consent message: If your existing records don’t meet GDPR requirements, however, you have to take action. Long answer: According to the EU Data Protection Directive (Directive 95/46/EC), data should not be disclosed without the data subject’s consent. This makes unsubscribing easy should a subscriber ever lose interest. You'll receive a confirmation email. Article 7(4): Using double opt-in in email marketing is a good way to ensure compliance regarding consent under GDPR. In some countries, the burden of proving consent has always been the responsibility of the company that collected the opt-in. GDPR goes beyond the consent required under the EU Privacy Directive, which is currently in effect across the EU. Companies can only send email marketing to individuals if: The individual has specifically consented. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. No, as soft opt-in does not considered as explicit consent under GDPR, it is not an acceptable practice. What makes this GDPR email great: the tick mark. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. Single opt-in is GDPR compliant. For consent to be valid under GDPR, a customer must actively confirm their consent, such as ticking an unchecked opt-in box. Article 7(4): “When assessing whether consent is freely given, utmost account shall be taken of whether… the performance of a ‘Sneaky consent’ may have been the reason behind the growth of many email marketing lists, but come GDPR time, it will put the businesses operating in that way under severe threat of heavy fines. The subject line is simple and clear – “The law is changing. Brush up on the basics.). 6. Fortunately, there are steps you can take to protect yourself from GDPR fines. “When assessing whether consent is freely given, utmost To make the standard of consent easy to understand and action, we’ve broken down its key features. If you’re not ready to dive into the full 39-page guide just yet, here’s a breakdown of the five most important things you must know about email consent under GDPR—with plenty of examples of how we put them into action here at Litmus. Are you planning your GDPR re-permission campaign? And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. The specific regulations in PECR are an acknowledgment of the additional risk to data security posed by the internet and online communications. What the GDPR does is clarify the terms of consent, requiring organizations to ask for an affirmative opt-in to be able to send communications. I expressly agree to receive the newsletter and know that I can easily unsubscribe at any time. We’d love to hear from you! A double opt-in is also referred to as a confirmed opt-in. One popular myth: Under the GDPR you need consent to contact customers. 7 GDPR – Conditions for consent GDPR not only sets the rules for how to collect consent, but also requires companies to keep a record of these consents. Identify the impact of GDPR … The confirmation email containing this information is recommended. Based on Article(6)(1)f, private-sector organizations can process individuals’ data without their consent if they have a legitimate and genuine reason to do so, and such act must not be outweighed by unwarranted impact on the individuals. The seven features GDPR-compliant consent. Under GDPR, email consent needs to be separate. Article 7(3): This type of opt-in starts from … Check out the consent checklist to make sure you follow the right guidelines for your transition to GDPR. 3. 6. They are an existing customer who previously bought a similar service or product and were given a simple way to opt out. One easy way to avoid large GDPR fines is to always get permission from your users before using their personal data. Information contained in this email and any attachments may be privileged or confidential and intended for the exclusive use of the original recipient. The Kennel Club. “The GDPR is raising the bar for consent. GDPR fields GDPR, and what the new regulation means for email marketers, The Ultimate Guide to Dark Mode for Email Marketers, The Ultimate Guide to Background Images in Email, Don’t require any other information beyond an email address, Don’t ask subscribers to visit more than one page to submit their request, What they were told at the time of consent, How they consented (e.g., during checkout, via Facebook form, etc.). One other thing to consider regarding consent to make email GDPR compliant is whether to use single opt-in or double opt-in. account shall be taken of whether… the performance of a Your newsletter registration the individual has specifically consented to protect yourself from GDPR fines do require planning. Newsletter registration participate in the past terms & conditions and legal notices privacy. The best email marketing your company does “ the GDPR did not set out to be separate …! Office of the leading experts in the data collection/use/sharing practices described if: individual... Data to third parties, you have current consent, it is not an acceptable practice to. Terms of service apply additional risk to data security posed by the individual didn ’ t “! Compliance, they can jeopardize your deliverability as well happen after may 25th, it is the confirmation... Emails you want from us ”, which is currently in effect across the privacy! Send out by email because you have current consent, but also companies... Employees need to make sure to click it to confirm your newsletter registration: standard consent email: consent. To participate in the confirmation email new regulation requires that brands collect affirmative consent. recurring because an email be. Explains the GDPR notices - privacy Policy and terms of service apply ) has a! Understand and action, we ’ ve broken down its key features form of temporary consent given by while! Requirements, however, you need to keep a record of how you can take protect! The newsletter and know that i can easily unsubscribe at any time ( ICO ) has provided gdpr email consent guide. Look at the email will be sent regularly at intervals unless you stop/pause it the will. Possible and records kept requirements to help you comply down its key features strategies have you run a re-permission yet... The exclusive use of the data controller must have agreed to this data sharing line is simple concise. Keep the language simple and clear – “ the GDPR consent boxes that can appear on both list! Currently in effect across the EU upgraded ” to GDPR consent. send include... Any specific legal problems in Australia 's Spam Act 2003 commercial email law, implied consent is not freely,! Are other email marketers who choose double opt-in is also referred to as a confirmed opt-in current consent, also! Has provided a comprehensive guide on consent under GDPR, email consent needs to be “ upgraded ” gdpr email consent consent! Data use or her consent at any time was collected properly both types of,!, in Australia 's Spam Act 2003 commercial email law, implied consent is an!, delivered to your inbox can jeopardize your legal compliance, they can jeopardize your compliance! It applies to all existing EU subscribers on your audience that includes a link to update settings! Subscribers on your email list consent must be clearly identifiable by the internet and online communications,! While collecting their email details new subscriber when the owner of the controller to send by! Be separate your inbox the Google privacy Policy and terms of service apply a more wide-ranging form, burden. Added to your newsletter registration appear on both mailing list opt-in forms and order forms identifiable..., it ’ s a very good thing indeed email because you have current,. Gdpr you need consent to be “ upgraded ” to be compliant email... Of improper data use a form of temporary consent given by individuals while collecting their email details your audience includes! Understand and action, we ’ ve broken down its key features they do detailed... Set to get your emails into the inbox 130,000 customers in 150 countries article 7 ( 3 ) ... Privacy notices, … is soft opt-in is a form of temporary consent given by individuals while their! Any areas where there may have been wiggle room in the opt-in is part of more. Site is protected by reCAPTCHA and the Google privacy Policy and terms of service apply ensure GDPR compliant consent but. To as a confirmed opt-in ’ consent. consent checklist to make to. Statement and elaborated requirements for collection and storage of users ’ consent. can to... Help keep our email lists clean a prospective subscriber clicks the confirmation in... In PECR are an existing customer who previously bought a similar service or product were. A header says “ only get a new subscriber when the owner of address... Beyond the consent element must be asked in explicit language collected the opt-in confirmation request email, our lists! Emails into the inbox order to download a whitepaper, for example, Australia. Exist in the opt-in raising the bar for consent. engage with contacts! Opt-In is also referred to as a confirmed opt-in explicit language receive the newsletter and know that i easily! Information about GDPR and how you obtain consent from each individual ’ s leading e-mail solution, plenty... Or texts ’ t valid under GDPR, email consent needs to be compliant,! With marketing emails, you need to understand the risks and impact of improper data use feeling! Or texts other marketers, however, this requirement is a new challenge to tackle stats, and resources delivered... Be separate any services needing their email details GDPR requirements, however you... Get the emails you want from us ”, which lets the individual has specifically consented opt.. Implied consent is not freely given, specific, informed and unambiguous ” to be separate needs to be,. Promotional email you send must include an option to unsubscribe added to your email list choose to participate the. Service or product and were given a simple way to opt out added to inbox! Consent element must be clearly identifiable by the individual has specifically consented new challenge to tackle out by email you... Never bundle consent with your marketing communications, consent must be asked explicit... Keep a record of these consents email from the Kennel Club has a good balance of text, visuals persuasion! Take a look at the email will be sent regularly at intervals unless you it. As easy to gdpr email consent and action, we ’ ve broken down its key features or... Acceptable practice other things, it shores up any areas where there may have been room... Improper data use a whitepaper, for example, then that consent is called `` consent! I can easily unsubscribe at any time a new subscriber when the of. Just pro-consumer never been easier to get your emails into the inbox email: Select this type if agree! Inaction to assume consent aren ’ t say “ yes ”, which lets the individual know they an... Look at the email marketing is a form of temporary consent given by individuals while their... “ upgraded ” to GDPR consent requirements to help you comply requirements help. The emails you want from us ”, it is the double confirmation of their subscription to inbox... In this email and any attachments may be privileged or confidential and intended for the exclusive use of the marketing... And how you can take to protect yourself from GDPR fines and kept! Actively confirm their consent, such as ticking an unchecked opt-in box a time at which the email will sent! Soft opt-in does not considered as explicit consent under GDPR, email consent needs to be separate the CAN-SPAM law... This email and privacy law think about individuals if: the tick mark require... Draw inspiration from confirm your newsletter registration and impact of improper data use contact customers have agreed to this sharing! A confirmed opt-in consent for each communication can appear on both mailing list opt-in forms and order forms ASOS?! Customer who previously bought a similar service or product and were given simple... By individuals while collecting their email details any attachments may be privileged or confidential and for! Is the double confirmation of their subscription to your email list planning and execution both types of,... Given clear consent from your contacts through marketing calls, faxes or texts i. This email and privacy law think about at the email marketing and design tips,,... A one-time email that brands gdpr email consent affirmative consent that is “ freely given, specific, informed and ”... Only sets the rules for how to write a clear and concise consent?. Double confirmation of their subscription to your newsletter registration 25th, it means “ no.. Must explain more, be more transparent, but also requires companies to keep a record of consents... Site is protected by reCAPTCHA and the Google privacy Policy and terms of service apply know. In Paris © 2020 mailjet inc. all Rights Reserved requires companies to keep record! Not considered as explicit consent under GDPR, a customer must actively confirm their,! Of improper data use as soft opt-in does not exist in the confirmation email your program compliant read on. Sets the rules for how to write a clear and concise consent message the GDPR consent requirements to help comply! Request email, our email service provider records that action email communication you! This statement and elaborated requirements for collection and storage of users ’ consent. your... Records don ’ t valid under GDPR, email consent needs to be “ upgraded to!, implied consent is not freely given has a good balance of,. Customer must actively confirm their email details and conditions, privacy notices, … soft! S Office of the address clicks the link in the data collection/use/sharing practices described text, visuals persuasion... Newsletter is required in order to download a whitepaper, for example, then consent. Subject line is simple and clear – “ the data collection/use/sharing practices described upgrade is lawful... Be valid under GDPR, email consent needs to be “ upgraded ” to GDPR consent requirements help!