Reinforced on May 25, 2018, the GDPR or General Data Protection Regulation constitutes a regulation which applies to all companies carrying out their activities within the countries of the European Union . The main objectives of this legal framework are to allow European Internet users (majors and minors) to better control their personal data and for companies to operate under fair conditions in terms of competition. Faced with this change, marketers must add modifications to their strategy as is the case with email campaigns.
What exactly is GDPR?
Adopted in 2016, the GDPR underwent a reform in 2018 given the evolution of the digital age and the significant adoption of digital technology by European citizens. The GDPR, or also called GDPR in English ( General Data Protection Regulation), is a European law which aims above all to protect the personal data of Internet users . However, it has had a significant impact on companies' collection of prospect data.
This legal framework applies to any organization that needs to process personal data, regardless of its size, whether public or private . Personal data may be of different nature, such as the person's first and last name, telephone number, computer IP address, email address, etc.
The key measures mentioned by the GDPR
The GDPR sets out several measures but what we are going to present to you are only those which really have an impact on the activities of companies.
Traceability of collected data
Any company that collects personal data must guarantee (supporting evidence) that the processing of this data is compliant and secure throughout the process . This treatment must be traceable. This makes it possible to justify the deployment of legal practices during all manipulations carried out: collection, storage, use and sharing or destruction of the person's personal data.
Mandatory appointment of a Data Protection Officer (DPO)
The data protection officer ensures the application of all measures relating to the GDPR within your company. Its roles are:
- Keep informed and advise all those responsible for handling personal data on their regulatory obligations.
- Be the company's representative during inspections carried out by the supervisory authority.
- Provide advice on impact analysis in relation to data protection.
Total transparency when processing personal data
You cannot collect personal data without the person's consent. This is mandatory before collecting any data. Also, you must keep the person informed of the purpose of this collected data. The data controller and the subcontractor are obliged to be able to demonstrate by all means and at any time that the rules have been followed.
Right to data portability
The data collected can be retrieved by the data subject. A request for access to data may be submitted to the company. This means that the latter must prepare for a possible restitution of the data in digital and unencrypted format . The person is also free to transmit this data to another organization.
Notification of privacy violations
In the event of a data breach, the CNIL must be notified as soon as possible, no later than 72 hours after the incident. Fines of up to 20 million euros or 4% of the company's turnover are among the possible sanctions.
The do's and don'ts of making your email campaigns GDPR compliant
In email marketing, the personal data collected is the email address of visitors or subscribers to the company's site. Every day, there are more than 260 billion emails sent, a figure that continues to increase as the years go by. Hence the need to follow the following steps to avoid incurring a penalty that could be costly.
User account
Things allowed
When creating a user account, the boxes that are necessary to request your customer's consent must be unchecked . The text should also be easy to understand. The customer or prospect is free to unsubscribe at any time and you must inform them of this.
Things not to do
During account creation, you must not use pre-checked boxes or exploit silence and inactivity. The exploitation of silence is the act of taking advantage of the user's habits without their knowledge, such as checking a box to say "yes" (affirmation) and yet it must be the opposite given the content of the text.
Newsletters
Things allowed
Tell the person the purpose of the collection when they subscribe to your newsletter. This purpose is often to receive commercial proposals. Also indicate where she can modify her information or how she can unsubscribe.
Things not to do
You are prohibited from offering any discount on your commercial offers in order to get your visitors to subscribe to your newsletter. Let's take an example, this kind of offer cannot be offered: "Receive a 10% discount on your next purchase if you subscribe to the newsletter".
Sending emails
The first thing to do is to obtain consent from your subscribers for the collection of their email addresses. You need to store this proof somewhere in your database, because there will be checks. Sending email is legal when consent is obtained.
Use “double opt-in”
Generally speaking, double opt-in consists of having a double confirmation of registration from your subscribers.
The person indicates for the first time on your site that they are interested and want to receive your newsletter. Then this person automatically receives an email which asks them a second time to reconfirm their subscription to your newsletter by clicking on a link attached to the email. The subscription will not be validated if the person does not click on the link.
The GDPR aims to create an environment of trust within businesses and their consumers. Follow the rules and grow your business while gaining the trust of your customers.
How does Magileads comply with GDPR regulations?
– Our database is hosted on a secure, dedicated server located in France.
– We have several partner websites from which we collect opt-in data.
– Our activity is declared to the CNIL: DEPOSIT N°1982723.
– All our contacts have the right to review and can request to be deleted from our database.
We do not hold sensitive data allowing the clear identification of a natural person (medical data, identity number, personal address, etc.).
See the detailed article on the CNIL website: https://www.cnil.fr/fr/la-prospection-commerciale-par-courrier-electronique ).
