Friday 25th May is an important date, and if you run a business that handles personal data, you might want to circle it on your calendar if you haven’t done so already. The new General Data Protection Regulations (GDPR) will come into force in less than one month, but despite the looming deadline, many businesses remain unprepared.

Marketing practices will see a huge impact from GDPR, but you don’t have to pull a Wetherspooons and wipe your entire email database to reduce the risks associated with data – it’s a simple matter of becoming GDPR compliant.


Compliance is key

We must start by stressing how important it is to play by the rules; GDPR has gained a lot of media interest in the last year partly due to the huge fines businesses will face for non-compliance. We’re talking up to €20 million, or 4% annual global turnover – whichever is higher.

From Friday 25th May, Marketers will need to rethink their existing email relationships with contacts and change the way they find, collect and store personal data. This means that contacts must provide clear consent in the form of a positive action in order for a business to send emails using their information – consent must be “freely given, specific, informed and unambiguous.”

Your customers will now have to manually select the emails to which they want to subscribe, rather than being automatically added to a mailing list because they’ve made a purchase or signed up to an online account.


What do I need to do now?

· Audit your existing database:

Under GDPR, you’ll need to prove that your data is compliant by demonstrating where you got it and how you asked for it. You will need to review your personal data and processing practices to weed out inactive subscribers as well as contact active subscribers to confirm their consent to receive your emails. More on that later.

· Keep a record of all email marketing practices:

Going forward, you should keep a clear record of all the personal data you hold, the purpose for the collection of this data and where your subscriber information is coming from.

· Make your opt-in language clear:

Remember the part about specific consent? Your customers must give you consent for using their email address and know what they’re giving consent for. Your opt-in form and privacy policy must be easy for your customers to understand and make it clear what data you’re collecting, how you will use it and how they can opt-out.

· Implement a double opt-in:

This will allow you to add an extra layer of GDPR protection for your business. A double opt-in means a user will have to confirm their wish to be added to your email marketing database twice by submitting their data using an online subscription form, followed by verifying their email address via a confirmation email.

· Beef-up your data security practices:

No one wants to plan for a data breach but it’s vital that your data security practices are up to scratch to avoid this wherever possible. Make sure staff are fully trained and cybersecurity is in place for breach prevention. GDPR requires businesses to disclose personal data breaches within 72 hours of becoming aware of it, so make sure you’ve got processes in place for quickly identifying those affected and reporting the issue if it does ever happen to you.


Now for the scary part…

Some businesses will have spent years building up their mailing lists, but GDPR also applies to legacy data and it’ll no longer be acceptable to simply keep contacts on these lists until they unsubscribe – you still need a record of when they opted in and what for. This makes some kind of re-permission effort essential.

The easiest way to deal with your existing list and convert as much of your database as possible is by running a re-permission campaign which will ask any contacts with an unverified opt-in to confirm they still want to receive your emails.

In reality, some people will unsubscribe – GDPR gives people a lot more control over what happens to their personal data, and many will take this opportunity to get rid of those emails that they’ve been meaning to unsubscribe from for a while. But sadly, the risks of fines from non-compliance are far too high to not take action.


It’s not all doom and gloom

The new legislation is undoubtedly the biggest change in data protection laws in the past 20 years, so it’s a pretty big deal. And while the regulations are probably causing a lot of headaches in the marketing world, they also offer businesses a fantastic opportunity to improve the quality of their mailing lists and the success of their email marketing campaigns.

It’s not only re-permission campaigns that will prompt businesses to get creative – GDPR will encourage marketers to think outside the box. Personal data will be more difficult to acquire, so we’ll no doubt see companies come up with innovative new ways to convince customers to provide their details.

Customers are more aware than ever that their personal data is valuable, as well as suspicious about which businesses are using it. GDPR also gives you the chance to build a more trusting and confident relationship between you and your subscribers, as well as offering your brand an opportunity to stand out from the crowd.

The truth is, email marketing is about to become far more restrictive, but this doesn’t mean it’s a lost cause. GDPR is an opportunity – but remember, you don’t have long to act! It’s vital that you implement changes and become compliant as soon as possible.