The top 3 questions about GDPR and how it will affect your email marketing
The countdown is on: the new EU basic data protection regulation goes into effect on May 25th!
To keep you on the safe side, we have summarized the most frequently asked questions (and of course the corresponding answers) our customers have asked so far on the subject of GDPR. These FAQs concern in particular the registration forms of newsletters, the content of the privacy policy and the use of tracking functions.
Note: Please note that we cannot provide general legal advice and can only make recommendations.
FAQ 1: What requirements do newsletter registration forms have to meet to be GDPR-compliant?
Good news – no changes here! The registration form must fulfill the same requirements as before GDPR. A check list of the most important things:
- exact description of what the person concerned agrees to (i.e. exact type and purpose of data collection)
- right of withdrawal and storage time of data
- Consent must be voluntary and explicit and not linked to any other benefits
- The privacy policy must be confirmed to ensure the person concerned has noticed it (the well-known and often-used checkbox)
- The consent with the respective text must be saved and displayed in the form as well as in the Double-Opt-In mail – this also has to be recorded (when you’re using a CleverReach form, CleverReach records all subscription data)
- Data economy: Only the email address may be entered as mandatory information (at least for the newsletter form).
FAQ 2: What exactly must be stated in the privacy policy?
Unfortunately, there is no across-the-board answer to this – that’s why we can’t provide a sample declaration at this point. Each customer just has different requirements. However, here’s an overview of information that we believe should definitely be part of your privacy policy:
- Exact, transparent and easy-to-understand explanation of what happens to the data (where they are stored, that CleverReach has been commissioned as a service provider and an agreement on order data processing exists)
- The exact purpose and type of data collection
- right of withdrawal
- Storage time and location
- any tracking measures, if opens/clicks are evaluated in a personalized way. The person concerned must know that their open and click behavior is tracked (if used)
Right to obtain information on data and deleting/blocking
FAQ 3: Does the use of tracking features have to be mentioned in the registration form or is it enough to place that information in the privacy policy?
From our point of view, it’s sufficient to indicate it in your privacy policy.
We recommend contacting your legal advisor for further information.
Hard facts about GDPR, explained by an expert, can also be found as a (video) interview with our Chief Legal Officer Konrad Frerichs.