Many are still asking themselves what’s allowed and what’s not allowed.
Once upon a time, on May 25, 2018, GDPR started to strike terror into people’s hearts. Online shop operators, marketers and newsletter senders, as well as many others had long since heard of the “mystery” called GDPR. But still they weren’t quite sure whether GDPR was some kind of dark magic – and what effects it would have on the wide land of email marketing.
Almost a year later, many have recovered from the “horrors“ of GDPR, and Opt-ins and Double-Opt-ins are long part of our daily email marketing routine. But many are still asking themselves what’s allowed and what’s not allowed. And can you also do email marketing without any opt-ins? There’s still a certain insecurity amongst online shop operators and email marketers since GDPR entered into force. That’s no surprise, considering the numerous myths about Opt-ins that are rattling around.
We have conjured seven myths you shouldn’t believe in to continue sending your newsletters successfully and safely.
1. Myth No. 1
Receiving a business card allows you to send a newsletter to the owner.
As if! Consider the following: You’re on a trade fair and one of the visitors hands you their business card – and they tell you, they’re very much interested in your newsletter. Yes! You pocket the business card and are happy about the new address you’ve just collected. At this point in our story we have good and bad news for you. It’s not determined how you get the consent to send a newsletter. However, if you collect personal data, you have to be able to prove that you have the permission to send your newsletter to that specific person. Only then is your Opt-in GDPR compliant.
By handing you their business card, the prospect has given you their consent to use their email address, so far so good. But how do you want to prove that they really have handed you their business card in person? You could have also found that business card somewhere on the street or a third person could have given it to you…
Bottom line: Myth No. 1
Everyone must be able to prove, even years later, how they collected their email addresses and that consent was given voluntarily. In our opinion, the digital way is the easiest and safest way.
2. Myth No. 2
Double Opt-in is mandatory.
Well, that has to be true, right? Mandatory always seem right, one would think. But… surprise, that’s also a myth.
Usually, everyone who has subscribed to a newsletter receives a confirmation email to confirm their subscription. A common procedure for online shops. This prevents a third person from registering for the newsletter with the other person’s email address without their knowledge and thus causing spam.
Double Opt-in is not required by law. But in case you decide to do without the DOI, you can’t prove that this person has given their consent to receive your newsletter.
Bottom line: Myth No. 2
Even if Double-Opt-in is not mandatory, you’re always on the safe side when you do it.
3. Myth No. 3
You can ask whether a person is interested in your newsletter by sending them an email.
True or false? Definitely false. Because when sending an email to ask for consent to send newsletters, you have already sent a newsletter. That’s like when someone rings your doorbell on Sunday to ask if they may disturb you during your Sunday nap time. But they have then already disturbed you. In addition, your demand already falls into the area of advertising. Newsletter subscribers always have to give their consent for receiving a newsletter IN ADVANCE, even if it’s just an inquiry if they are generally interested in your newsletter. That also applies to all other digital forms like social networks, text messages, WhatsApp & Co.
Bottom line: Myth No. 3
Never send newsletters to potential subscribers to ask them if they’re interested in receiving your newsletter.
4. Myth No. 4
A newsletter consent is valid unlimitedly.
You can quickly see through this myth. When your subscribers object to the use of their data in your online shop or unsubscribe from your newsletter, their previously given consent becomes invalid and you can no longer use this email address for sending them a newsletter.
Bottom line: Myth No. 4
This myth is not true and has no exceptions. As soon as the subscribers unsubscribes from your newsletter, their consent is invalid.
5. Myth No. 5
Taking part in a lottery always ends in a newsletter email list
Especially online shops use lotteries to boost their sales or generate new newsletter subscriptions. Many ask themselves: May I or may I not link the lottery to a mandatory newsletter subscription? For a long time, this had not been clearly determined. But since May 25, 2018 at the latest, we have been able to say quite clearly that a lottery, which is necessarily linked to a newsletter registration, is not GDPR compliant. There are no exceptions. Those who want to try their luck and take part in a lottery may of course register for a newsletter if they are interested. However, the agreement is always voluntary and in a separate field or box.
Bottom line: Myth No. 5
Participation in a lottery may not necessarily be linked to agreement to receive or subscribe to a newsletter.
6. Myth No. 6
I can always contact my existing customers.
This almost seems as if it could be true. After all, these customers have already bought something from your online shop. So, they are potential interested people who you can send a newsletter to. As wonderful as this might sound, this is not the case. Your customers must of course have given you permission to send them a newsletter.
Bottom line: Myth No. 6
Before you send a newsletter to your existing customers, you need their consent in any case. In some cases, there may be some legal loopholes, but we don’t recommend you to take advantage of them.
7. Myth No. 7
Non-EU countries don’t have to comply with GDPR.
It is clear that the GDPR applies in all 28 states of the European Union. But what about those countries who are not part of the EU? Let’s take a closer look at this myth. Can companies from third countries, i.e. from countries outside the EU, really simply ignore GDPR?
We can answer that with a short and narrow no. For example, if the company has a branch office in the EU and also processes personal data there, this company must comply with the GDPR guidelines.
But what if, for example, an online shop from the US has no branch in the EU and only processes the data of newsletter subscribers or buyers living in the European Union? Online shops in particular often track the personal data of their subscribers and buyers in order to adapt their product offers or the content of their newsletter. There’s a clear rule: If personal data of people located within the EU is processed, the online shop must adapt its business processes, such as email marketing, to the guidelines of GDPR.
This also applies if only the data processor is located in the EU. If, for example, a US customer only has recipients from the US, but uses an EU service provider, the company must comply with GDPR.
Bottom line: Myth No. 7
In many cases (as described above), companies such as online shops located outside the EU must also comply with GDPR. This also applies if only the data processor (e.g. CleverReach®) is located in the EU.