EU-General Data Protection Regulation (GDPR)

How to get your newsletters ready for GDPR – plus check list

screenshot: cleverreach eu gdpr

GDPR will apply from May 25, 2018 to all EU-based companies that work with personal data.
This typically includes the name, mailing address, date of birth, email address, IP address and cookies.

In this respect, the new EU General Data Protection Regulation coincides with the previously valid German Federal Data Protection Act (BDSG). In other areas, however, GDPR will replace and supplement the BDSG.

That’s why companies should review and adapt their data protection measures in time. This includes large corporations, online shops, medium-sized companies, start-ups and even clubs. Not so easy to keep track of all to-dos!

But don’t worry: We’ll give you all the relevant information on how GDPR affects email marketing and what needs to be done.

Download CleverReach® GDPR checklist

1. Email Marketing Software

screenshot: EU-DSGVO Illustration Software

You need a contract for order data processing with your respective service provider in accordance with the new legal situation. From May 25th on, you are also obliged to document to whom you pass on personal data.

The good news: As a CleverReach® customer, you will have the opportunity to digitally update the GDPR-compliant new conclusion of your order processing contract with us by this deadline! Watch out for a respective mail including a link in your mailbox.

Download CleverReach® GDPR checklist

Further Questions

Landingpage DSGVO Illustration Anmeldung

If you have any further question, please contact our support.

2. Address data base

screenshot: EU-DSGVO Illustration Adressdatenbank

To be allowed to continue using email addresses you’ve collected so far, you should check whether these “old” consents meet GDPR criteria.

If not, rectify and obtain consent again if necessary.

Download CleverReach® GDPR checklist

3. Newsletter subscriptions

Landingpage DSGVO Illustration Anmeldung

From now on, the user’s consent must always be given actively and after being informed of their right of withdrawal – preselected checkboxes are not permitted. A legally compliant method is double opt-in, that many companies already use (automatically preset in our software for all applications). It also applies:

  • For a newsletter subscription, you are only allowed to ask for your recipient’s data that you actually need for sending your newsletter, i.e. their email address and contact name.
  • Document the consent of your users – email, date, time – preferably electronically (Tip: this function is also available in CleverReach®!)
  • Link your updated privacy policy to your newsletter registration form to inform users of what is happening to their data.

Download CleverReach® GDPR checklist

4. Newsletter unsubscribes

Landingpage DSGVO Illustration Abmeldung

Ensure that the withdrawal of data use is possible at any time and without disadvantages for the recipient. Unsubscribing from the newsletter must be as easy as subscribing (e.g. unsubscribe option in the template).

Please also note: Your recipients have the so-called “Right to be forgotten”– they may request to delete their personal data, unless there is a legitimate reason to continue storing them.

If you are already using the CleverReach® software, you are well positioned against this background, because:

  • Unsubscribe links are automatically integrated in our forms, and

Just in time for the deadline, there will also be a deletion function that newsletter recipients can manage themselves.

Download CleverReach® GDPR checklist

5. FAQ: Questions on GDPR

screenshot: EU-DSGVO
  • Further information and guidelines on GDPR – and especially on email marketing – can also be found in an interview with our Chief Legal Officer Konrad Frerichs.
  • We haven’t answered all your questions? Have you encountered problems, conflicts, doubts about certain processes or interfaces during the implementation of the new data protection regulations regarding your newsletter marketing? We regularly update our customers GDPR FAQs. If you have any further question, please contact our support.

 

Question: What does a newsletter registration form have to contain in the future to be GDPR-compliant?

A registration form must meet the following requirements (as with current case law):
a) exact description of what the person concerned agrees to (i.e. exact type and purpose of data collection)
b) right of withdrawal and storage time of data
c) Consent must be voluntary and explicit and not linked to any other benefits
d) The privacy policy must be confirmed to ensure the person concerned has noticed it.

e)The consent with the respective text must be saved and displayed in the form as well as in the Double-Opt-In mail – this also has to be recorded (when you’re using a CleverReach form, CleverReach records all subscription data)
f) Data economy: Only the email address may be entered as mandatory information (at least for the newsletter form).

Question: Does a link with the data protection declaration have to be displayed in the form and/or actively confirmed via a tick?
Yes (see point d) of the previous question).

Question: Since we use your tracking functions – do we have to mention this already in the registration form or is this sufficient in the data protection declarations?
From our point of view, it is sufficient to refer to this in the data protection declaration.
Insurance through your legal advisor is recommended.

Download CleverReach® GDPR checklist

Question: What exactly does the privacy policy have to say…. is there a model version?

screenshot: cleverreach

This is hard to generalize, as each customer has different requirements. Accordingly, we cannot provide standard texts. From our point of view, however, the following information should be part of the declaration:
a) Exact, transparent and easy-to-understand explanation of what happens to the data (where they are stored, that CleverReach has been commissioned as a service provider and an agreement on order data processing exists)
b) The exact purpose and type of data collection
c) right of withdrawal
d) Storage time and location
e) any tracking measures, if opens/clicks are evaluated in a personalized way. The person concerned must know that their open and click behavior is tracked (if used)
f) Right to obtain information on data and deleting/blocking

Download CleverReach® GDPR checklist

Please note

Landingpage DSGVO Illustration Anmeldung

Please note that we do not provide general legal advice and can only make recommendations for which we assume no liability.

We recommend consulting your legal advisor on this topic, since you are responsible for acting in accordance with GDPR.

Any questions? Submit inquiry

Get started for free with CleverReach®!

screenshot: cleverreach

Manage

  • up to 2,500 recipients
  • and send up to 10,000 emails per month for free!

Our free price plan has no limited running-term. There is no setup fee and no contractual obligations.

If you need to send more mailings you can choose between our prepaid plan and our flat rate. Our price plan calculator will tell you which plan is the best for you!