GDPR is real (and enforceable) to anyone that does business with EU residents, even if you’re halfway across the world. Time just flew by in all this prep work to become GDPR compliant, and no one had any fun – except for the data privacy experts. Those guys had all kinds of fun and an early Christmas. Everyone else had real talk and real confusion.
Disclaimer: EU data protection laws, including the GDPR, are complex. This blog post should not be considered legal advice. Please consult a legal professional for details on how the GDPR impacts your business.
So, why has this whole thing been so painful?
You could say that enforcing these EU laws is basically the equivalent of calling someone’s baby ugly. It points out that there’s something wrong with data collection and processing if businesses are not following best practices. And the truth hurts.
GDPR doesn’t seem to offer straightforward guidelines on how to correct course either. So, yeah…it’s been rough. And somewhat ironic, too. Those same laws call for change in the way we obtain consent, stating that it can no longer be assumed. Explicit laws with vague implementation directives, calling for explicit consent. Let that sink in for a sec.
SIGN UP It's easy to get started. And it's free. See what you can accomplish with the world’s best email delivery platform. Consent is dynamic GDPR covers several lawful basis for data processing, and consent is one of them. We need to shift our understanding of consent from permanent to dynamic. This means that consent under GDPR depends on the situation and is only specific to the activity. Especially on the marketing side, we have to start asking ourselves: do I have permission to send marketing messages to you? Are you expecting my emails? Even a wealthy, Nigerian prince who wants to share his fortune with me would need my explicit consent to continue sending me spam email! While someone unsubscribing from your emails isn’t quite the emotional roller coaster of an in-person breakup, it still freaks most marketers out. But really, why would you want to talk to someone who doesn’t want to listen to you in the first place?
With GDPR, customers must have the option to withdraw consent (objecting to use of information for direct marketing) if they decide they don’t want to hear from you anymore. And they need to have the choice to opt-out on an ongoing basis, the choice to update their consent status at any time, and the right to have their data eliminated. Oh, and if they want to take their data with them, you have to provide it to them.
This focus on explicit consent targets the prevailing offender: pre-checked boxes that are set up as the default option on forms, using some blanket statement in the terms and conditions of service. If you want to reach your contacts, offer them only what they’re interested in, and engage in a safe space where you have to ask for permission directly before engaging with them. A good example of this is the InMail feature on Linkedin. You’re only talking to someone there for a business purpose, and they decide whether or not to respond.
Conclusion GDPR is going to have an impact beyond EU borders, it’s just a matter of time before other countries implement similar provisions in some shape or form. We figured it’s better to get ahead of the game, even if you have a few short-term drawbacks. There’s a silver lining though. Your engagement with customers and contacts will be much improved, which is a great thing for email. It can lead to better conversations and also have a positive impact on your email deliverability overall.