GDPR is the latest effort to protect consumer data. Since it came into force in 2018, there have been many misconceptions about how the law impacts email marketing. We've rounded up nine myths about GDPR and email marketing to help you better understand what to do and how to improve your email marketing success.
9 misconceptions about GDPR and email marketing that are holding you back:
How has GDPR affected email marketing?
There's no doubt that GDPR has had an impact on email marketing. Before we talk about the myths surrounding GDPR and email marketing, let's take a closer look at some of the ways GDPR has changed things. Email Marketing.
Fast deployment leads to wins
Brands that have been early adopters of GDPR compliance appear to be seeing big improvements in their business. Email Marketing MetricsOnline purchasing, targeting, and participation in customer loyalty programs have all improved for many brands that were early adopters of GDPR regulations, leading to improved ratings. Customer SatisfactionTrust (Yieldify). Further supporting the benefits of GDPR compliance, Marketo reports that marketers who take a “marketing first” approach are 72% more likely to exceed their goals. Business Objectives They are more proactive about GDPR compliance than marketers who took a “legal first” approach to GDPR compliance. What's the difference? “Marketing first” marketers saw GDPR as an opportunity to build trust and stronger relationships with their subscribers and customers.
Clean up your email list
Did you know that your email marketing list is shrinking by approximately 22% each year? How often do you clean up your list? Many email marketers with subscribers in the EU have seen their email marketing KPIs improve since the introduction of GDPR, with 67% of marketers reporting improved deliverability rates and 74% reporting improved deliverability. Increase open rates75% reported increased click-through rates, and 67% reported increased conversion rates. Email marketing campaigns (DMA Marketer Email Tracker report) Additionally, unsubscribes and spam complaints also decreased (41% and 55%, respectively).
This is primarily because when GDPR was first introduced, email marketers were required to get opt-ins from their email marketing lists. This certainly reduced email lists, but it also meant that the subscribers who chose to remain on the list were the ones who really valued the emails they received. These subscribers were more open to marketing from the brands who stayed on their list, leading to better engagement, increased sales, and more opportunities to turn frequent shoppers into customers. Brand Evangelist.
Data values
Thanks to GDPR, consumers have a better understanding of how valuable their personal data actually is to companies. Given that 53% of consumers are willing to share their data for a “fair exchange” (DMA Consumer Attitudes to Privacy report), it's not surprising that marketers have been working to improve the quality of their emails and provide “valuable” content rather than promotional content. “Valuable” content is: Email Newsletter Provide valuable content to your subscribers that isn't necessarily sales-oriented, such as industry-related news, tips, advice, and resource guides.
9 common myths about GDPR and email marketing
Now that you have a better understanding of how GDPR has affected email marketing, let’s look at some of the misconceptions that have surfaced regarding GDPR and email marketing. Here are the nine most common misconceptions about GDPR and email marketing.
This blog post is for informational and educational purposes only. It should not be considered legal advice. Please consult your legal advisor to understand how the GDPR applies to you.
Myth #1: “I need to use double opt-in to be GDPR compliant.”
We start our list of misconceptions about GDPR and email marketing by talking about consent, whether double opt-in is necessary, and whether single opt-in is GDPR compliant (spoiler: it is).
Double opt-in means that after subscribers subscribe to your list, they have to take an extra step to verify that they really want to subscribe – they fill out an opt-in form and then receive an email asking them to confirm their subscription. For example:
This is a great way to ensure that only the most interested consumers actually make it onto your list. Many experts say that GDPR requires double opt-in to “prove” consent, but this isn’t actually true.
Yes, GDPR requires that you keep records of consent to prove that you actually got informed consent through a positive action (such as clicking a checkbox). However, how you get consent doesn't really matter. You could use a single opt-in that adds new subscribers to your list immediately. As long as you can show that they consented to receiving the types of emails you send them, you're good to go.
Myth #2: “I need to get consent again from everyone on my email list.”
When it comes to the myths about GDPR and email marketing, this is true to an extent: many email marketers are using GDPR as an opportunity to clean up their own marketing. Email Marketing Lists You could narrow it down to just your most engaged subscribers, but as long as you can prove consent from your subscribers or have another lawful basis to process their personal data, you'll be GDPR compliant. It basically boils down to three questions:
- In your opt-in form, have you explained how you will use your subscribers' personal data and what kind of content they can expect?
- Can subscribers easily unsubscribe from my list?
- Did subscribers to my email list opt in (and can I prove it)?
Did you answer “no” to any of the questions? If so, you should send a re-engagement campaign asking your subscribers to re-subscribe to your email list. If they don't subscribe, remove them.
Myth #3: “I use third-party service providers, so GDPR compliance is their responsibility.”
This is another myth about GDPR and email marketing, but it has a bit of truth to it: Data processors (third-party email marketing services) and data controllers (you, the owner of the data) share the responsibility of staying GDPR compliant. However, the data controller (you) controls how the data they collect is used. Email Marketing Services While companies are working hard to ensure their customers comply with GDPR regulations, at the end of the day, they are responsible for the data they collect.
Myth #4: “I need to change all my opt-in forms to add a checkbox.”
This is one of the easiest myths to dispel when it comes to GDPR and email marketing. The short answer is, no, you don't need to change your opt-in forms to add a checkbox. GDPR does not require you to add a checkbox to your opt-in forms in order to be GDPR compliant.
GDPR requires that you clearly communicate to your subscribers how you process, use, and share their personal data. You always have the option to obtain consent using a checkbox, but it's not required. If you don't want to use a checkbox, you can let your subscribers know how you'll use their data in a sentence or two.
If you are asking for consent for multiple communications, the GDPR states that consent must be piecemeal, not bundled. Therefore, if you are asking for consent for multiple purposes, it is best to use checkboxes or another method that allows subscribers to select which communications they consent to and which they do not. Important note: if you use checkboxes, they cannot be pre-checked.
Myth #5: “GDPR doesn't apply to non-profit, charitable or social organisations.”
The GDPR applies to all companies and organizations that operate in the EU or collect data from EU residents. Although the GDPR has caused panic in “big data” businesses, data security is a requirement for all businesses.
Current Data Protection Practices You need to ensure that you are GDPR compliant, which means taking the time to document what data you collect and how you use it, and making sure that you have a legal basis for each use of data. Once you have an outline, you should update your organization's documentation that references your data collection practices, such as privacy policies, data protection and data breach policies, and data retention and destruction policies.
- privacy policy: Explain to consumers or employees what data is being collected, how it is collected, how it will be used, and how they can revoke their consent.
- Data Protection Policy: Details of your internal procedures for handling personal data, including how you will proceed if that data is breached.
- Data Breach Policy: We provide a record of where security was breached, what actions were taken, whether the data breach was reported to the ICO (Information Commissioner's Office), what data was compromised, and the reasons for any decisions we have taken regarding this data breach.
- Retention and Disposal Policy: It details how long consumer data will be stored and how the information will be deleted or destroyed.
Depending on the size of your organization and the amount of data you manage, you may need to create more policies, but for most organizations, these four policies are a good starting point on the road to GDPR compliance.
Myth #6: “Data collected before May 25, 2018 is an exception and does not fall under the GDPR.”
This is one of the many misconceptions about GDPR and email marketing, but the answer is simple: GDPR covers all personal data collected, whether it was collected before the GDPR's effective date of May 25, 2018. If you can't prove consent for your existing subscriber list, you'll need to send a re-engagement campaign to obtain a record of consent, as mentioned in misconception #2.
GDPR also outlines the difference between relevant and irrelevant data. According to GDPR, any data that is deemed no longer relevant must be deleted. That means you'll likely need to do some data cleanup. But by only keeping the relevant information, you'll be able to create targeted marketing messages and won't have to sift through details that don't matter to your customers. Email Marketing Strategy.
Note: this does not apply to anonymous data that is aggregated and used for statistical purposes, so Google Analytics data is fine.
Myth #7: “Small businesses are not subject to the GDPR” or “Companies that operate outside the EU don't have to comply with the GDPR.”
As we said before, all businesses, regardless of size or purpose, must comply with GDPR if they operate in the EU or have subscribers in the EU. If you collect or process personal data of consumers, you must take steps to comply with GDPR.
Myth #8: “We have a GDPR policy in place, so we’re good to go forever.”
GDPR is not something you can “set and forget.” Technology and business are constantly growing and changing, so it's only natural that policies to comply with GDPR will change. As a collector and custodian of consumer data, it is your responsibility to understand best practices for protecting that data.
It pays to periodically review your policies to ensure they are still relevant and that no practices have deviated from them. Always be on the lookout for improvements to your policies to keep your subscribers' and customers' information safe and ensure your email list isn't filled with uninterested subscribers.
Myth #9: “GDPR will hurt email marketing ROI”
When GDPR first came into force, many email marketers were concerned that the new regulation would reduce their email marketing revenue. Email Marketing ROIBut that wasn't the case. According to Litmus research, US brands generated an average ROI of 38:1, lower than the average EU country ROI of 39:1, even though the US has much weaker anti-spam laws than its European counterparts.
Don't be fooled by GDPR and email marketing myths
Not complying with GDPR regulations will have a negative impact on your business as well as your subscribers and customers. It is important to consider the purpose of GDPR, which is to protect user data. With this in mind, brands can intentionally grow their email lists based on the quality of leads rather than the quantity of leads.
By clearing up these nine myths about GDPR and email marketing, you'll be better equipped to collect user data and use it in a way that builds trust — and ultimately drives revenue for your brand.
About the Author
Writer
Jacinda Santora is a copywriter, marketing consultant, and owner of JMS Copy. She enjoys combining her SEO expertise with her experience and love of marketing to create high-quality marketing related content.
