Dit is een gastpost van het team van Mailjet. Lees meer op het Mailjet-blog .

Consumenten worden steeds meer bezorgd over hun persoonlijke gegevens en privacy. Volgens een enquête van Gigya vertrouwt 68% van de consumenten niet op merken om hun persoonlijke informatie op de juiste manier te behandelen. Om de rechten van inwoners van de Europese Unie te versterken, hebben EU-wetgevers de Algemene Verordening Gegevensbescherming (GDPR) aangenomen .

Als verordening inzake gegevensbescherming treft de AVG organisaties die persoonsgegevens van EU-ingezetenen verwerken, wat een sterke impact heeft op marketeers. Terwijl de AVG op 25 mei 2018 van kracht wordt, verwachten slechts 54% van de bedrijven die deadline te halen, aldus Econsultancy .

We bespreken de belangrijkste stappen die e-mailmarketeers moeten ondernemen om te zorgen voor naleving van de GDPR.

Snelle feiten over de GDPR

De AVG is een verordening waarmee het Europees Parlement, de Raad van de Europese Unie en de Europese Commissie de gegevensbescherming voor EU-ingezetenen willen versterken en uniformeren. Dit wettelijke kader vervangt de huidige EU-richtlijn gegevensbescherming door aanvullende vereisten waaraan bedrijven moeten voldoen.

While the GDPR may seem overwhelming, here are a few quick facts to get you up to speed:

When does it become enforceable? The text was adopted in April 2016 and will come into effect on May 25, 2018. It’s imperative that companies take immediate action to ensure compliance.

Who must comply? The GDPR concerns the process of European citizens' data but has an extraterritorial application. All individuals and companies, regardless of their country of origin, who collect and/or process data from European Internet users must comply. The GDPR is also applicable to third parties such as subcontractors or hosting companies.

What happens if organizations don’t comply with the GDPR? Several levels of fines are stipulated by the European Parliament. The maximum penalty for organizations in non-compliance with the GDPR can be up to €20 million or 4% of annual global turnover, whichever is greater.

Is your company compliant? Take this short quiz and assess your company according to the new General Data Protection Regulation. You will be provided with a detailed overview of your company’s readiness.

How Will the GDPR Affect Email Marketing?

As an email marketer, you need to collect freely given, specific, informed and unambiguous consent to comply with the GDPR. That means, you’ll have to adopt new practices like:

• Consumer opt-in permission rules;

• Proof of consent storing systems; and

• A method for consumers to request removal of their personal information.

Opt-in Permission Rules

Since the GDPR requires explicit consent, practices like obtaining consent by default using a pre-ticked box at the bottom of a form (passive opt-in) are not acceptable.

Instead, using a double opt-in is recommended. This method consists of obtaining consent twice before adding users to your marketing lists:

• First, when they fill in a form on your site;

• Second, by sending users a confirmation email where they will have the opportunity to affirm or deny their consent (by clicking on a confirmation link or by re-entering their email address for example).

(Click here for larger image)

Also, consent messages need to be easily understandable. Confusing or vague language (double negatives or inconsistent language) is not allowed.

An example of a clear and concise consent message is:

“You agree that [your organisation name] may collect, use and disclose your personal data which you have provided in this form, for providing marketing material that you have agreed to receive, in accordance with our data protection policy [available at link]. Please tick the relevant boxes below if you agree to receive: [boxes]."

Proof of Consent Storing Systems

Under the GDPR, you need to keep a record of how you obtained the express consent of the data subject. That includes: the data subject who gave the consent, when the consent was obtained (data and time stamp, for example), and the specific purpose for which the consent was given.

The record of the IP address, location, and time at which someone submitted a consent form is insufficient without a screen capture of the form itself. The confirmation email containing this information is recommended.

Keep in mind that the GDPR will apply to all of your data, not just the one collected after the effective date of May 25, 2018. For email marketers, you must provide evidence of explicit consent from current contacts. You will have to sort through your contact base and launch opt-in campaigns to obtain the explicit permission of your existing contacts.

Consumers Rights

Check your current procedures to ensure you are able to deliver on all data subjects’ rights, including:

• Right of access: provide full access to personal data upon request by a user;

• Right of information: clearly inform the user about how his/her personal data is collected and used;

• Right to rectify: modify or delete a user’s personal data upon request;

• Right of portability: offer users the possibility to retrieve their data in a readable and open format so that they can reuse it for their own personal use.

Profiling Under the GDPR

Profiling is a marketing automation technique. It is the practice of attempting to understand a person or group based on general characteristics or on past behaviors.

Data such as browsing history, education information, or buying habits can be used for profiling. The purpose is to predict the individual’s behavior to provide a more relevant marketing experience. For example, your team may send promotional emails on maternity products to women who searched for maternity items on Google.

The GDPR allows profiling, but you must comply with its requirements. Upon the data subject’s request to halt profiling, the processing must cease unless the controller demonstrates that the objection overrides the interests, rights, and freedoms of the data subject. Moreover, profiling and automated decision-making are not allowed on minors.

Prepare for the GDPR

Email marketers still have a few months left to prepare for the GDPR . Take actions to be compliant, including defining new consumer opt-in permission rules, creating consent storing systems, and developing methods for consumers to request removal of their personal information.

For the marketing industry, the GDPR is a turning point that can actually be positive for companies. While organizations need to rethink how they approach marketing, it’s an opportunity to improve how you interact with consumers and increase brand confidence.

Learn more about Customer.io’s commitment to the GDPR here.

• GDPR

Deel dit bericht