This is the definitive list for your GDPR email marketing, in order to be in compliance with the new EU GDP regulation, effective May 25, 2018.
We have successfully passed the ISO 27001 compliance examination and are now adding the finishing touches to our GDPR fine-tuning. Having spent a great chunk of our time on meetings with our GDPR-specialists, attorneys, GDPR updates, GDPR blog posts, GDPR documents, we gathered the steps you need to take for GDPR compliance.
Here’s the golden checklist we put together for you – it will be kept updated to the best of our knowledge, as new regulations or edits are being made:
Choosing Moosend as your GDPR compliant tool of choice is a no-brainer for many reasons, beyond double opt-in and easy access, modification, export, and delete your data (which make part of our services’ feature gallery). Here’s a few more:
✓ We are ISO 27001 certified which, on the transparency and user-security continuum ranks higher than GDPR, to begin with.
✓ Also, we store all of our data in European Union data centers.
✓ Moosend never sells or shares your personal data or your subscription data with third parties.
✓ The scope of data processing of our sub-processors is consistently and regularly audited and strictly limited to prestigious, reliable, world-class companies like Google (for Google analytics) and PayPal (for credit card transactions).
Make a comprehensive list of the following data and information:
One of the most important parts of the regulation is getting your subscribers’ consent and holding proof of this consent. To achieve this for your GDPR email marketing activities, the easiest way is to switch to double opt-in for all your mailing lists, available with your Moosend account.
a. Do you have proof of consent of your users allowing you to use their personal data? If you can provide adequate and satisfactory evidence of your users’ consent to receive emails (place, date, and so on), it appears that there is one thing less to worry about. Move on to the next step!
b. If you do not have proof of consent, you must reach out to your existing customers to get consent. It is highly recommended to start implementing the steps necessary as soon as possible, in fact, before GDPR comes in effect (May 25, 2018). You must get your customers’ updated consent. To help you in the process, we prepared two short drafts to reach out to your customers, and follow up with them (see below).
“Want to keep our exclusive offers coming? Make sure you click at the link below to remain on our mailing list with giveaways and freebies all year long. By clicking, you are also participating in our contest for 10 tablets and 30 tickets to [this] Broadway show!
I WANT IN!
If you have enquiries, please feel free to contact our GDPR department to provide you with additional details: email@example.com.
“Last chance to confirm your email address and personal details with acme.com!
As soon as you hit confirm, you enter our contest to win 10 tablets and 30 tickets to [this] Broadway show runs for another two weeks. Maintain access to exclusive material such as our previous publication of *** or sneak peek of ***, by clicking below!
Last, if you have enquiries, please feel free to contact our GDPR department. They will provide you with additional details. To contact our Data Protection Officer (DPO) directly, here: firstname.lastname@example.org.
This corresponds to your users’ right to be informed.
Your users can access their personal data which they have shared with you, at will.
Ensure that your GDPR email marketing tool enables this modifications. Moreover, establish processes for your business to monitor that this information is accurate. Hint hint: how we achieve this.
Overall, devise your own process to “forget” about a user. Practically, once an individual wishes to withdraw from your company’s communication and records, you should stick to the process you have set up so that they are permanently deleted from your GDPR Email Marketing and Automations platform, your CRM platform, even your phone records!
With respect to GDPR email marketing, find an email marketing service provider that has a secure process to delete a subscriber from your records. In other words, make sure your users can be “forgotten” without leaving a trace or them getting an email if they belong to another mailing list. Also, note that there is a data retention requirement, whereby a business may exclude an individual from their communication but retain the data for a specific period of time, as defined by the legislation in effect. Make this process easier for you by joining forces with Moosend; Moosend offers a handy “Suppress/Delete” option, to increase efficacy and security.
Run through all your custom fields and make sure all of them are used only for personalization or segmentation purposes. For example, consider the following: if your are in the business of technology and gadgets, asking for individuals’ age group or academic background is acceptable. However, asking a technology aficionado to provide their weight is not your definition of GDPR email marketing definition. Therefore, bear in mind that your users maintain their right to limit processing of their information.
As a case in point, CSV or Excel documents are the best fit for the purposes of data portability. Moosend enables these portable export file types for your entire list or part of your sub-lists.
In the case of GDPR email marketing, for example, the Unsubscribe link serves this purpose.
Finally, a DPO is charged with educating the company and staff on compliance, as well as training both parties on best practices. Other tasks include monitoring, auditing, maintaining records of all activities, while bridging every business with the GDPR authorities.