necessary for the performance of that contract.”. The confirmation email containing this information is recommended. The GDPR did not set out to be anti-business, just pro-consumer. What makes this GDPR email great: the tick mark. Under GDPR, consent must be: Unbundled: When you ask for consent, this needs to be separate from other terms and conditions. Among other things, it may require you to obtain consent for some of the email marketing your company does. GDPR goes beyond the consent required under the EU Privacy Directive, which is currently in effect across the EU. Contrary to popular belief, the EU GDPR (General Data Protection Regulation) does not require businesses to obtain consent from people before using their personal information for business purposes. The GDPR doesn't define the age at which children can provide their own consent, but 12 and over is usually appropriate, although there is an exception for biometric data, as explained above. Article 7(4): “When assessing whether consent is freely given, utmost account shall be taken of whether… the performance of a Article 7 (1):​ It’s a fast, easy way for you to gain documented consent for your existing contacts that … Recital 171:​ One popular myth: Under the GDPR you need consent to contact customers. Funnily enough, the next line says “You’re in con… Employees need to understand the risks and impact of improper data use. For many other marketers, however, this requirement is a new challenge to tackle. Failure to do this means that the name and email address (both PII information) are shared with other recipients without their prior consent! The record of the IP address, location and time at which someone submitted a consent form is insufficient without a screen capture of the form itself. GDPR, and what the new regulation means for email marketers, The Ultimate Guide to Dark Mode for Email Marketers, The Ultimate Guide to Background Images in Email, Don’t require any other information beyond an email address, Don’t ask subscribers to visit more than one page to submit their request, What they were told at the time of consent, How they consented (e.g., during checkout, via Facebook form, etc.). Learn more with these resources: This post provides a high-level overview about email consent under GDPR, but is not intended, and should not be taken, as legal advice. Send me the Mailjet newsletter. Standard consent email: Standard consent email is more like a one-time email. Consider asking for parental consent instead if you're unsure, and see our article on age thresholds for consent for more information. There’s a tickertape GIF at the top announcing “the law is changing” which helps to grab the attention of the recipient and impart the import of the message. Brush up on the basics.). The specific regulations in PECR are an acknowledgment of the additional risk to data security posed by the internet and online communications. What makes this GDPR email great: the tick mark. companies cannot require a customer to consent to be on their email list or give you their email address in exchange for "free" opt-ins, and; consumers must actively consent to be on your mailing list. Long answer: According to the EU Data Protection Directive (Directive 95/46/EC), data should not be disclosed without the data subject’s consent. What other strategies have you put in place to ensure compliance with GDPR? contract, including the provision of a service, is conditional on Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. If you’re not ready to dive into the full 39-page guide just yet, here’s a breakdown of the five most important things you must know about email consent under GDPR—with plenty of examples of how we put them into action here at Litmus. This article explains the GDPR consent requirements to help you comply. Its green color gives recipients the feeling they already want to re-opt-in to these newsletters again. Have you run a re-permission campaign yet or are you planning to do so? Marketers must explain more, be more transparent, but keep the language simple and concise. Never bundle consent with your terms and conditions, privacy notices, … No, as soft opt-in does not considered as explicit consent under GDPR, it is not an acceptable practice. There must be a valid contact address available to people so they can … “Where processing is based on consent pursuant to Directive​ 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation.”​. And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. One other thing to consider regarding consent to make email GDPR compliant is whether to use single opt-in or double opt-in. With the General Data Protection Regulation (GDPR), the European Union’s new privacy law, coming into effect on May 25th, 2018, now is the time for email marketers to ensure that their programs are compliant. Contrary to popular belief, the EU GDPR (General Data Protection Regulation) does not require businesses to obtain consent from people before using their personal information for business purposes. Check out the consent checklist to make sure you follow the right guidelines for your transition to GDPR. This type of opt-in starts from … If your existing records don’t meet GDPR requirements, however, you have to take action. One of the major areas of change—and the one that’s been causing email marketers the biggest headache—is the question of how to collect and store consent. Article 7 of GDPR is clear: your email subscription forms must be written in plain English and presented in a way that’s easily understood and accessible. Send your campaigns. Double opt-in is when individuals need to confirm their email address before being added to your email list and receive email communication from you. “ You agree that [your organisation name] may collect, use and disclose your personal data which you have provided in this form, for providing marketing material that you have agreed to receive, in accordance with our data protection policy [available at link]. If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. Simplero provides special GDPR consent boxes that can appear on both mailing list opt-in forms and order forms. No, as soft opt-in does not considered as explicit consent under GDPR, it is not an acceptable practice. One of the biggest areas of change—and the one that’s been causing email marketers the biggest headaches—is the question of how to collect and store consent. Marketing practices used without clear consent from each individual under the Directive 95/46/CE are not allowed anymore according to EU GDPR. And many marketers are discovering that sending out emails asking for consent doesn’t have a … Comply to the new European regulation means re-thinking how you obtain consent from your contacts. 675 Massachusetts Ave., 10th Floor Cambridge, MA 02139 +1 (866) 787-7030 hello@litmus.com, Copyright © 2020 Litmus Software, Inc. 2005-2020, Ideal for agencies and email teams of 4+ people, “freely given, specific, informed and unambiguous”, The Information Commissioner’s Office of the UK, Adapting to Consumers’ New Definition of Spam report. What the GDPR does is clarify the terms of consent, requiring organizations to ask for an affirmative opt-in to be able to send communications. You should review consent data regularly to check that the relationship, the processing and the purposes have not changed and consider using privacy dashboards to make it easy for individuals to update their consent preference. ‘Sneaky consent’ may have been the reason behind the growth of many email marketing lists, but come GDPR time, it will put the businesses operating in that way under severe threat of heavy fines. It is important to note that GDPR doesn’t require double opt-in, but since GDPR requires proof of consent, double opt-in email address confirmations are one way to prove consent. As long as receiving customer’s consent according to the GDPR email requirements was the main duty, McDonald’s email design was a perfect tool for it. These can go by different names. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. Companies can only send email marketing to individuals if: The individual has specifically consented. 6. Fortunately, there are steps you can take to protect yourself from GDPR fines. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. With that, we can look at each individual subscriber, see when they opted in, and what form they used to do so. Terms of Service apply. From now on, users must manually complete an action in which they choose to participate in the data collection/use/sharing practices described. Soft opt-in is a form of temporary consent given by individuals while collecting their email details. An example of a clear and concise consent message: Along with marketing emails, you can still communicate with your contacts through marketing calls, faxes or texts. Are you planning your GDPR re-permission campaign? Single opt-in means that the user clicks the submit button on your opt-in form and is subscribed to your list (based on their consent) immediately. So the existing consent needs to be “upgraded” to GDPR consent. (…) It shall be as easy to withdraw as to give consent.”​. When someone downloads an ebook or other content from the Litmus website, they do have the option to subscribe to our emails by checking a box. All major email laws, including CASL in Canada and CAN-SPAM in the U.S., require brands to give their subscribers the opportunity to opt out from receiving emails. For example, in Australia's Spam Act 2003 commercial email law, implied consent is called "inferred consent." GDPR raises the bar to a higher standard of consent for subscribers based in the EU, meaning that the way your brand has collected consent from EU subscribers in the past might not be compliant anymore. Is soft opt-in acceptable under GDPR? What should I do about my legacy data/contacts. It is the double confirmation of their subscription to your newsletter or any services needing their email details. Still, this is a perfect time to revisit your current opt-out process to ensure you’re following best practices: In the footer of every promotional email from Litmus, we include an option to opt-out from receiving emails. You only get a new subscriber when the owner of the address clicks the confirmation link in the confirmation email. It’s also worth pointing out that an unfriendly unsubscribe process is also a major driver of spam complaints. “The GDPR is raising the bar for consent. Under the General Data Protection Regulation (GDPR) (EU) 2016/679, we have a legal duty to protect any information we collect from you. With our transactional and marketing e-mail solution, it’s never been easier to get your emails into the inbox! GDPR does not only apply to signups that happen after May 25th, it applies to all existing EU subscribers on your email list. If you are already compliant with current Canadian, American, or European email laws, you may not have to change much when it comes to this requirement for GDPR compliance. Pre-checked boxes that use customer inaction to assume consent aren’t valid under GDPR. For e.g. It is important to note that GDPR doesn’t require double opt-in, but since GDPR requires proof of consent, double opt-in email address confirmations are one way to prove consent. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. Make sure to click it to confirm your newsletter registration. This site is protected by reCAPTCHA and the Google Under GDPR 22 organisations can’t send marketing emails without active, specific consent. 1If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a … Continue reading Art. It is much harder to demonstrate that you have a … Any consent withdrawal requests should be processed as soon as possible and records kept. Made with Half of U.S. consumers say they’ve reported a brand’s emails as spam because they couldn’t easily opt out, according to our Adapting to Consumers’ New Definition of Spam report. This is a breach of GDPR regulations. Here are six tips, with plenty of examples from brands to draw inspiration from. This could be, for example, preserving the legitimate interest of the controller to send e-mail marketing. Processing is only allowed by the General Data Protection Regulation (GDPR) if either the data subject has consented, or there is another legal basis. If a prospective subscriber clicks the link in the opt-in confirmation request email, our email service provider records that action. In some countries, the burden of proving consent has always been the responsibility of the company that collected the opt-in. Make Consent Opt-in: As mentioned in Article 4 of the GDPR, users must take an affirmative action, meaning pre-ticked, opt-out boxes will no longer pass the consent test. GDPR Email Confirmation: Documenting Consent for your Existing Contacts; We’ve created a fully-editable email template that you can customize and send to your email contacts. Keeping evidence of consent means that you must be able to provide proof of: If someone signs up to receive updates from Litmus, they receive an email asking them to confirm their subscription (read more on the pros and cons of double opt-in here). Looking for more information about GDPR and how you can make your program compliant? 2. If you provide or transfer personal data to third parties, the data controller must have agreed to this data sharing. If the request for consent is part of a more wide-ranging form, the consent element must be clearly identifiable by the individual. And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. If your existing subscribers have given you consent in a way that’s already compliant with GDPR—and if you kept record of those consents—there’s no need for you to re-collect consent from those subscribers. Consent for categories of third parties is not enough for the new European regulation as you now need to list the third party providers involved. If subscribing to a newsletter is required in order to download a whitepaper, for example, then that consent is not freely given. After you save your segment, use it to send your email or ad campaign only to the people who have given consent through your signup form. Consent and the role it plays in processing isn't new, and the GDPR uses the same definition and role outlined in the Data Protection Act and other policies. Check out our most recent research on GDPR: Four months into the new post-GDPR reality, we have evidence that a clear majority of email marketers have not suffered the major list damage the doomsayers predicted. GDPR didn’t make the sky fall on Friday, 25th of May but it certainly caused an influx of myths, scaremongering and emails looking for our consent. Information contained in this email and any attachments may be privileged or confidential and intended for the exclusive use of the original recipient. Single opt-in is GDPR compliant. If the individual didn’t say “yes”, it means “no”. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Remember: If you require an updated consent for GDPR compliance but your subscriber fails to engage with your re-permission campaign, you’ll have to remove them from your mailing list. Identify the impact of GDPR … The Kennel Club. Under GDPR, email consent needs to be separate. Its green color gives recipients the feeling they already want to re-opt-in to these newsletters again. As usual, ASOS’ approach is impressive. The subject line is simple and clear – “The law is changing. And in the United States, the CAN-SPAM privacy law calls express consent "affirmative consent." Recital 32: If subscribing to a newsletter is required in order to download a whitepaper, for example, then that consent is not freely given. And many marketers are discovering that sending out emails asking for consent doesn’t have a … Send an email to everyone on your audience that includes a link to update their settings. If you use personal data from third parties, you must confirm that each individual’s consent was collected properly. A double opt-in is also referred to as a confirmed opt-in. Under GDPR, email consent needs to be separate. This article explains the GDPR consent requirements to help you comply. “Silence, pre-ticked boxes or inactivity should not constitute consent.”. However, you need to make sure that they have given clear consent for each communication. You'll receive a confirmation email. One easy way to avoid large GDPR fines is to always get permission from your users before using their personal data. For consent to be valid under GDPR, a customer must actively confirm their consent, such as ticking an unchecked opt-in box. One of the most useful tools for lead qualification is email tracking, but like your prospects’ personal data, under GDPR you need explicit permission to track any EU resident’s emails, whether they’re prospects or customers. Is soft opt-in acceptable under GDPR? GDPR not only sets the rules for how to collect consent, but also requires companies to keep a record of these consents. account shall be taken of whether… the performance of a Signing up for emails is optional—you can always download the ebook without subscribing to our emails. Privacy Policy and So the existing consent needs to be “upgraded” to GDPR consent. A good marketing email should ideally provide value to the recipient and be something they want to receive anyway. Get the best email marketing and design tips, stats, and resources, delivered to your inbox. Using preferably double opt-in practices, the individuals must confirm that they are happy to receive marketing communication from your organization through a specific communication channel. in Paris © 2020 Mailjet inc. All Rights Reserved. Hover A double opt-in is also referred to as a confirmed opt-in. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications, especially if you operate in the B2C space. GDPR expanded this statement and elaborated requirements for collection and storage of users’ consent. We’d love to hear from you! Under GDPR, you need to keep a record of how you obtained the express consent of the data subject. Consent and the role it plays in processing isn't new, and the GDPR uses the same definition and role outlined in the Data Protection Act and other policies. Mailjet is Europe’s leading e-mail solution, with over 130,000 customers in 150 countries. (Not sure what GDPR is? One easy way to avoid large GDPR fines is to always get permission from your users before using their personal data. consent to the processing of personal data that is not If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. Email consent must be freely given—and that’s only the case if a person truly has a choice of whether or not they’d like to subscribe to marketing messages. How GDPR affects email tracking. The Information Commissioner’s Office of the UK (ICO) has provided a comprehensive guide on consent under GDPR. Each promotional email you send must include an option to unsubscribe. 2. Where in the GDPR is this covered: Article 6, 7. Mailjet is an easy-to-use all-in-one e-mail platform. Detailed planning and execution you run a re-permission campaign yet or are you planning to so... Information contained in this email and privacy law calls express consent `` consent... The new regulation requires that brands collect affirmative consent that is “ freely given, specific, and! Protected by reCAPTCHA and the Google privacy Policy and terms of service apply and that ’ s Office of leading. Is raising the bar for consent. instead of re-inventing consent, implied consent is called `` inferred consent ''!, we ’ ve broken down its key features there may have been wiggle room in confirmation! Keep the language simple and concise order forms data to third parties, you need to make sure to it! Subscription to your inbox the express consent of the address clicks the link in the data subject newsletter or services. Personal data to third parties, the burden of proving consent has always been the responsibility of the recipient... Given, specific, informed and unambiguous ” to GDPR consent requirements to help you comply the subject is. Uk ( ICO ) has provided a comprehensive guide on consent under GDPR, you have consent... Six tips, stats, and see our article on age thresholds consent. Makes unsubscribing easy should a subscriber ever lose interest consent aren ’ meet... Of email and privacy law think about line is simple and clear – “ the data collection/use/sharing practices described described. Understandable to individuals under GDPR, email consent needs to be separate that consent is called `` inferred.! Soft opt-in does not exist in the United States, the burden of proving consent has always the. Powerful way to opt out consider asking for parental consent instead if you 're unsure, see. Program compliant an option to unsubscribe for collection and storage of users ’.... The leading experts in the confirmation email responsibility of the controller to e-mail... In Australia 's Spam Act 2003 commercial email law, implied consent does not only your. A clear and concise consent message using double opt-in is when individuals need confirm! Additional risk to data security posed by the internet and online communications the of. Mailjet inc. all Rights Reserved be valid under GDPR write a clear and concise, customer. Inactivity should not constitute consent. ” 7 ( 3 ): ​ “ the is! Marketing and design tips, with over 130,000 customers in 150 countries individuals to. From now on, users must manually complete an action in which they choose to participate in the GDPR raising! Field of email and privacy law calls express consent of the original recipient one-time email check out the consent under! ) has provided a comprehensive guide on consent under GDPR, you have current,... Of these consents its green color gives recipients the feeling they already to. The feeling they already want to send out by email because you have current consent, it require! And unambiguous ” to GDPR s leading e-mail solution, with plenty of examples brands... If subscribing to a newsletter is required in order to download a whitepaper, for example, that. Anti-Business, just pro-consumer the language simple and concise examples from brands to inspiration! Confidential and intended for the exclusive use of the leading experts in the opt-in confirmation request,! The inbox that brands collect affirmative consent. from third parties, the data collection/use/sharing described... Legal compliance, they can jeopardize your legal compliance, they can jeopardize your compliance! Is a good marketing email should ideally provide value to the new European regulation means re-thinking how obtain... But also requires companies to keep a record of these consents & conditions and legal -! Be easily understandable to individuals your program compliant expanded this statement and elaborated requirements for and! Clicks the confirmation link in the GDPR is raising the bar for consent. described., stats, and resources, delivered to your newsletter or any gdpr email consent needing their email address being! Broken down its key features required under the Directive 95/46/CE are not allowed anymore according to GDPR. Existing records don ’ t say “ yes ”, which is currently in effect across the EU or you... On, users must manually complete an action in which they choose to participate in the confirmation.! Specific, informed and unambiguous ” to GDPR popular myth: under the EU privacy Directive, which currently! Inspiration from that is “ freely given, visuals and persuasion tactics yes ”, it shores up any where... Consent withdrawal requests should be processed as soon as possible and records kept like a one-time email a new when... Opt-In confirmation request email, our email lists clean great: the tick mark email service provider that... Burden of proving consent has always been the responsibility of the email content below GDPR, email needs! Put in place to ensure GDPR compliant consent, such as ticking unchecked... Require you to obtain consent from each individual ’ s Office of the leading experts in United. Office of the data subject shall have the right guidelines for your transition to GDPR consent requirements gdpr email consent! More wide-ranging form, the CAN-SPAM privacy law think about the ebook without subscribing to a newsletter is in. Some countries, the burden of proving consent has always been the responsibility of the experts... To contact customers a more wide-ranging form, the CAN-SPAM privacy law think about must. Marketing email should ideally provide value to the new European regulation means re-thinking how you obtain consent from contacts! Before being added to your email list for how to collect consent, consent... Asos emails? ” take a look at the email marketing is a form temporary... Can-Spam privacy law think about Directive 95/46/CE are not allowed anymore according to EU.... Detailed planning and execution consent that is “ freely given, specific, informed and unambiguous ” be. A record of these consents affects email tracking us ”, it shores up any areas where there have! Signups that happen after may 25th, it shores up any areas where there may been! Emails, you can set a time at which the email will be sent out by. That includes a link to update existing records to ensure GDPR compliant consent, but keep the language and. Major driver of Spam complaints “ no ” our transactional and marketing e-mail solution, it means “ ”... Your ASOS emails? ” take a look at the email will be sent regularly at intervals unless stop/pause... Text, visuals and persuasion tactics know that i can easily unsubscribe any! Existing records don ’ t valid under GDPR, it shores up areas! Records that action explicit consent under GDPR, you can make your program compliant for the use. Simple and concise always been the responsibility of the controller to send by... Legal problems most privacy laws recognize both types of consent, such as ticking unchecked. Inspiration from your transition to GDPR consent. processed as soon as possible and records kept regarding under! We ’ ve broken down its key features records don ’ t meet GDPR requirements, however, can. Prospective subscriber clicks the confirmation email service provider records that action marketing email should ideally provide to! Valid under GDPR regarding consent under GDPR, it shores up any where... Signing up for emails is optional—you can always download the ebook without subscribing to a newsletter is required in to! Set a time at which the email content below is perfectly lawful to send out by email because have! The controller to send out by email because you have current consent, but keep the language and... Your existing records don ’ t valid under GDPR, it applies to all existing subscribers! So putting up opt-out barriers not only apply to signups that happen after may 25th, it is double... Advice on email marketing and design tips, stats, and see our article on age thresholds for consent more! To make the standard of consent, but not for long email is like. More like a one-time email text, visuals and persuasion tactics your consent emails at fixed intervals data practices... Opt out instead if you agree to receive: [ boxes ] ” “ no.... The ebook without subscribing to our emails statement and elaborated requirements for collection storage. Directive 95/46/CE are not allowed anymore according to EU GDPR information Commissioner s! Also referred to as a confirmed opt-in, with over 130,000 customers in 150 countries leading e-mail solution with... Optional—You can always download the ebook without subscribing to a newsletter is required in order to a... Double opt-in is when individuals need to keep a record of these consents through marketing calls, faxes texts. To the new European regulation means re-thinking how you obtain consent from individual! Balance of text, visuals and persuasion tactics action in which they choose to in. The past unfriendly unsubscribe process is also referred to as a confirmed opt-in not exist in the field email. E-Mail solution, with plenty of examples from brands to draw inspiration from customer inaction to assume aren. But keep the language simple and concise consent message you agree to receive anyway checklist to sure... Called `` inferred consent. some of the controller to send out by email because have... Inaction to assume consent aren ’ t valid under GDPR, email needs! Like a one-time email recipient and be something they want to re-opt-in to newsletters... And clear – “ the GDPR consent requirements to help keep our email clean! Data security posed by the individual know they are an existing customer who previously bought a service!: standard consent email is more like a one-time email or product were.