GDPR (General Data Protection Regulation) is a 2018 law by the European Union governing data privacy and security. The law applies to all businesses targeting or collecting data on people in the EU (regardless of where the company is based).
If your business is targeting people based in the EU, then this post will teach you how to create GDPR email campaigns that comply with the law.
First, let's start off with the complexity of the GDPR law; it has 99 articles and over a hundred recitals. However, this is not an excuse to not be GDPR-compliant. If you're unsure whether you're following the rules, you should consult advice from a legal expert. The fines for those who don't comply with the rules are harsh and high - they can even reach into the millions!
But besides that, you want your contacts to trust you! If you take advantage of personal data people have shared with you - and they find out - you'll be in big trouble not only with the law, but also with your clients. Don't risk losing loyal customers; according to Outbound Engine, "acquiring a new customer can cost five times more than retaining an existing customer".
Under the new rules, you need to receive explicit consent from your contacts about your engagement with them.
HubSpot makes it easy to track this consent through detailed contact records. Luckily, a core tenet of Inbound Marketing is providing valuable content in order for someone to willingly exchange their personal data for that content (normally through forms or gated content). With GDPR, we just need to be more specific about how you will store and use their data. This is often called lawful basis to process and lawful basis to communicate (source).
Essentially, what this means is that you need to update your privacy policy and cookies policy to be specific and clear (if you haven't already done so). These policies will accurately explain what you or any third-parties are doing with user data.
Your current emails could be violating GDPR in these common ways:
For the contacts you do not have GDPR-compliant consent from or those you're unsure of, you need to carry out a GDPR email campaign for re-permission. This will give your contacts the opportunity to refresh their consent. If they don't give you GDPR-quality consent, you need to remove them from your mailing list (source).
Existing subscribers before the GDPR-era law may very well have explicitly opted-in, but you should consult with a legal expert if you have any doubts. If you do not have proof that they gave explicit consent, you should consider adding them to your re-permission campaign.
If you have proof of consent, you have a legitimate interest to communicate with them, and there is an unsubscribe option, you can probably keep them on your mailing list.
Anyone who was automatically opted-in via a pre-checked box or purchased mailing list will need to be included in the re-permission campaign. Do not send any communications to people that have opted-out. (source).
How you structure your re-permission campaign emailings is ultimately up to you, but mbudo can offer you some tips to increase your chance of success:
We know what you're thinking: "Am I going to lose my entire mailing list by running a re-permission campaign?" The answer is: probably not. What you'll most likely see is similar engagement to what you're seeing now. The people who are opening and clicking your emails already will probably renew their subscriptions and those who are dis-engaged will continue to be so. In the end, it's only to your benefit to spend time, effort, and resources on those who are interested in you. In fact, you may increase your open and click-through rates and decrease your spam reports (source).
Just remember, you may lose some people on your mailing list, but Inbound Marketing is all about quality over quantity.
HubSpot has been on top of GDPR since it premiered in 2018. Administrators can now set the account defaults to take GDPR into account through a variety of features:
Still need more info on this topic? Discover HubSpot's ultimate guide to GDPR. After you've made sure that GDPR compliance is in order, don't forget about crafting a great Marketing email. Here we offer you 5 tips. And discover our write-up on creating your Content Marketing Strategy.