The General Data Protection Regulation: are you at risk of breaking new European spam laws?

It’s now just over a year until landmark changes to anti-spam and privacy laws will have a major impact on marketing campaigns across Europe. The tough-sounding General Data Protection Regulation – or GDPR to friends – will become effective in all European Union (EU) states from May 2018. It seeks to bring order to the series of differing privacy rules that are currently effective in Member States. It follows a similar law that was passed in Canada three years ago that has led to the prosecution of several companies.


Currently the EU E-Privacy Directive sets out common goals across Europe but allows countries to set their own laws. GDPR is a regulation, which means it will immediately be enforceable as a blanket law in all states.


EU directives are often met with suspicion, and – perhaps especially in Britain – can be seen as a burden on business. While companies must make sure they are compliant with the new laws, it’s not all doom and gloom. Cross-border operators will surely benefit from greater consistency across European markets. The new laws should also have a positive effect on the quality of marketing campaigns as businesses must now persuade the public to willingly sign up to their contact list.


Here we look at the major points of theGeneral Data Protection Regulation and how you can make sure your business is ready for the changes.


1 General Data Protection Regulation Risks

Before we look more closely at the directive and how it affects marketing campaigns, let’s become familiar with the penalties for non-compliance. This should focus your mind.


GDPR not only comes with stricter regulations around consent and the use of personal data, but also with draconian penalties for businesses that carry on regardless. Non-compliance with GDPR can lead to fines of up to €20m (£17m) or 4% of a brand’s total global annual turnover. Click here for a General Data Protection Regulation fact sheet created by the European Commission.


The authorities might not be able to prosecute all offenders across Europe, but don’t take risks. Canadian corporate training company Compu-Finder was fined C$1.1m (£670K) in 2015 for what the country’s authorities called a “flagrant” violation of anti-spam legislation.


2 Consent

You now have to get consumer consent before adding them to marketing lists. Just to be clear, evidence of consent must exist for anyone on the list, no matter when they were added. If you cannot provide proof of consent for some of your subscribers, you should not contact them anymore.


Furthermore, content can’t be bundled with other things, like sending a question via a contact form or downloading a white paper. There must be an explicit Opt-in for marketing.

Opt-in has already been the case in many European countries under the EU Privacy Directive, but General Data Protection Regulation further specifies that brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR.
Storing consent forms is something that most data owners have never had to do before, but in the future, all forms will have to be presented if requested. Is it worth keeping these details? See penalties outlined above!


3 Responsibility

With responsibility for Opt-in now confirmed, companies may have to now think twice about buying pre-packaged lists of contacts. While many owners of such information may be reputable, it might be a risk not worth taking. The burden of proof that sufficient consent has been given lies with the company. GrowthMinds would advise you to own your data with email so that you can be certain that you are adhering to the Opt-in criteria.


Within the company make someone responsible for General Data Protection Regulation and for compliance to ensure that privacy statements, data removal process and retention of consent forms is managed properly.


There are three ways marketers can audit their databases: manually look for European suffixes in subscriber profiles; work with an email service provider (ESP) to develop channel specific strategies that eliminate EU addresses; or create opt-in subscriber information based on physical location data.


UK companies can be sure of meeting requirements by looking at this handy checklist prepared by the Information Minister’s Office.


4 Opportunity

With Opt-in rather than Opt-out now the rule, it is more important than ever to offer high-quality content so that people will want to subscribe. Troubling people’s email accounts with trash will not persuade them to sign up for more of the same.


General Data Protection Regulation could be a landmark moment in marketing as companies are forced to find new ways to recruit contacts willingly. Content must offer something that people want, whether it makes them wiser, richer or LOL. The potential for regular offers, discounts and promotions will also play a key role in attracting sign-ups. Just make sure its explicit that they’re signing up to receive marketing correspondence.


To find out more about how enhanced marketing campaigns can work for your business, please Opt-in to a conversation with GrowthMinds. Get in touch!