Jonas from MailerLite

Jonas7 min readTips and resourcesMarch 13, 2018

GDPR and how compliance can improve your email marketing

GDPR and how compliance can improve your email marketing

There’s been a lot of buzz around the General Data Protection Regulation (GDPR), which is the new set of guidelines that dictate how individuals and companies may acquire, utilize, store, and delete the personal data of European Union (EU) users.

If you have subscribers based in the EU, you are responsible for following these regulations even if you operate outside the EU. Now let’s face it, nobody likes change and new laws tend to limit what you can do. But the reality is that the GDPR is really good for email marketing and it will actually help improve your campaigns.

At its core, GDPR is about giving people more control over their personal data and how others are allowed to use their data. For email marketing, that means providing more transparency and clearer consent agreements when signing up new subscribers.

Even before GDPR, MailerLite always required its users to be transparent with subscriber opt-in. So the good news is that your email practices shouldn’t change much since our current terms and anti-spam policies are already quite strong. That said, there are a few new features that we will implement to ensure that you have all the right tools to comply to GDPR.

In this blog post, we want to help you better understand how GDPR specifically affects your email marketing.

If you handle customer data beyond email marketing or use other third-party tools that collect data, you should definitely check out the full set of regulations and talk to legal experts to ensure you understand the full extent of compliance.

Why You Need to Care About GDPR

Every time you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If any of those people are in the European Union, you must adhere to the new rules. But don’t stress! We’ll explain the basics and provide some tips to help you transition.

The GDPR was developed to modernize the current EU data protection laws with a stronger focus on an individual’s rights and privacy. While some of the legislation is stricter and the penalties for non-compliance are tougher, the ultimate goal is to improve trust in the digital ecosystem.

GDPR Rights and Compliance in Email Marketing

To that end, EU users will have several new rights to help them take more control of their own data. Here are the most important user rights that apply to email marketing:

1. Right to be forgotten

Gives someone the power to ask a company to delete ALL of the data that is associated with that person. This requires you to provide more than an unsubscribe button. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user.

2. Right of access

Allows your subscribers to ask exactly how you are using their data and for what purposes. If a request is made, you’ll need to provide a personal data report at no cost to them.

3. Breach Notification

Is mandatory under the GDPR, which means you have 72 hours from becoming aware of the breach to notify customers.

4. Right of portability

Lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’.

MailerLite currently allows customers to download user data if someone makes a ‘right of portability’ request. As seen in the screenshot below, you can export and save subscriber data to a PDF (Print) or a Json file (most popular format to transfer data).

GDPR Compliance in Email Marketing - subscribers

Now that each individual has the power to request or delete their data, you need to think about what data you really need and what data you can live without. The more data you collect, the more documentation and management is required to quickly address a data request.

If you prefer to collect a lot of customer data for your marketing initiatives, it’s important to note that the GDPR definition of personal data is far-reaching and includes things like behavioral data, IP addresses, biometric and financial data to name a few. Basically, anything linked to the individual is personal data.

  • Active consent means your subscribers need to initiate the consent. You can no longer include the checks within the checkbox and make the user remove it. The user must click the checkbox.
  • Explicit consent means that you need to clearly communicate exactly what the user is agreeing to and what the data is being collected for.

Beyond being as transparent as possible with your consent forms, you must keep a record of every subscriber’s consent. The burden of proof is on you to prove that the individual consented to your terms. One way to accomplish this is through double opt-in, which provides a paper trail of the transaction.

Revalidate All Your Subscribers

Important Update: Use GDPR Opt-in Forms

As of May 26, 2018, the revalidation template will be removed from our site. You must now use our GDPR-friendly opt-in forms to obtain subscriber consent.

If you are not sure that the people on your current lists gave consent or you don’t have a record of it, the onus is on you to revalidate all of your EU subscribers now.

MailerLite makes it easy for you to revalidate with a new GDPR template. You can simply go to Create New Campaign > Template Gallery > GDPR Template to find the pre-built template. We created the template with specific text to help you explain GDPR with a focus on revalidating your subscribers.

Here is a look at the GDPR template from MailerLite:

GDPR email opt-in example - consent form template - mailerlite

When your recipients click the “Stay On List” button, they are automatically moved to a new GDPR subscriber group within your MailerLite account. The “Unsubscribe” button will unsubscribe the person from your list.

The text throughout the template, including the button text, can be edited to fit your specific needs.

What MailerLite is Doing to Help You With GDPR

At MailerLite, we have been following the GDPR developments since they were first announced in 2016. One advantage of being based in the EU is that we are able to stay ahead of new European developments, and we’re not required to apply for a Privacy Shield certification like the companies outside the EU.

As we mentioned earlier, our current policies are not changing much because we have always believed in more transparency when obtaining subscribers. That said, there are a few features and changes that we are working on to help you deal with some of the new rules:

  1. We are reviewing all of our consent forms and making improvements to make it easier for our customers to be more explicit and to facilitate active opt-in.
  2. We are making sure that all of our current features are optimized to help our customers adhere to GDPR.
  3. We are considering new features that will help customers comply such as other data portability functionality and detailed data reporting.

When you are transparent and respect every individual subscriber like they are part of your family, your email marketing will succeed. That is what we have always believed, and in the long run, the GDPR will help more organizations build trust and improve the digital marketplace for everyone.

If you have specific questions about how GDPR affects your email marketing or have suggestions on how we can improve MailerLite for GDPR compliance, we want to hear from you!

*GDPR requirements will be enforced starting on May 25, 2018.

*This blog is for informational purposes and is not meant for legal advice.

Jonas Fischer

I'm Jonas, Content Manager at MailerLite. I’m not the 4th Jonas Brother, but I do write content (which is similar to being a teen heartthrob). After writing for a bunch of companies over the years, I discovered my professional passion—helping add some humanity to B2B marketing. Email is the perfect place to start!