With the upcoming GDPR changes (25th May 2018), we have been asked by many of our clients how to protect themselves, their clients data and make sure they’re GDPR compliant.
What is GDPR?
GDPR has been created in order to provide individuals more control over their personal data and to protect their identity. The regulations will also unify implementation across the EU.
You can break down GDPR into the following rights for the individual:
- The right to access any data that you may hold for them,
- The right to be forgotten, i.e deleted from your records,
- The right to provide explicit consent.
Essentially, if you ever collect, record, store, use, or erase personal data from customers or contacts in the EU, then the GDPR should be on your radar.
How to prepare your website and email marketing for GDPR
There are lots of things you can do to prepare for the GDPR here are a few things we think you can do to stay on the correct size of the new legislation.
- Mailchimp’s eCommerce/transactional emails. If you use the eCommerce features on mailchimp, such as automated transaction emails or abandoned basket emails, you will need to declare that you use their information for those purposes. To keep from spamming people not interested currently mailchimp will only send the first of an abandoned basket series to a potential customer. If the potential customer subscribes, or are already subscribed, they will receive the entire series of emails.
- Opt-in campaign. Create an opt-in campaign, start by sending several emails that ask your customers if they’re still interested in your services/products. If they haven’t replied, or completed a particular action, by the end of the series of email they will be unsubscribed.
- Permissions reminder. If someone would like to know how or why they are receiving an email from you, then in the footer of every mailchimp email should be the permissions reminder. To check that this is clear go to your mailchimp list then to ‘Settings’ > ‘Required email footer content’ and adjust the reminder as necessary remembering to click ‘save’ at the bottom of the page.
- Contact details. By law you are required to make sure the details of your physical address are correct and at the bottom of each email, this is so that people know you are not just spamming.
Creating a GDPR opt-in mailchimp campaign
As above we have recommended that you create an opt-in campaign series. We recommend a series of emails as 1 or 2 emails may easily be missed or not sent at a suitable time for your subscribers. We recommend sending 3-5 at different times of day, if you use mailchimps segmentation options you can make it so that it doesn’t feel like you’re overloading people. Here’s a rough idea of how to create the series.
- Create a Group in your list called something similar to ‘I would like to stay notified about future offers and news of the *business name*’ then add the options ‘yes’ and ‘no’.- Go to ‘Lists’ > select your list > click ‘Manage Contacts’ > ‘Groups’ > then click ‘Create Groups’ > choose the ‘dropdown’ option (you don’t want them to be able to select both!)
- Create a series of 2 or 3 emails explaining why people should continue to subscribe. In the body of the text or in an image add a link to *|UPDATE_PROFILE|*.- When creating the 2nd, 3rd, 4th, etc email you can segment the people who receive your message by adjusting the recipients. When selecting the ‘To’, in the campaign builder, select your list then ‘segment’ your list. You could send to all the ‘active’ subscribers or people that didn’t open the previous campaigns.
- After the series of emails has been completed go to the ‘Lists’ > ‘Manage Contacts’ > ‘Groups’ you will then be able to see who has chosen ‘no’ and select them all and unsubscribe.
We recommend you unsubscribe people who didn’t select ‘yes’ or ‘no’, these subscribers may not longer be interested and are already deleted, junking or sending to spam your newsletter, they are very unlikely to be key customers. If they are people who you think would definitely benefit from your information then you could send them an email directly or give them a call.
Some of the above may seem harsh and time consuming, but the fines applicable by failure to comply are potentially crippling to a business. In our opinion it is better to filter a big or unresponsive list of emails/people into a responsive and interested small list of people and build back up.
GDPR is a legal requirement, I am not a legal expert and all of the information above is provided as a helpful checklist.
Get our news direct to your inbox
Subscribe to our mail list