Cordial Experience Inc. does not provide legal advice. If you are in need of legal advice, you should consult your legal team or a licensed attorney in your area.
The General Data Protection Regulation (GDPR) is intended to protect all European citizen's data privacy rights, replacing the Data Protection Directive (Directive 95/46/Ec) originally adopted by the European Union in 1995. This new regulation further mandates the ways in which businesses use, share and collect data.
- Obtain consent now!
- Be sure to check that any existing opt-in email addresses have been obtained in ways that are GDPR compliant.
- Ask for permission again if you are unable to identify how, when and where original consent was obtained.
- Remember that proper expectation setting must be done at time of consent.
- Send a re-permission series, as opposed to just one attempt at obtaining explicit consent.
- Only hold on to data for as long as necessary. There is a bit of ambiguity here, but better to be on the conservative side; we recommend 2 years.
- Remember that implementing a preference center is a great way to offer your customer base options as to where they may receive future marketing efforts.
- Always provide an easy to find, one-step unsubscribe mechanism for all marketing emails.
- Do Not forget that GDPR comes into full effect on May 25, 2018!
- Do Not think that because you are a US based company, GDPR does not apply to you.
- Do Not utilize pre-checked boxes. They are not compliant under GDPR.
- Do Not re-permission subscribers who have opted out for any reason.
- Do Not forget that your company must provide an inconspicuous method of unsubscribe so that recipients may withdraw their consent at any time.
- Do Not mail to subscribers who have not engaged in a reasonable amount of time. Put yourself in your customer's shoes and define this timeframe as such (2 years is recommended).