This is -by far- the subject we have been asked the most about. How do you approach email newsletters, especially as a small business/ charity with say a few hundred contacts? Do you just click ‘Delete’ to the details of people who don’t respond to your emails asking for more detail?
In short, the answer is unclear, but there are a number of approaches which we’re seeing implemented. The exact implementation you choose is going to be specific to the data you have, how it was collected, and the relationship you have with those people, but here are 3 possible solutions.
Before we start though, keep in mind the purpose of GDPR – protecting people’s Personal Identifiable Data and using it for the purpose intended. As long as you keep to that then whatever approach you choose should hold up to ‘trying to implement GDPR’.
1. Consent Statement or Bust
This approach is pretty simple – if you have a consent statement from someone then you can send them email. If you don’t then you don’t have the right to contact them after the 25th of May.
Hence you send out an email now, asking people to click on a button to confirm they want to hear about the great things you are doing going forward. If they don’t they won’t hear from you.
This does mean you can be sure post the 25th of May that everyone on your list has opted in by clicking on that button in the email you sent. However it has a number of potential downsides:
- Only about 30% of people every open a given email, and even less click on something, so you’ll have to send quite a few reminders to ensure everyone takes a ‘positive’ decision – and if you do send a lot of emails then people might decide ‘negatively’
- Due to the volume of such emails people decide to simply not respond to all, taking it as an opportunity to clean up their inbox and remove a lot of the email newsletters they get without lifting a finger
- Your recipients are interested in what you’re saying but just too busy or your email about GDPR is too boring that you don’t click on it
2. Updating Consent
This approach takes the starting point as:
- Consent was given for those signing up on the email newsletter, eg. they signed up at an event, through the website
- There are not any purchased lists or people who would not consent to being on the list
- There is already a way to easily unsubscribe (eg. using a system like MailChimp)
Hence to stop sending these people updates about what you do doesn’t make sense, as they do want it, but you can take the opportunity to update the data you have (for the benefit of these people) so you communicate with them in the way they prefer.
So you send out an email with a link to an ‘Update’ form on your website, but still mention the ‘unsubscribe’ option on your emails too. This ‘Update’ form allows people to fill in the right details, tick how they would like to be communicated with and crucially includes a GDPR statement.
3. Updated Privacy Centre/ System …
You may have noticed that the bigger players aren’t sending you either of the above, but a link to some kind of ‘online data privacy centre’ or when you login to the likes of Facebook showing you a ‘privacy’ message where you can change settings.
Of course in many cases this isn’t applicable to/ feasible for small organisations, but the point here is that they aren’t implementing the ‘Consent or Bust’ approach, but rather a ‘we have consent, here are some digital tools to give you more control/information’.
Of course in reality these ‘privacy centre’ solutions are a bit confusing for end users at present but that should clarify and standarise over time as legislation clarifies. The point is, they’re not removing you from their systems deliberately, or even really making it easy to do so.
The possible example of where this is similar would be an online shop. You have to keep their details for the purposes of financial records, i.e. name, email and address with orders and there’s a system for the customer to edit things. In terms of GDPR there isn’t much to do.