While the the General Data Protection Regulation (GDPR) is a new law coming out of the European Union (EU), it will impact marketers worldwide. Starting May 25, 2018, if you send an email to a person residing in the EU without their consent, there is serious money on the line. To the tune of €20 million or 4% of your company’s total global annual turnover (whichever is higher).
Even if your business doesn't operate in the EU, you're still subject to this law. That's because, unless you've explicitly asked every one of your contacts which country they are from, you really don't know if firstname.lastname@example.org is an email owned by a customer in the US or the EU. Now, you could simply block all traffic coming from Europe but that's not going to be a viable option for most.
That means that every marketer should be in the process of deciding what changes they should make to ensure compliance with the new law. To help, we've outlined some of the major implications that affect digital marketing programs. However, because every company has its own policy on the best way to comply with global privacy laws, we always recommend you discuss these changes with your legal team.
1. Ask every contact for their country
If you've already been doing this, great! If not, start ASAP.
2. Always ask for opt-in
Always ask a visitor to opt-in and be clear what they are opting into. It would also be wise to have a screenshot of the page if you ever need to prove that the language used was clear.
3. Be careful about pre-checking your opt-in box
If you want to pre-check the opt-in box, use smart forms to ensure the box starts as unchecked for EU contacts (that's part of the new law). For contacts in the US, you can pre-check the field. Though the safest thing would be to just never pre-check it for anyone.
4. Suppress contacts you are unsure of
If you haven't asked someone to opt-in and they haven't told you what country they are from, suppress them from any email blasts after May 25. To fill in the gaps, you can run a permission marketing campaign to get as many contacts as possible to opt-in and/or share their country before the law goes into effect. In the communication, you can use language about wanting to respect individual contact privacy in compliance with new international laws on the matter.
If you and your legal team are looking to learn more, here's a few helpful links:
EU website about GDPR: https://www.eugdpr.org/
Litmus blog: What Europe’s New Privacy Law Means for Email Marketers https://litmus.com/blog/gdpr-what-europes-new-privacy-law-means-for-email-marketers