Back to blog

General Data Protection Regulation (GDPR) and subscriber’s consent to receive emails.

GDPR subscriber consent

In less than six months, the General Data Protection Regulation, from now on referred to as GDPR, will come into force. Regulation is being implemented with the aim of strengthening the protection and limiting the free movement of the personal data of citizens of the European Union. This will apply to any organization, institution, in the world that will process the data of people living and operating in the European Union. In the past month, the topic of GDPR sparked a huge increase in interest on Google Trends.

Google trends GDPR snippet

How does GDPR affect you:

If you’re an email marketer, you need to get a verifiable permission from your email users. In other words, GDPR requires consent – they have to agree to receive your newsletters or promotions.

If you don’t have any proof of subscribers consent, we suggest you obtain it with the re-confirm merge tagthe deadline is May 25th 2018. 

Note: If you can’t prove that email user gave consent to receive your emails, Mailigen will not restrict you to send out emails after regulation comes into force.

You can process personal data without breaching GDPR if:

  • You have consent from email user where it states that you can send emails. It can be a written contract, audio file, or data about subscription form (IP of the user and the time when he subscribed and the form itself).
  • You need to fulfill legal obligations, e.g. for contract or invoice.
  • It’s needed to protect data subjects interests.
  • You have valid legitimate interests.
NB! To fulfill your legitimate interests, you don’t need consent from the subscriber, but these interests must be compliant with the law. You must have a clear and valid argument for the purpose of these actions, (sending email or processing subjects data). They can breach person’s fundamental rights only when the processed data is used to protect human rights, country, security, welfare, and morals.

Remember that this is an informative article and shouldn’t be perceived as a juridical article. For more information on GDPR, visit the official homepage of EU GDPR.

The GDPR talks about subscribers consent in a few sections of the article:

Article 4, Section 11

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Article 7, Section 1

Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

To demonstrate consent of your subscriber, you must have transparent and understandable proof of the approval the subscriber gave you. If you are using subscription forms, it can be a time and IP the subscriber used at given time when they filled your form and gave their consent.

The subscriber or institution that oversees GDPR may ask you for this data, so you should preserve it. This means that if you have contacts in your email list that’s been gathered offline without saved opt-in proof data, you still need to have proof of their consent that you can show.

What if I can’t show the proof that my subscribers have given consent to receive my emails?

First of all, check which emails don’t have consent. If you have used Mailigen’s provided subscription forms to gather emails, then you already have subscriber’s consent data saved in your account.

To see this, export your email list and look if the OPTIN_TIME and CONFIRM_TIME fields are filled in. For more detailed description of how our system fills these fields see this articleIf you are using different subscription forms, check if they have provided IP address and time when they subscribed – make sure that this data was forwarded to our system or that you can import this data manually.

You can also use #[LIST:RECONFIRM]# merge tag in your email campaigns. This tag allows you to receive repeated consent from your subscribers and automatically fills the needed fields in the system.

Use the #[LIST:RECONFIRM]# if:

  • You have gathered emails with offline methods (e.g. in person) and you don’t have any proof of their consent.
  • You have collected emails online through forms, but you don’t have proof of email users consent.
  • You have migrated email list from a different platform and without data about email owners consent to you.
  • You have only used single opt-in process through a simple form and you have a suspicion that a third party has added some emails without the real owner’s consent.

Single opt-in form differs from double opt-in in the process the email users must go through. In single opt-in, they only need to input their email address to get subscribed, but with double opt-in, they need to accept the subscription through email. By going through the double opt-in process, the subscriber has given undeniable permission to receive your emails.

If you are using Mailigen’s signup forms, then we automatically save time when the user subscribed and his IP address.

You can edit and use the Mailigen opt-in form here. You can integrate this form into your website by using provided HTML embed code.

If you are using single opt-in form, we suggest that you start using double opt-in forms. If the third party adds email without users consent then theoretically the user could ask for compensation if he understands that he didn’t subscribe (GDPR article 82.1.).

Where can I find the information about subscriber’s consent?

To export the whole list of subscriber data, you must go to ‘my lists’ and find the list you are interested in. Then, press the ‘export list’ button to get the data about email list

What are the benefits of GDPR?

We believe that GDPR will only improve your email campaign ROI. Apart from less spam complaints and unsubscriptions, we believe our clients will benefit from better open rates and improved KPIs. This will definitely improve your deliverability across different email services and maintain a stronger list of subscribers

Don’t forget – the deadline is May 25th 2018.

General Data Protection Regulation (GDPR) and subscriber’s consent to receive emails.
Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestEmail this to someone

© 2010-2020 Mailigen. All rights reserved.