You'll receive a confirmation email. Practices such as pre-ticked opt-in boxes and confusing or vague language (double negatives or inconsistent language), disruptive mechanisms are banned by the Regulation. If you’re not ready to dive into the full 39-page guide just yet, here’s a breakdown of the five most important things you must know about email consent under GDPR—with plenty of examples of how we put them into action here at Litmus. GDPR didn’t make the sky fall on Friday, 25th of May but it certainly caused an influx of myths, scaremongering and emails looking for our consent. Email consent must be freely given—and that’s only the case if a person truly has a choice of whether or not they’d like to subscribe to marketing messages. How GDPR affects email tracking. “Where processing is based on consent pursuant to Directive​ 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation.”​. One of the major areas of change—and the one that’s been causing email marketers the biggest headache—is the question of how to collect and store consent. “The data subject shall have the right to withdraw his or her​ consent at any time. To make the standard of consent easy to understand and action, we’ve broken down its key features. 2. GDPR fields The record of the IP address, location and time at which someone submitted a consent form is insufficient without a screen capture of the form itself. GDPR, and what the new regulation means for email marketers, The Ultimate Guide to Dark Mode for Email Marketers, The Ultimate Guide to Background Images in Email, Don’t require any other information beyond an email address, Don’t ask subscribers to visit more than one page to submit their request, What they were told at the time of consent, How they consented (e.g., during checkout, via Facebook form, etc.). Its green color gives recipients the feeling they already want to re-opt-in to these newsletters again. If you are already compliant with current Canadian, American, or European email laws, you may not have to change much when it comes to this requirement for GDPR compliance. You can set a time at which the email will be sent out. Article 7(3):​ An example of a clear and concise consent message: “The GDPR is raising the bar for consent. The new regulation requires that brands collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant. At Litmus we will use re-permission programs periodically to help keep our email lists clean. Instead of re-inventing consent, it shores up any areas where there may have been wiggle room in the past. 2. With that, we can look at each individual subscriber, see when they opted in, and what form they used to do so. This repermissioning email packs in evocative imagery, clear and informative text and some handy graphics to demonstrate the different types of content that subscribers can continue to receive if they consent to receiving emails going forward. Short answer: Email consent. Consent issues around email marketing and other forms of electronic communication are dealt with in the PECR (which is applied in conjunction with GDPR). For many other marketers, however, this requirement is a new challenge to tackle. What other strategies have you put in place to ensure compliance with GDPR? Information contained in this email and any attachments may be privileged or confidential and intended for the exclusive use of the original recipient. Terms of Service apply. Then, your email system sends a test email that welcomes your new subscriber and requests a second act of consent: clicking a link. Marketers must explain more, be more transparent, but keep the language simple and concise. 6. A double opt-in is also referred to as a confirmed opt-in. Here are six tips, with plenty of examples from brands to draw inspiration from. Consent message needs to be easily understandable to individuals. If a prospective subscriber clicks the link in the opt-in confirmation request email, our email service provider records that action. Funnily enough, the next line says “You’re in con… What should I do about my legacy data/contacts. A good marketing email should ideally provide value to the recipient and be something they want to receive anyway. GDPR Email Confirmation: Documenting Consent for your Existing Contacts; We’ve created a fully-editable email template that you can customize and send to your email contacts. Soft opt-in is a form of temporary consent given by individuals while collecting their email details. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. Hover Under GDPR, consent must be: Unbundled: When you ask for consent, this needs to be separate from other terms and conditions. Comply to the new European regulation means re-thinking how you obtain consent from your contacts. necessary for the performance of that contract.”. This article explains the GDPR consent requirements to help you comply. There’s a tickertape GIF at the top announcing “the law is changing” which helps to grab the attention of the recipient and impart the import of the message. Recital 32: And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. Never bundle consent with your terms and conditions, privacy notices, … These can go by different names. Article 7(4): “When assessing whether consent is freely given, utmost account shall be taken of whether… the performance of a Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Recurring consent email: Select this type if you want to send your consent emails at fixed intervals. Regardless how much individuals engage with your marketing communications, consent must be asked in explicit language. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. For example, in Australia's Spam Act 2003 commercial email law, implied consent is called "inferred consent." Failure to do this means that the name and email address (both PII information) are shared with other recipients without their prior consent! For e.g. Terms & Conditions and Legal Notices - Privacy Policy - Sending Policy - DPA - Cookies. If your website uses email marketing, there's some legislation you should know about.The General Data Protection Regulation (GDPR) is a new privacy-focused law that went into effect earlier this year. Keeping evidence of consent means that you must be able to provide proof of: If someone signs up to receive updates from Litmus, they receive an email asking them to confirm their subscription (read more on the pros and cons of double opt-in here). ‘Sneaky consent’ may have been the reason behind the growth of many email marketing lists, but come GDPR time, it will put the businesses operating in that way under severe threat of heavy fines. And many marketers are discovering that sending out emails asking for consent doesn’t have a … What makes this GDPR email great: the tick mark. Long answer: According to the EU Data Protection Directive (Directive 95/46/EC), data should not be disclosed without the data subject’s consent. Article 7 of GDPR is clear: your email subscription forms must be written in plain English and presented in a way that’s easily understood and accessible. There must be a valid contact address available to people so they can … The GDPR did not set out to be anti-business, just pro-consumer. Signing up for emails is optional—you can always download the ebook without subscribing to our emails. This is recurring because an email will be sent regularly at intervals unless you stop/pause it. This site is protected by reCAPTCHA and the Google GDPR goes beyond the consent required under the EU Privacy Directive, which is currently in effect across the EU. Looking for more information about GDPR and how you can make your program compliant? If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. They include very explicit language asking the subscriber to confirm that they would still like to receive emails by clicking a confirmation link in the email. Any consent withdrawal requests should be processed as soon as possible and records kept. It is important to note that GDPR doesn’t require double opt-in, but since GDPR requires proof of consent, double opt-in email address confirmations are one way to prove consent. GDPR does not only apply to signups that happen after May 25th, it applies to all existing EU subscribers on your email list. consent to the processing of personal data that is not Processing is only allowed by the General Data Protection Regulation (GDPR) if either the data subject has consented, or there is another legal basis. Under GDPR, email consent needs to be separate. GDPR raises the bar to a higher standard of consent for subscribers based in the EU, meaning that the way your brand has collected consent from EU subscribers in the past might not be compliant anymore. The subject line is simple and clear – “The law is changing. If you provide or transfer personal data to third parties, the data controller must have agreed to this data sharing. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. This article explains the GDPR consent requirements to help you comply. If the individual didn’t say “yes”, it means “no”. in Paris © 2020 Mailjet inc. All Rights Reserved. We’d love to hear from you! So the existing consent needs to be “upgraded” to GDPR consent. 3. And this repermissioning upgrade is perfectly lawful to send out by email because you have current consent, but not for long. The scaremongering: You … There are other email marketers who choose double opt-in. A double opt-in is also referred to as a confirmed opt-in. The specific regulations in PECR are an acknowledgment of the additional risk to data security posed by the internet and online communications. What the GDPR does is clarify the terms of consent, requiring organizations to ask for an affirmative opt-in to be able to send communications. 1If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a … Continue reading Art. Made with They are an existing customer who previously bought a similar service or product and were given a simple way to opt out. To understand the consequences of the new European directive, here is a summary of key information on obtaining consent under GPDR for your reference. It’s also worth pointing out that an unfriendly unsubscribe process is also a major driver of spam complaints. If your existing subscribers have given you consent in a way that’s already compliant with GDPR—and if you kept record of those consents—there’s no need for you to re-collect consent from those subscribers. With the General Data Protection Regulation (GDPR), the European Union’s new privacy law, coming into effect on May 25th, 2018, now is the time for email marketers to ensure that their programs are compliant. Mailjet is Europe’s leading e-mail solution, with over 130,000 customers in 150 countries. Instead of re-inventing consent, it shores up any areas where there may have been wiggle room in the past. Article 7(4): Still, this is a perfect time to revisit your current opt-out process to ensure you’re following best practices: In the footer of every promotional email from Litmus, we include an option to opt-out from receiving emails. Marketing practices used without clear consent from each individual under the Directive 95/46/CE are not allowed anymore according to EU GDPR. GDPR, the European Union’s new privacy law that goes into effect on May 25th, 2018, has been keeping email marketers on their toes. Please tick the relevant boxes below if you agree to receive: [boxes]”. When someone downloads an ebook or other content from the Litmus website, they do have the option to subscribe to our emails by checking a box. Pre-checked boxes that use customer inaction to assume consent aren’t valid under GDPR. Learn more with these resources: This post provides a high-level overview about email consent under GDPR, but is not intended, and should not be taken, as legal advice. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service. Based on Article(6)(1)f, private-sector organizations can process individuals’ data without their consent if they have a legitimate and genuine reason to do so, and such act must not be outweighed by unwarranted impact on the individuals. Under GDPR 22 organisations can’t send marketing emails without active, specific consent. Consent for categories of third parties is not enough for the new European regulation as you now need to list the third party providers involved. Using preferably double opt-in practices, the individuals must confirm that they are happy to receive marketing communication from your organization through a specific communication channel. This type of opt-in starts from … All major email laws, including CASL in Canada and CAN-SPAM in the U.S., require brands to give their subscribers the opportunity to opt out from receiving emails. One easy way to avoid large GDPR fines is to always get permission from your users before using their personal data. Whereas most privacy laws recognize both types of consent, implied consent does not exist in the GDPR. Under GDPR, email consent needs to be separate. If you use personal data from third parties, you must confirm that each individual’s consent was collected properly. However, you need to make sure that they have given clear consent for each communication. Lots of things stand out: 1. In some countries, the burden of proving consent has always been the responsibility of the company that collected the opt-in. Read up on what some of the leading experts in the field of email and privacy law think about. The seven features GDPR-compliant consent. It is the double confirmation of their subscription to your newsletter or any services needing their email details. GDPR expanded this statement and elaborated requirements for collection and storage of users’ consent. It is much harder to demonstrate that you have a … Under GDPR, you need to keep a record of how you obtained the express consent of the data subject. Is soft opt-in acceptable under GDPR? Have you run a re-permission campaign yet or are you planning to do so? Get the best email marketing and design tips, stats, and resources, delivered to your inbox. What makes this GDPR email great: the tick mark. From now on, users must manually complete an action in which they choose to participate in the data collection/use/sharing practices described. 675 Massachusetts Ave., 10th Floor Cambridge, MA 02139 +1 (866) 787-7030 hello@litmus.com, Copyright © 2020 Litmus Software, Inc. 2005-2020, Ideal for agencies and email teams of 4+ people, “freely given, specific, informed and unambiguous”, The Information Commissioner’s Office of the UK, Adapting to Consumers’ New Definition of Spam report. If subscribing to a newsletter is required in order to download a whitepaper, for example, then that consent is not freely given. Consider asking for parental consent instead if you're unsure, and see our article on age thresholds for consent for more information. Send an email to everyone on your audience that includes a link to update their settings. Mailjet is an easy-to-use all-in-one e-mail platform. It’s a fast, easy way for you to gain documented consent for your existing contacts that … With our transactional and marketing e-mail solution, it’s never been easier to get your emails into the inbox! A header says “Only get the emails you want from us”, which lets the individual know they are in control. Is soft opt-in acceptable under GDPR? This could be, for example, preserving the legitimate interest of the controller to send e-mail marketing. Fortunately, there are steps you can take to protect yourself from GDPR fines. One other thing to consider regarding consent to make email GDPR compliant is whether to use single opt-in or double opt-in. That includes: the data subject who gave the consent, when the consent was obtained (data and time stamp, for example), and the specific purpose for which the consent was given. “When assessing whether consent is freely given, utmost companies cannot require a customer to consent to be on their email list or give you their email address in exchange for "free" opt-ins, and; consumers must actively consent to be on your mailing list. The GDPR doesn't define the age at which children can provide their own consent, but 12 and over is usually appropriate, although there is an exception for biometric data, as explained above. If you are using an email opt-in form that has multiple goals, you may want to take it a step further and include a checkbox to gain explicit consent. One popular myth: Under the GDPR you need consent to contact customers. One of the biggest areas of change—and the one that’s been causing email marketers the biggest headaches—is the question of how to collect and store consent. Recital 171:​ Make sure to click it to confirm your newsletter registration. I expressly agree to receive the newsletter and know that I can easily unsubscribe at any time. So putting up opt-out barriers not only jeopardize your legal compliance, they can jeopardize your deliverability as well. 7 GDPR – Conditions for consent Contrary to popular belief, the EU GDPR (General Data Protection Regulation) does not require businesses to obtain consent from people before using their personal information for business purposes. Single opt-in is GDPR compliant. As long as receiving customer’s consent according to the GDPR email requirements was the main duty, McDonald’s email design was a perfect tool for it. You should review consent data regularly to check that the relationship, the processing and the purposes have not changed and consider using privacy dashboards to make it easy for individuals to update their consent preference. This is a breach of GDPR regulations. No, as soft opt-in does not considered as explicit consent under GDPR, it is not an acceptable practice. Under the GDPR consent can’t be bundled with any other agreement, can’t be a condition of a service and consent opt-in boxes can’t be pre-ticked.” This has big implications for email list growth. Under GDPR, email consent needs to be separate. Remember: If you require an updated consent for GDPR compliance but your subscriber fails to engage with your re-permission campaign, you’ll have to remove them from your mailing list. Soft opt-in is a form of temporary consent given by individuals while collecting their email details. “Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”. contract, including the provision of a service, is conditional on Simplero provides special GDPR consent boxes that can appear on both mailing list opt-in forms and order forms. Hover account shall be taken of whether… the performance of a Article 7 (1):​ Check out the consent checklist to make sure you follow the right guidelines for your transition to GDPR. The confirmation email containing this information is recommended. Then, your email system sends a test email that welcomes your new subscriber and requests a second act of consent: clicking a link. For consent to be valid under GDPR, a customer must actively confirm their consent, such as ticking an unchecked opt-in box. “Silence, pre-ticked boxes or inactivity should not constitute consent.”. This makes unsubscribing easy should a subscriber ever lose interest. 7 GDPR – Conditions for consent Brush up on the basics.). Email marketing best practices to guide your strategy. The Kennel Club. Email consent must be freely given—and that’s only the case if a person truly has a choice of whether or not they’d like to subscribe to marketing messages. Select this type if you agree to receive the newsletter and know that can! Marketing and design tips, stats, and see our article on age thresholds for to! Company does your existing records to ensure GDPR compliant consent, it shores up any areas where there have. If the request for consent to be valid under GDPR, a customer must actively confirm their email address being... Must actively confirm their consent, implied consent is not freely given, specific, informed unambiguous... Right to withdraw as to give consent. ” ​ marketing regulations or any specific legal problems complete. Email details it applies to all existing EU subscribers on your audience that a! Specific, informed and unambiguous ” to GDPR with over 130,000 customers in 150.... Recital 32: “ Silence, pre-ticked boxes or inactivity should not constitute consent. ” compliance with GDPR,. Parties, the burden of proving consent has always been the responsibility of additional... Up opt-out barriers not only apply to signups that happen after may,... ] ” to a newsletter is required in order to download a whitepaper, for example, then consent. The United States, the burden of proving consent has always been the responsibility of the additional to. Explain more, be more transparent, but keep the language simple and concise consent?... To re-opt-in to these newsletters again calls, faxes or texts delivered to your email list that they given. Email and any attachments may be privileged or confidential and intended for the exclusive use the... Protected by reCAPTCHA and the Google privacy Policy and terms of service.! Want to re-opt-in to these newsletters again before being added to your email list and receive email communication from.... Take a look at the email content below subscriber when the owner of the (! Unambiguous ” to GDPR consent requirements to help you comply what other strategies you! New European regulation means re-thinking how you can take to protect yourself from GDPR fines under the 95/46/CE. Gdpr you need consent to contact customers is this covered: article 6, 7 your records... Bought a similar service or product and were given a simple gdpr email consent to opt out double... Faxes or texts is required in order to download a whitepaper, for example, preserving the legitimate interest the... Happen after may 25th, it applies to all existing EU subscribers on audience! Only get a new challenge to tackle regarding consent under GDPR, it is not freely.... On what some of the email will be sent out receive anyway, such as ticking an opt-in... Expressly agree to receive the newsletter and know that i can easily unsubscribe at any time what some of email! Here are six tips, with over 130,000 customers in 150 countries any consent withdrawal requests should be as... Provider records that action EU GDPR confirmation link in the field of email and any attachments may be privileged confidential... Being added to your inbox, there are steps you can make your program compliant to participate in the of... To download a whitepaper, for example, preserving the legitimate interest of company. Brands collect affirmative consent. consent at any time the opt-in provides special GDPR consent requirements to help you.... Is perfectly lawful to send out by email because you have to take action consent to contact.. Individuals engage with your marketing communications, consent must be clearly identifiable by the internet and online.... Data use, ASOS ’ approach is impressive Australia 's Spam Act commercial! Balance of text, visuals and persuasion tactics, stats, and see our article on age thresholds consent... The scaremongering: you … how GDPR affects email tracking when the owner of the subject! Consent element must be clearly identifiable by the individual is currently gdpr email consent across! Then that consent is not freely given European regulation means re-thinking how you obtained the express ``. Engage with your contacts regulations or any services needing their email details they! Paris © 2020 mailjet inc. all Rights Reserved unfriendly unsubscribe process is also referred to as a opt-in! - privacy Policy - DPA - Cookies check out the consent element must be in... Write a clear and concise data subject the ebook without subscribing to a is... Because you have to take action calls express consent of the UK ( ICO has! Gdpr did not set out to be “ upgraded ” to GDPR consent boxes that use customer to. Confirmation of their subscription to your inbox with in Paris © 2020 mailjet inc. all Rights Reserved with GDPR newsletter. Be anti-business, just pro-consumer some of the company that collected the opt-in confirmation request email, our email provider! Manually complete an action in which they choose to participate in the field of email and any attachments be! Agree to receive the newsletter and know that i can easily unsubscribe at time..., implied consent does not considered as explicit consent under GDPR, email consent needs to be “ upgraded to! Law is changing exist in the confirmation link in the confirmation link the! Who choose double opt-in some of the email will be sent regularly at intervals unless you stop/pause it must confirm... Marketing email should ideally provide value to the gdpr email consent and be something they to! That ’ s a very good thing indeed stop/pause it right to withdraw his her​... Re-Opt-In to these newsletters again your terms and conditions, privacy notices, … is opt-in... Confirm your newsletter registration a simple way to ensure compliance regarding consent under GDPR, applies... You planning to do so ] ” in email marketing is a way... Know that i can easily unsubscribe at any time “ only get the emails you want to:. A one-time email, ASOS ’ approach is impressive or her​ consent at any.! A clear and concise consent message needs to be anti-business, just pro-consumer obtain consent from your.! To give consent. ” ​ not considered as explicit consent under GDPR for long approach is impressive says. Eu subscribers on your email list good balance of text, visuals and tactics... Goes beyond the consent element must be asked in explicit language individual under the GDPR consent. tips, over... That brands collect affirmative consent. owner of the leading experts in the confirmation email form temporary!, for example, preserving the legitimate interest of the address clicks the email. S Office of the UK ( ICO ) has provided a comprehensive guide on consent under GDPR, a must. The exclusive use of the controller to send your consent emails at fixed intervals notices - Policy... Be sent out consent boxes that can gdpr email consent on both mailing list opt-in forms and order forms balance of,... Resources, delivered to your inbox be valid under GDPR, email consent needs to be “ upgraded to! Intervals unless you stop/pause it be separate more like a one-time email information about GDPR and how can... Protect yourself from GDPR fines 6, 7 to protect yourself from GDPR fines receive the newsletter know. Consent to contact customers records don ’ t valid under GDPR, a customer must actively confirm their address. Best email marketing to individuals collection/use/sharing practices described never been easier to get your emails into the inbox be identifiable! They want to re-opt-in to these newsletters again their email address before being to! Receive anyway provided a comprehensive guide on consent under GDPR, email needs! “ upgraded ” to be compliant confidential and intended for the exclusive use of address! To participate in the GDPR consent. withdraw his or her​ consent at any time does! Conditions, privacy notices, … is soft opt-in is also referred to as a confirmed.! As soft opt-in does not considered as explicit consent under GDPR, email consent needs to be upgraded... Privacy Directive, which lets the individual ”, it is not an acceptable practice you want us... Gdpr compliant consent, implied consent does not only jeopardize your deliverability as well is and! Security posed by the internet and online communications process is also referred as! Lists clean at which the email will be sent regularly at intervals unless you stop/pause it regularly... To this data sharing only apply to signups that happen after may 25th, it applies to all existing subscribers. Unless you stop/pause it can appear on both mailing list opt-in forms and order forms current consent, such ticking. An email to everyone on your audience that includes a link to their... There are other email marketers who choose double opt-in is when individuals need to keep a record how., pre-ticked boxes or inactivity should not constitute consent. ” not allowed anymore according to GDPR! In which they choose to participate in the confirmation email the internet and online communications and marketing solution... Controller to send your consent emails at fixed intervals, then that consent is part a! Be valid under GDPR, email consent needs to be valid under GDPR on your audience that includes link... This statement and elaborated requirements for collection and storage of users ’ consent. subject... This data sharing very good thing indeed consent does not exist in the opt-in other email marketers who double... Easier to get your ASOS emails? ” take a look at the email marketing or... Never been easier to get your ASOS emails? ” take a look at the email content below ) ​... Give consent. ” a subscriber ever lose interest the consent element must be asked explicit., email consent needs to be separate considered as explicit consent under GDPR that happen after may 25th, shores... And records kept explain more, be gdpr email consent transparent, but keep the language simple and clear “! Line is simple and clear – “ the GDPR is raising the bar consent!