GDPR, the EU’s General Data Protection Regulation, went into effect on May 25, 2018. The UK adopted their own UK GDPR after Brexit, which closely tracks the original EU GDPR. GDPR applies to any business that collects any personal information data about individuals. This personal data, or ‘personally identifiable information’ (PII) includes things from which identity can be derived, such as, for example, a street address, a telephone number, an email address, and even an IP address.

In other words, it applies to pretty much any business, collecting pretty much any data, pretty much anywhere. And because GDPR specifically states that GDPR will be enforced against any organization anywhere, that means that organizations in the U.S. and other non-EU or UK countries still need to comply with it, or risk being hit with, among other things, massive fines.

Because here’s the thing: you really have no way of knowing whether someone with whom you are interacting online is actually in the EU or the UK or not. Sure, you can do IP address geolocation, but not only is that not always 100% accurate, but it can be spoofed. Or, you could only collect personal data from people who come into your store, in person. But even then, there is no real way of knowing if, for example, the email address they are giving you is theirs and only theirs, or actually the email address of someone sitting in – you guessed it – the EU or UK.

How to Comply with the EU GDPR and the UK GDPR with Respect to Email

Collection and Use

Never, ever, collect or use an email address that the holder of the email address did not directly give you themself, and for which they did not give you their direct, verifiable consent to use. And you must disclose exactly how you intend to use their email address at the time that they are giving you their consent. For example, if you tell them that you will use their email address to correspond with them about their purchase, and if you don’t tell them you are going to put it on an email marketing list, then you can’t put it on your email marketing list because that use is not included in the consent which they gave you. In order to add a new use for an email address (or any other piece of personal data), you first must go to the holder of the email address and request consent for that new use.

[This info is provided by us. We get you to the inbox. Learn how here.]

Opt-Out and Revocation of Consent

You must make it “as easy to withdraw consent as to give it.” In other words, you must make it extremely easy for them to opt out, and to revoke consent. Of course, in the email marketing context, U.S. Federal law already requires that you provide a “one step” method to unsubscribe.

Deletion

Sometimes a person will not only opt-out, but ask you to delete their personal information from your system. Do it.

This has been a brief overview of how to comply with GDPR with respect to the collection and use of email addresses. For more in-depth information see https://www.isipp.com/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/.

Why U.S. Companies Should Comply with GDPR for Email and How to Do It

Prefer to listen to the podcast? Listen on Apple, Google, Amazon, Audible, Spotify, or Anchor or say "Alexa play the Everything Email Marketing podcast"

 

Full Post Archives


No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *


We are ISIPP SuretyMail, the original certified sender program and email deliverability service. Learn more here
Search
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Filter by Categories
Blocklists and Blacklists
Content Issues
Deliverability
Email Authentication
Email List Building
Feedback Loops
Mailing List Hygiene
Monitoring and Tracking
Opt-in Practices
Our News
Privacy & Email Laws
Sending Practices
Spam Complaints
Technical Stuff
The Industry
Topics
Need Help Getting to the Inbox?
If you need help getting out of the spam folder and into the inbox, we're here for you. Our deliverability services come with a personal touch, and we get results. That combination has created customer loyalty that's nearly unheard of. (testimonials)
Read what we'll do for you here.

Join our email community and get
How to Stay Out of the Spam Folder 
& How to Grow Your Email List free!


 Get to the Inbox by SuretyMail
The Original Email Deliverability Company

Free stuff!
Close
Skip to content