General Data Protection Regulation (GDPR)
Following the introduction of GDPR on 25th May 2018, and due to the new privacy requirements concerning Subscriber Personal Data, both SendReach, and you as a SendReach User, need to take action to ensure that any Subscriber Data in your Lists relating to any resident of an EU Member State meets those new requirements.
As most email Lists are not generated on a Geo-Location basis, they inevitably contain Subscribers who are resident in an EU Member State.
However, and largely as a result of the recent Facebook data security fiasco, in many Countries (obviously including the US) policing the whole area of Data Protection is now right under the spotlight, and many Countries are also already in the process of urgently updating their Data Protection Laws to include more stringent requirements.
One vital requirement is that any Subscribers MUST have given their consent for their personal data to be stored and that they consent to being sent occasional informational emails, and that such consent is uniquivocal and recorded in such a manner that it can be easily retrieved at any time. That requirement is there to a greater or lesser extent in all Data Protection Legislation.
It is therefore prudent at this time to apply the same requirements to all Subscriber Data.
New Subscriber Data
To meet the requirement for recording a subscriber’s “Consent” to their personal data being gathered and stored, and their “Consent” to being sent informational emails, Optin Forms must in future include a checkbox alongside a statement “I give my consent to be sent occasional informational emails based on the contact details in this form ” That statement will then be stored in the subscriber record as ongoing proof of consent.
That Consent checkbox has now been added to the HTML code for all Optin Forms
Along with Email Address, First Name and Last Name, the Optin Form fields and text will now be as below.
When the new Subscriber ticks the Consent Checkbox the statement “I give my consent to be sent occasional informational emails based on the contact details in this form.” will be added to the Subscriber Record which can be retrieved at any time as uniquivocal proof of consent, as below.
When a someone is added to your List as a result of making a purchase from you of a product or service, that fact in itself is taken as consent for you to send them transactional emails and occasional informational emails, in which case no further formal consent is required.
Existing Subscriber Data
It is also necessary that existing Subscriber Data (contained in individual Subscriber Records within a List) includes confirmation that the Subscriber indicated their “Consent” to be sent informational emails, at least in a manner that meets the requirements of the previous Regulations.
Therefore, for existing Subscriber Records it is deemed that the inclusion of a valid IP Address in the record, that would have been automatically harvested at the time of Opting In, be accepted as proof that they did Optin and thereby “Consent” was given.
The absence of such an IP Address in the record places it in contravention of the now current Regulations.
We would suggest suitable “Subject” for that campaign would be “Privacy of Your Personal Data”.
Their clicking the “Update Profile” button will then automatically add their IP Address to the Subscriber Record in your List and their Consent. As most of your existing subscribers will have received many similar requests recently the percentage who respond positively is far higher than any previous “resubscribe” requests were.
In due course you will need to delete the subscribers who do not respond as it would be illegal to continue mailing them, and they would not Open your emails anyway.
Should you need any further clarification of the above, or assistance in taking the necessary actions, please seek such assistance via a Support Ticket.