GDPR & Email marketing: reconfirm the consent of you contact list
Many wonder how to prove the consent of their recipients to continue to send them emails. In this post we will show you how to keep sending newsletters to your contacts in an always effective way. Let us begin!
Mandatory consent or not?
Before going into the heart of the subject, you need to know that you may have already taken care of this topic if:
- You already have proof of their consent (by double opt-in with date, time)
- If you have «single opt-in», but you have check boxes.
However, it is always mandatory to inform the person that their email address will be used for commercial purposes at the time of collection, and to allow them to oppose.
So how to continue to send prospecting emails to your already acquired contacts?
If the above exceptions apply to you, no need to worry and you can safely stop reading here. But for all other cases, this article is going to be important for you.
In order to retrieve a list of contacts fully compliant with the GDPR, you’ll need to create an email marketing campaign as well as a registration form.
Here, we will not agree on the different obligations that the GDPR will impose on businesses. To learn more about that, you can head over to the following links:
- FAQ: the GDPR and its application in email marketing
- Mailify and GDPR compliance
- GDPR & Email Marketing: learn everything about the new European Regulation on data Protection
We will use Mailify Sunrise to illustrate this tutorial.
Let’s start with some theory to understand what we are about to do here.
To be compliant with the GDPR, you must allow your recipients to give their consent in a voluntary and conscious manner.
If sending a simple email with a confirmation button (Call-to-Action) may seem enough, European regulations do not stop there. If your recipients can validate their consent in by default by clicking in your message, then you are not compliant.
Mailify makes it possible to overcome all this and to create a 100% compliant campaign using a registration form linked to an email.
So you guessed it, we will create an email marketing campaign with a button redirecting to a form (with information of the contact prefilled, checkboxes NOT PRE-CHECKED, conditions, etc.).
In this example, we’ll use Mailify. To begin the process in the right order, let’s start by creating our form.
Create your form
The first step is to create your form.
The form must be completely clear and transparent about how the user’s personal data will be used.
This means that it must contain:
- Fields to fill in (which can be pre-filled)
- A checkbox (not pre-checked) stating that the user authorizes you to send them emails (specify the type)
- The mentions defining the framework of how you will use their data. These mentions are specific to each company and each type of collection, we cannot offer you a standard example. Please note, that if you wish to request the contact’s email address and phone number, these mentions must be adapted to each data collected.
- A sentence stating that the user can unsubscribe at any time, and how to do it.
How to create a GDPR form in Mailify?
- To create your GDPR form, open Mailify Sunrise and go to the «Pages and forms» tab.
- Click on «Create» at the top right and choose «Form» and choose «Subscription/ Update».
- Name your form and choose the contact list that will be linked to it. Here, you must choose the list comprising your contacts whose consent you want to obtain. This list should contain all the data you have about them.
- Set up your form by selecting the fields you want to display. Attention, if you omit certain fields, you will not be able to exploit this data in the future, even if you already had the information on these contacts (in case you do not have the proof of their past consent).
- When selecting the «Type», choose the «Dedicated Page» form type.
- Create your form either from an existing template or from scratch.
- Add the information previously mentioned.
- Optional, but recommended: in the «Behavior» menu on the right, check «Double opt-in check». This allows sending a last email to the user after validation of the form in order to make them definitively confirm their information.
For example, here is how the form might look like:
Example of an update form created with Mailify
- Once your form is complete, go to the «Publication» step.
- Choose your domain if you have one set in Mailify, then click on «Publish the form».
- Then click on «Promote the Survey» and choose «By Email», then go to the next step: The creation of your RGPD emailing.
IMPORTANT: Do not forget to mark the field “I agree to receive” as a required field to validate the form.
Create your email marketing campaign
The second step consist of creating the email in which you will ask your existing contacts to fill in the form your just created.
By clicking on the «Promote» button at the end of your form, an email creation will start automatically:
- Select your contact list.
- Create your email: Keep it simple. Just ask your contacts if they want to continue receiving your messages, being as transparent as possible. Describe the periodicity of your sendings, the type of content they’ll receive, and some reasons why they benefit from receiving your campaigns…
In the end, here is what your email could look like:
Example of consent request email created with Mailify.
Your email must contain an action button to allow the reader to validate their consent. This button will automatically redirect to the previously created form.
Remember that the information you already have on your contacts will be pre-filled for each recipient.
If the user modifies a field (to update their personal data), it will automatically be updated in your list.
Recover its file conform to GDPR
Your re-authorization campaign is now ready. All you have to do is send it to your contacts so that they can give you their consent by completing your form.
Since your campaign is linked to your contact list, it will update automatically as soon as someone validates the form.
To find out which contacts have given their consent, go to your contacts list then:
- Click on «Columns»
- Check the «Modification date» column
You will then get the date and time when the contact gave their consent. If this column is empty or identical as the creation date (or previous than the date your campaign was sent), then the contact did not agree.
You can also use the column corresponding to the required fields on your form to find the contacts who have agreed to receive your communications. If this column is empty, they have not completed the form.
Wait a few days, then select all those who have not completed the form, and delete them. Yes, it is important to restart from a clean database. And in case of control, the retention of non-opted-in recipients could be grounds for a fine.
Your database is now cleaned-up and 100% compliant with GDPR regulations.
Note: remember to export your new database and keep it in a separate folder, in case of any controls. Add an example of your email marketing campaign and your form to this folder, so you have all the evidence on hand of the consents and the process put in place to obtain it.