Author: Brandon Olson

6 Myths about the GDPR and Email Marketing Debunked

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.

Thousands of sources have published their “expert” advice about the law and how it applies to email marketing over the past several months.

But here’s the thing: Much of their advice is wrong or misleading — and it’s causing a lot of misunderstanding, confusion and fear among small businesses and entrepreneurs around the globe.

So, we decided to set the record straight.

We’ve already covered the steps you can take to help prepare for the GDPR. (Great news! If you’re an AWeber customer, you’re probably already doing a lot of those things.)

In this post, however, we’ll dispel some of the most common myths about the GDPR and email marketing. Use this information so you can confidently move forward.

Disclaimer: This blog post is for informational purposes only, and you should not consider it legal advice. We recommend that you seek legal and other professional counsel to determine exactly how the GDPR might apply to you.

Myth #1: “I need to send a re-engagement email to all of my existing subscribers to reconfirm consent.”

One myth we see everywhere is the idea that you must have all of your subscribers reconfirm their consent in order to be compliant with the GDPR.

This is false. Sort of.

Here’s the deal: It all depends on whether you can prove consent from your subscribers, or you have other lawful grounds for processing data, according to the GDPR.

If you are relying on consent to determine lawfulness, ask yourself these three questions:

  1. Did my subscribers opt in to my list, and can I prove it?
  2. On my sign up form, did I clearly explain how I’d use subscribers’ data and what content I’d send them? Can I prove it?
  3. Can my subscribers unsubscribe from my list as easily as they subscribed?

To prove you received consent, you should use the following three data points:

  1. The date and time the subscriber opted in
  2. The source of the opt-in (e.g., www.mywebsite.com, “Added via API”)
  3. A screenshot of the data collection mechanism (i.e., your signup form or landing page)

You can easily find the date, time, and source information in your subscriber details within your AWeber account. Just look for the date and time when they opted in as well as the source of signup.

To prove you clearly explained how you’d be using data and what content you’d send to subscribers, save a copy or screenshot of the signup form you used to collect their personal data.

Now, let’s say you imported your list from another email service provider (ESP). In this case, you won’t have the source information within your AWeber subscriber details. However, you’re confident your list subscribed in a compliant way through your old ESP. If you don’t have this information available in your previous ESP, you probably can’t prove consent and should consider sending a re-engagement email.

Finally, let’s quickly touch on the third question: “Can my subscribers unsubscribe from my list as easily as they subscribed?”

The short answer: If you’re using AWeber, your subscribers already have the ability to unsubscribe on their own using the “Unsubscribe” link in the footer of all your emails. You can also make the unsubscribe option more obvious by adding it within the text of your email messages.

Here’s an example from Ann Handley’s newsletter, which I shared in my previous post with her bi-weekly:

“I can prove consent. Hooray!” 👍

If you answered “yes” to all three of the questions I mentioned previously, thumbs up, you’re able to prove consent and you can continue to engage your subscribers.

“I can’t prove consent. Bummer.” 👎

If you answered “no” to any of the three questions, and you can’t prove consent otherwise, then you should probably send a re-engagement email or delete those subscribers from your email list.

Here’s a sample re-engagement email you can send your subscribers. You can use AWeber’s Click Automations to tag subscribers who click the link to confirm their consent.

Subject: Still interested in receiving emails from me?

Hi there!

I hope you’ve been enjoying the content I have sent you, like {Insert all of the types of content you send (e.g., newsletters, sales, product info, etc.)}.

If you’d like to continue receiving emails from me, click the link below:

{Keep me on the list – LINK}

By confirming your subscription, we’ll continue sending you:

  • {Insert a list all of the things you plan to send to subscribers on this list}

Not interested anymore? That’s alright. If you don’t click the link above, we’ll take you off our list and stop emailing you. You can also unsubscribe here. (Note: Hyperlink the word “here” to the personalization token {!remove_web} in your email message.)

Thanks, and have a great day!

{Your Name}

In addition to confirming consent, you can also use your re-engagement email to create better segments of your subscribers, using AWeber’s Click Automations feature.

For example, let’s say you send a newsletter as well as product information to your subscribers. You can add multiple links within your re-engagement email to allow them to opt in to receive different types of content. When subscribers click any of the links, you can tag them appropriately and send them more targeted emails.

Here’s a sample re-engagement email that has multiple options:

Subject: Still interested in receiving emails from me?

Hi there!

I hope you’ve been enjoying the content I’ve been sending you, like {Insert all of the types of content you send (e.g., newsletters, sales, product info, etc.)}.

If you’d like to continue receiving emails from me, click one of the links below:

  • Keep sending me the newsletter {tag with gdpr-newsletter}
  • Keep sending me product information {tag with gdpr-productinfo}
  • Keep sending me both {tag with gdpr-newsletter and gdpr-productinfo}

Not interested anymore? That’s alright. If you don’t click any of the links above, we’ll take you off our list and stop emailing you. You can also unsubscribe here. (Note: Hyperlink the word “here” to the personalization token {!remove_web} in your email message.)

Thanks, and have a great day!

{Your Name}

It’s a best practice to generally wait about seven days after sending a re-engagement email before deleting any subscribers who do not click the link(s) to reconfirm their consent.

Myth #2: “I need to add GDPR checkboxes to all of my signup forms.”

Another rumor floating around is that you need to add checkboxes to your signup forms in order to be GDPR compliant. Some are even calling these “GDPR-friendly signup forms.”

This is false. Checkboxes are not required, and are completely optional.

Nowhere in the GDPR does it state that you need to add checkboxes to your signup forms.

What it does say, however, is that you need to clearly communicate how you will be processing subscribers’ personal data, whether using a descriptive sentence or two, or using a checkbox, if you so choose.

One reason to go the sentence-route? Unnecessarily adding multiple checkboxes to your forms may introduce the possibility of click fatigue and lower opt-in rates.

Here’s an example of a signup form that is GDPR compliant and does not include checkboxes:

So, when is it appropriate to use checkboxes? The GDPR requires that consent must be freely given by subscribers, and cannot be bundled with unrelated actions. Keeping this in mind, here are two examples where checkboxes are required to be compliant with the GDPR:

Example #1

Let’s say you’re a retailer and you want to send marketing emails to your customers after they make a purchase, as well as share their data with other companies within your retail group. Under the GDPR, you cannot bundle their purchase with consent to send marketing emails.

Instead, a separate consent should be captured at the point of purchase that is specific to the purpose of sending marketing emails or sharing their data with partner companies. You might decide to use a separate checkbox to capture this secondary consent.

Example #2

Let’s say you’re a financial institution and you want to allow third parties to use customers’ payment details for marketing purposes. Under GDPR, this type of processing activity (i.e., the sharing of payment information for marketing purposes) is not necessary for the performance of the contract or agreement with the customer. Consent must be freely given, and if a customer refuses consent, the institution would not be able to deny services or increase fees. That would be a violation of the GDPR.

If you would like to share subscribers’ data with other parties, you should use a checkbox to allow them to give their consent freely. And keep in mind that these checkboxes cannot be pre-checked.

Myth #3: “I need to use double opt-in to be compliant with the GDPR.”

Double opt-in (a.k.a confirmed opt-in) is when your subscribers sign up for something — like a newsletter — and then they’re asked to also confirm their subscription.

Some “experts” are stating that the GDPR requires double opt-in to prove consent.

This is incorrect.

As I mentioned in myth #1, the GDPR simply requires that you can prove the compliant consent. The act of entering personal information into a signup form and clicking “submit” can be considered an affirmative action, as long as the subscriber was clearly and directly informed of what they are accepting.

However, double opt-in is not necessarily a bad thing. There are lots of great reasons to use it, including better subscriber engagement and deliverability. You just don’t need to use it to be compliant with the GDPR.

Myth #4: “Subscribers’ personal data thats already in our database isn’t subject to the GDPR.”

This one is closely related to myth #1.

The GDPR applies to all personal data — even data that was collected prior to May 25, 2018.

If you cannot prove consent for all of your existing subscribers, you should send a re-engagement email to obtain that consent.

Myth #5: “My data is stored with my service provider, so it’s their responsibility to remain compliant with the GDPR, not mine.”

We touched on the relationship between data processors (e.g., AWeber) and data controllers  (i.e., you, the one sending the emails) in our previous GDPR blog post. But let’s dive deeper to dispel this myth.

Data processors and data controllers share responsibility for complying with the GDPR requirements. As an AWeber customer, you are still considered the data controller. You maintain control over how you use that data. AWeber is simply processing the data at your request.

So, it’s not an option to pass responsibility to a service provider who is processing data on your behalf. We recommend that you seek legal and other professional counsel to determine exactly your role and relationship to the data being processed.

Myth #6: “If I’m not compliant by May 25, I’ll get hit with huge fines.”

Anyone reading the GDPR fine print is likely nervous when they see the hefty fines associated with not being GDPR compliant. (Enough to make your palms sweat!)

However, EU officials indicate that fines would likely be a last resort.

Here’s what Elizabeth Denham, the U.K.’s information commissioner, had to say in a recent blog post:

“It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” she said. “The ICO’s commitment to guiding, advising, and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick.”

“While fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective,” she continued. “The GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow.”

If you’re taking the necessary steps to understand and follow the GDPR regulations and engage in good email marketing best practices, you are on the right path to protecting yourself.

Keep calm and email on

On the surface, the new GDPR may appear scary and ominous, but it’s actually pretty straight forward. And it’s a good thing for email marketers, too.

It really comes down to doing the right thing with the personal data you collect. Only send emails and information to people who’ve given you permission to do so for the purpose you told them.

To learn more about the GDPR, visit www.eugdpr.org.

Have questions? Comment below, or contact our team, and we’ll do our best to answer them.

Not an AWeber customer? Get the peace of mind of working with a trusted provider. Try AWeber free for 30 days.

The post 6 Myths about the GDPR and Email Marketing Debunked appeared first on Email Marketing Tips.

Read More

Your GDPR + Email Marketing Playbook: How to Prepare for the New EU Data Law

Disclaimer: This blog post is for informational purposes only, and you should not consider it legal advice. We recommend that you seek legal and other professional counsel to determine exactly how the GDPR might apply to you.

A new law called the General Data Protection Regulation (GDPR) will go into effect on May 25, 2018 — and it will impact email marketers around the world.

The good news? If you’re using AWeber, you’re probably already doing many of the things required.

Keep reading for a walkthrough of the GDPR, what AWeber is doing to prepare, what it means for your email marketing business, and how you can prepare for the changes.

What is the GDPR?

The GDPR is a European privacy law approved by the European Commission in 2016. Its purpose is to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.”

This is fantastic news for EU citizens. The GDPR will hold businesses and entrepreneurs more accountable for data breaches, require them to not only keep records of a person’s consent to disclose personal information, but also clearly state what the data will be used for up front.

Why the GDPR is a good thing for email marketers

The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.

While it requires a bit more effort on your part, it can also lead to some pretty important benefits to your email marketing.

Here’s why…

By taking greater measures to protect and use subscriber data correctly, you’re more likely to send more relevant, targeted, permission-based emails to your subscribers. And that can translate into more trust with your subscribers, fewer spam complaints and unsubscribes, and better email deliverability.

Win. Win. Win!

Who does the GDPR affect?

The GDPR applies to any data controller or processor who collects, records, organizes, stores or performs any operations on personal data of those who live in the EU — even if you don’t reside in a European country.

Personal data is any data that can be used to identify a person, including email addresses.

Data Controller? Processor? What are those?

Here’s a quick definition of each:

Data Controller: Any individual or business who determines how an individual’s personal data is processed.

Data Processor: Any individual or business who processes personal data on behalf of the controller.

As an AWeber customer who collects EU resident data, you would more than likely be considered a Data Controller. AWeber would be considered a Data Processor.

How does the GDPR affect me?

To understand how the GDPR will affect you, it’s first important to understand the key rights the new law protects and how these rights apply to you:

  • Right to be informed: Your EU subscribers can ask about personal data, how it is used, and why it is being used at any time.
  • Right of access: Your EU subscribers can request a copy of personal information at any time.
  • Right of rectification: Your EU subscribers can update (or request updates to) personal information at any time.
  • Right of erasure: Your EU subscribers may request that you or AWeber erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
  • Right to object: Your EU subscribers may unsubscribe from any of your emails at any time.

Knowing these rights allows you to better understand your responsibility in protecting these rights.

How to prepare your business for the GDPR

There’s a lot to think about with the GDPR, and we understand that it can feel a bit overwhelming. So we’ve outlined four steps you can take to help prepare for the GDPR.

1. Continue to abide by AWeber’s terms of service and privacy policy

We recently updated our privacy policy and terms of service for customers, affiliates, and developers who use our API. These updates reflect what we’re doing to be compliant with the GDPR.

Be sure to continue abiding by these terms of service and privacy policy:

2. Get explicit, opt-in consent from subscribers

The GDPR describes consent as “freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Translation: You must explain how you will use a person’s data before he or she gives it to you. If you plan to use a person’s data for multiple reasons, you must disclose all those purposes from the get-go.

For example, imagine you have a weekly blog newsletter. Once a person subscribes, they’ll receive a weekly newsletter from you, as well as an occasional email promoting your product. To be compliant with the GDPR, you must explain on your signup form that subscribers will receive both educational newsletter emails and promotional emails.

There’s been a lot of talk about the need to have checkboxes in your signup form to be compliant with the GDPR. However, checkboxes are not necessary to comply with the GDPR, but are simply one of many ways to prove consent.

Another way to prove consent is by adding simple language to your signup form that clearly explains how you will use a subscriber’s personal data, what kind of content you will be sending them, and how often you will be sending it.

If you do, however, decide to use an optional checkbox on your signup form, make sure your checkbox is not pre-checked. To get affirmative consent, subscribers need to check the box themselves.

Here’s an example from outdoor enthusiast Paul Kirtley that demonstrates how to clearly explain how a subscriber’s personal data will be used:

As you’re reviewing your signup forms, here are a few questions to ask yourself:

  • Have I made it clear to the subscriber what information I am collecting?
  • Have I made it clear to the subscriber why I am collecting their information?
  • Have I made it clear what information I will be sending them?
  • Have I made it clear how often I will be sending them information?

Another common question people have is this: Do I need to have double opt-in (aka confirmed opt-in) now with the GDPR?

You don’t need to have double opt-in to be compliant with the GDPR. You can still use single opt-in and be compliant if you can prove informed consent in another manner. However, there are benefits to using double opt-in, including a more engaged list of subscribers and better deliverability.

For the subscribers who are already on your list, you can send a re-engagement email prior to the GDPR taking effect to confirm continued consent to receive your emails.

You can use AWeber’s new click automations for broadcasts to tag subscribers who click the confirmation link in the email.

2. Create or update your public-facing privacy policies

Along the same lines as gaining explicit consent, it’s a good practice to create, review, and update your public-facing policies around data collection and usage.

As mentioned above, your subscribers have a right to know how their personal data is being used, so make that clear and easy to understand in your policy.

Also, make sure your policies are easy to find. You can do this by adding a link to your policies within the footer of your signup form, emails, and website.

3. Document and communicate a process for data requests from subscribers.

The GDPR requires that you document and communicate a process for subscribers to opt out, make changes to their personal data, request copies of their personal data, or request that their data be deleted entirely from your records.

You may need to document a process for subscribers to make such requests.

Once you have this process documented, you can communicate it through your public-facing privacy policy as well as within your emails.

Here are the types of requests to document and communicate, and how to fulfill them:

Unsubscribing from your list

Under the GDPR, subscribers have the right to object or opt out of your communication at any time.

Your subscribers already have the ability to unsubscribe on their own using the “Unsubscribe” link in the footer of your emails.

However, you can also unsubscribe them manually if they request it, either on a list-by-list basis or by bulk unsubscribing someone.

You can also make this option more obvious by adding it within your email messages. Here’s an example from Ann Handley with her bi-weekly Total ANNARCHY newsletter. You’ll notice she added an unsubscribe link following her signature, with some playful language.

Updating personal data

Subscribers also have the right to rectify or update their personal data at any time.

Similar to the unsubscribe link in your emails, subscribers already have the ability to update their personal data on their own using the “Change subscriber options” link in the footer of your emails. However, you can update their information manually upon request.

Requesting a copy of personal data you maintain

With the GDPR, your subscribers have the right to access their personal data you maintain.

Unlike opting out or update personal data, your subscribers won’t be able to access this information on their own. Instead, they will need to request it from you.

AWeber makes this easy for you to find this information within subscriber management. Using the filters, you can search for the subscriber’s email address. Then using the “Export CSV” option, you can export your subscriber information in a format you can deliver to your them.

Deleting subscriber data entirely from your records

Under the GDPR, your subscribers also have the right of erasure. In other words, the right to be forgotten. That means you must delete their personal data upon request.

Deleting subscribers is easily done within your AWeber account using the “Search All Lists” feature. Simply use the “email” filter to search for the subscriber’s email address. Then check the box(es) next to their name and click “Delete.”

When you delete a subscriber from your list, that subscriber’s personal information will be deleted entirely from your reports and your list. However, deleting a subscriber will not affect your reporting data; you’ll still be able to view anonymous, aggregate reporting data in your account, but the deleted subscriber’s name and email address will be removed.

4. Begin keeping comprehensive records of how you collect personal data.

The GDPR also requires that you can prove the nature of consent between you and your subscribers. This has two parts: showing the signup source in the subscriber data, as well as a copy of the signup form or data collection mechanism from which they provided that consent.

You can accomplish this by either saving the underlying code, a screenshot or PDF you used to collect their information.

Remember: these tips are not intended to be legal advice and in no way represent a comprehensive standard for ensuring the GDPR compliance.

Download our GDPR checklist

Whew! That was a lot of information. Fortunately, we’ve boiled it down to a one-sheet checklist for a quick reference as you prepare for the GDPR.

What is AWeber doing to prepare for the GDPR?

AWeber is already self-certified with both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, and we comply with lawful transfers of EU/EEA personal data to the U.S. in accordance with our Privacy Shield Certification.

Additionally, we are actively preparing to be fully compliant with the GDPR by May 25, 2018.

To help us do so, we formed a dedicated, cross-functional team to organize, lead and carry out the work that needed to be done to bring AWeber into compliance with the GDPR.

Here’s what this team has been working on:

  • Developing a comprehensive strategy to comply with the GDPR
  • Conducting a detailed audit of our personal data and processing practices
  • Updating our terms of service and privacy policy to include the GDPR changes
  • Review our services to ensure we protect the rights of EU citizens mentioned above
  • Developing Data Processing and Security Terms for our customers

Moving forward, we will hold regular training sessions to ensure our team members are always up-to-date on our processes and best practices for helping our customers.

What’s next?

In the coming weeks, we’ll be making Data Processing and Security Terms available to AWeber customers. Keep an eye on this blog post and our help article for an update and link to the terms. Or contact us to request it.

To learn more about the GDPR, visit www.eugdpr.org.

Have questions? Comment below and we’ll do our best to answer them.

Not an AWeber customer? Get the peace of mind of working with a trusted provider. Try AWeber free for 30 days.

The post Your GDPR + Email Marketing Playbook: How to Prepare for the New EU Data Law appeared first on Email Marketing Tips.

Read More

How to Monitor Multiple Social Media Metrics in a Single Dashboard

bo-social-metrics-dashboard-600

Do you manage multiple social media profiles for your business? Looking for an easier way to keep an eye on key social media metrics? Setting up a customized dashboard lets you monitor and report on the performance of your social media platforms in one convenient place. In this article, you’ll discover how to set up […]

This post How to Monitor Multiple Social Media Metrics in a Single Dashboard first appeared on .
– Your Guide to the Social Media Jungle

Read More

How to Generate Leads With Social Media Quizzes

bo-social-media-quiz-560

Do you want to generate more leads? Have you considered using social media quizzes to connect with prospects? Quizzes are a great way to engage your audience, gather feedback and build your email list. In this article you’ll discover how to create social media quizzes that generate leads. #1: Establish a Goal A successful quiz […]

This post How to Generate Leads With Social Media Quizzes first appeared on .
– Your Guide to the Social Media Jungle

Read More