Email Marketing is Big Business
Email marketing is now the predominant way in which businesses attempt to reach new customers as well as maintain relationships with existing customers. As a result, the global market for email marketing in 2016 was US$4.5B. The size and growth of the market has led to the rise of dozens upon dozens of email marketing companies serving businesses of all types and sizes. Not counting email tracking services or larger marketing automation services, G2Crowd lists over 100 email marketing services on their market presence and customer satisfaction grid.
When the GDPR goes live in May 2018, continued reliance on email marketing for building and maintaining customer relationships in the European market – which is the second largest market for email marketing behind the Asia Pacific market – is going to require companies to make significant changes in the way they conduct their email marketing practices.
The GDPR Requires Proof of Opt-in (not opt-out) Consent
The current prevailing practice for collecting email addresses for marketing mailing lists is to bury a pre-ticked “subscribe” checkbox somewhere on an order or registration form. Such practices will not be compliance under the GDPR. As stated in Recital 32 :
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her . . . Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
Not only do email marketers need to obtain opt-in consent from email recipients, they also need proof of the opt-in consent. As written in Article 7:
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
Implications for Data Controllers
As for collection of new email addresses, most companies at a minimum will have to change their “subscribe” buttons from checked by default to unchecked by default. As for existing mailing lists, there are three options: (1) delete the whole mailing list and start over; (2) attempt to segregate EU addresses from non-EU addresses; and (3) contact the addresses asking them to opt-in to continue receiving emails after the GDPR goes live.