I’ve had some strange emails over the last week or so. Some are ostensibly email marketing, others are newsletters, and most of these have been generated by the need to check my permissions. This is cutting it fine.
There is a variation of forms of enquiries. One, from a company which I subscribe to their email marketing list, had their normal banner and then a paragraph on the GDPR. It wasn’t a bad summary, covering the basic requirements on permissions in a few sentences.
There were boxes underneath with a brief description of what one would be signing up for. This was followed by another paragraph of text, extolling the privacy virtues of the company. Finally, right at the bottom, below the fold, was an offer of a reduction on one of their products. I had no use for it so the email was not well targeted.
It was not the best way to encourage me to sign up. How much better to have been a real bargain.
The email is unlikely to arouse angst in the corridors of the ICO, but there’s little doubt that it does not conform to the regulations. It made the self-praise regarding concern for privacy open to argument.
It was not the worst abuse. I had an email asking virtually the same questions but without even the offer at the bottom. This is a step too far as I had not given permission for off the cuff emails. A company has recently been fined for such a breach of privacy by the ICO.
A newsletter, for which I was on a subscriber’s list, came via email last month which was dedicated entirely to the GDPR apart from the boxes to tick to continue receiving it. It was the only bit of legislation ever to totally dominate their newsletter or even be a major part, so there’s some doubt that it conformed to the provision I signed up for about two years ago.
One would expect companies which are so far behind their competitors to push the boundaries a bit in order to catch up, but care must be taken. If you have dragged your feet and are only just realising that time is not so much tight as gone, you will be wondering what you can do.
You need to work out what is the main interface between you and specific customers. If it is the website, then they are home and dry. If it is via emailed invoices then there’s nothing wrong with asking customers to check their permission or just tick a box to continue as a subscriber to an email marketing list.
Newsletters are a convenient route although what subscribers had signed up for must be taken into account. In the event that the permission was explicit, there’s nothing wrong in including a request, even above the fold, as long as it does not overpower the text.
Similarly, it is permissible to include a request to check permissions in a marketing email. Ask again on the landing page and in the acknowledgement of the order.