It is probable that the General Data Protection Regulations will become law later this year and the implications for email marketing are quite wide, although by no means difficult to comply with. A few weeks ago we covered how the GDPR effects big data. The popular media have picked up on a different aspect of it.
It was expected that the right to be forgotten, or right of erasure in the words of the regs, would be limited to the requirement of social media, if requested, to delete posts made when a person becomes an adult. The new law will go much further and include a right for a person to demand any company holding personal personal data to erase it if requested.
Email marketing lists are all about personal data of course and it might seem that we will be inundated with such requirements. This might happen but it is unlikely. Let’s look at the legislation.
Briefly, if certain conditions apply, you must comply with the request if there is no compelling reason not to. These conditions are not oppressive and are more or less what you should do when you regularly clean your databases. You can see the full circumstances here, https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/the-right-to-erasure/ , but in essence they are:
- If the individual withdraws consent, or objects to processing and there’s no overriding reason to keep it;
- When it is no longer necessary given the original purpose;
- When it was unlawfully processed;
- When there is a legal obligation to erase the data;
- The information relates to a child.
(This is a précis of the requirements and the full details can be found on the above link.)
There were were limitations under the old regulations but these no longer apply. There are a few specific conditions when a demand for erasure can be refused but these apply only in special circumstances.
Whilst the GDPR are by no means as oppressive as has been reported by some media outlets, they do place certain additional obligations on those who hold personal data, and for email marketing in particular. In a later article we will cover the way you can ensure compliance without it impacting on your business.