The headline is not hyperbole, nor is it an exaggeration. It is not even a sub-editor working with a hangover. It is true. Remarkably, the person who causes some subscribers to leave will be you.
You have already formed the opinion that it is all down to the GDPR and to an extent you are correct. However, it is probable that some of what is on your email marketing lists is a breach of the previous regulations. The main difference now is the increase in the level of fines.
You may have read that a while ago that Wetherspoons was fined £400,000 for breach of the ‘old’ regulations. Had it been prosecuted under the new regs, the maximum fine would have been in excess of £55 million, or 4% of annual worldwide turnover.
Many companies are ensuring that they have the necessary permissions for the processing of personal data. As an example, it has received two marketing emails today which included a statement of what permissions I had allowed and that if I wanted to check then I should go to a specified location on their website.
My assumption is that both companies have been addressing their permissions and had decided to ensure their records were correct. Both enquiries were from companies whose email marketing lists I had subscribed to for some years, starting when regulations and enforcement were a little lax.
I went through the procedures with both companies, checking the permissions they were working with. The level on both was fine and amounted to little more than email marketing on both and an e-newsletter on one.
On one email there was the hot-linked headline ‘Privacy Statement’ and on the other, there was a privacy statement included on the page. You can probably see the argument for each option. It was clear that both privacy statements had been written to comply with the GDPR.
There were opt-out hotlinks on both landing pages. It was clear that a fair degree of thought had been given to the process of checking permissions of those on their email marketing lists. I remained on them and made no adjustments. This, I would assume, would be the norm.
Before you start sending out emails to your subscribers and others whose personal data you hold, remember that they must have given you permission to send them unsolicited emails. Most importantly, you must be able to support these permissions.
An option is to bring to customers’ attention their rights under the GDPR on other correspondence, such as receipts, newsletters, or any interface, including telephone conversation.
It is probable, almost a certainty, that some subscribers will ask for certain details to be deleted and that others will demand that all their personal data be removed. One can’t blame them after recent disclosures from Facebook. This should be expedited of course.
Pre GDPR it might have been excusable to keep the data where permissions were, shall we say, obscure. This is no longer acceptable.
One last warning; if you use third-party data, can you prove you are processing it legally?