The General Data Protection Regulation (GDPR), a new law passed by the European Union two years ago with implications for email marketing, started enforcement on Friday, May 25th, 2018.
Some users have asked us whether GMass is GDPR-compliant, so let’s discuss that now.
First, the Bottom Line
Since GMass is just a plugin and we don’t help our customers collect any user/subscriber data, there is nothing GMass can do to make sure you are GDPR-compliant. Essentially, this law doesn’t apply directly to GMass itself, other than how we conduct our own email marketing for our own business.
However, GMass users need to take action on this individually. That’s because a typical marketing service might have a feature that helps its users create opt-in sign-up forms, but GMass doesn’t have that — our users have their own opt-in forms, and they have to get their data into a spreadsheet somehow in order to use GMass.
Making Sure You’re Compliant
There are a number of important issues to keep in mind to make sure your GMass marketing campaigns are GPDR-compliant (and, again, this applies regardless of whether you use GMass or some other service). Generally, all these rules are intended to prevent email marketers from collecting data about users without their explicit consent:
- Be aware of which data is protected: GPDR does not only apply to data gathered after May 25, but data gathered before as well (in fact, it applies to any data collected after the passing of the law two years ago). And it applies only to data collected from clients living in Europe. Bear in mind, even if you are not based in Europe, the GPDR applies to you if any of your clients live in Europe.
- Be aware of the risks of non-compliance: There are serious fines: “Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher”. And that’s for the “lesser” infractions!
- Always obtain active consent for being on your email list, not just passive consent. This means for a user to grant consent, the user must, for example, check a checkbox. Pre-checked checkboxes don’t count!
- Store your email recipients’ consent: This includes who they are, when they consented, and what they were consenting to.
- Allow people to easily withdraw consent.
- You don’t need consent to include organizations (companies, schools, etc.) on your mailing list. This is because the GDPR is meant to protect individuals, not organizations.
Although there has been much media coverage about GDPR, the good news is that by taking some basic precautions, you can continue to use GMass and Gmail without concerns. Not only will you be complying with these regulations, you’ll be enhancing your brand by assuring clients that you take their privacy seriously.
If you would like to learn more about the GDPR, here are some helpful resources:
- eugdpr.org, an informational portal about the GDPR.
- Google’s page on their commitment to compliance with data protection laws.
- A useful YouTube video on GDPR and email marketing.
Ajay is the founder of GMass and has been developing email sending software for 20 years.