As a brief recap, GDPR is the European Union’s General Data Protection Regulation that is going into effect on May 25, 2018. This piece of legislation very firmly establishes the principle of data privacy as a fundamental human right. It includes the right to be forgotten, the right to opt-out of automated decision-making, and specific obligations for companies regarding transparency around how they are using and processing data. For more information about GDPR and how it may affect your business, check out our GDPR microsite, and to learn more about what might prompt the need to re-permission a contact see our GDPR FAQ linked here.

Due to the new opt-in requirements around consent, many marketers are re-permissioning their subscriber lists, by effectively sending them a double opt-in, or re-engagement campaign. They are then opting out any subscribers that do not submit a compliant opt-in form by the GDPR deadline. The problem is, most marketers are getting this step wrong. Don’t be one of them.

It may be tempting to send the re-permissioning campaign to everyone in your marketing lists that has previously opted in, but the same best practices for data quality apply to these efforts as well. Sending to old data (email addresses that you would not regularly include in campaigns), unengaged populations or to unverified contacts has potential to hurt your sending reputation. For some tips on how to send a GDPR re-permissioning campaign while avoiding the potential pitfalls, keep reading!

Note: Information contained in this blog post should not be considered legal advice; it is for informational purposes only. Consult your compliance department or legal counsel for specific guidance.

1. Don’t send to previously opted out contacts. Updated consent can only be obtained from contacts that are already opted in to your marketing communications. The purpose of the re-permissioning is to update the consent to meet all the GDPR requirements. If a contact has unsubscribed in the past, you are not allowed to reach back out to them to gain a new consent.

2. Complete all efforts to re-permission before May 25. Re-permissioning is no longer permissible after that date. Continuing to mail to these contacts after that date, without sufficient permission, will result in the company being in violation of GDPR in the midst of efforts to comply.

3. Suppress any unengaged subscribers that have not opened a mailing in 12 months or more. This should be done before beginning the re-permissioning campaign (you can find steps for doing this with ClickDimensions here). Recycled spam traps are a significant danger if every email address ever collected goes through the re-permissioning campaign. This is especially true the longer the company has been in business.

4. Make sure that the consent collected is GDPR compliant. At a minimum, this means no pre-checked boxes on your form. Make sure to research what is required for the specific types of communications sent to your subscribers, and when in doubt, contact legal counsel.

5. Make sure the email clearly explains what’s being asked for. Be aware that many consumers are not aware of GDPR. Mentioning it in the subject line might be confusing and reduce open rates if subscribers don’t think it applies to them, though it is definitely a good idea to provide them with links to relevant resources.

6. Understand that this may result in a significant reduction in list size. And that is okay. You should at least expect a lift in open rate and hopefully click rate by purging contacts that do not confirm their opt-in.

The ultimate thing to remember about GDPR is that while it may seem like a pain for those of us working in marketing and technology (especially the professionals who sit at the intersection of these two), ultimately this regulation can be a force for good to restore trust with consumers. It is my hope that increased trust will lead to increased engagement and ROI for brands that properly adhere to the regulation.