Building an email marketing database is an essential part of using email as a medium for keeping in touch with your customers.
However, it’s important to remember that when it comes to building and managing your database, you need to comply with the General Data Protection Regulation (GDPR).
The GDPR is a set of regulations designed to protect the personal data of individuals within the UK and European Union (EU). It applies to any business or organisation that processes the personal data of EU residents, regardless of where the business is located.
Brexit saw the introduction of a Data Reform Bill which, in essence, is a carbon copy of the GDPR legislation. It’s important to remember that this legislation could change and differ from GDPR. However, at the time of writing, if you follow the GDPR rules, you’ll be fine.
Here are some key considerations for building and managing an email marketing database in compliance with the Data Reform Bill and GDPR.
1. Obtain explicit consent
Under the GDPR, you must have a legal basis for processing an individual’s personal data. One way to do this is by obtaining explicit consent. This means that you must clearly explain how you will use the personal data you are collecting, and individuals must opt-in to having their data collected and used for marketing purposes. Most email marketing platforms have “double opt-in” which is how we would advise you work.
2. Keep it organised
It’s important to keep your email marketing database organised and up-to-date. This means regularly cleaning out inactive or invalid email addresses, as well as updating any changes to individuals’ personal data. Tools like HubSpot are great at doing this, which if you’ve had an email from us in the past we will have used.
3. Respect opt-outs
The GDPR gives individuals the right to object to the processing of their personal data for marketing purposes. If an individual opts-out of receiving marketing emails from you, you must honour their request and remove their email address from your database immediately. Don’t forget, if you use multiple systems to opt them out, you could use Zapier to automate this.
4. Secure your database
You are responsible for protecting the personal data of your email subscribers. This means taking appropriate measures to secure your database, such as using encryption and implementing access controls. You could end up with a fine from the ICO if you have a data breach.
By following these best practices, you can build and manage an email marketing database that complies with the GDPR and respects the rights of your subscribers.
When collecting data, we’ve seen customers using some of these techniques for collecting data – all of these can land you in hot water… and won’t necessarily get you a great rate of engagement.
- Export all of their contacts from LinkedIn and email them
- Go through a local magazine and make a note of all the email addresses
- Using data where people have not explicitly opted-in for marketing communications from their website enquiry forms or checkout
- Going on Google, searching for their target audience and collecting email addresses
We’re not lawyers…
It goes without saying that we’re not lawyers and this advice should be seen as a general guide and not legal advice.
If in doubt, have a look at the ICO who have an extensive guide. We can also have a look at the blog post from 2018 that we did with Steve Kuncewicz – while things have changed since then, some of the core principles remain the same.