GDPR in Email Marketing - The Right to be Forgotten

The GDPR (General Data Protection Regulation) gives consumers better data protection standards, more control over how their personal information is collected, stored, shared and used, and an easier complaints process backed by huge fines if their personal information is misused. A big part of this is the "right to be forgotten".

WHAT IS THE “RIGHT TO BE FORGOTTEN”?

In the GDPR text it is titled "Right to erasure (right to be forgotten)" and has the following information:

Controllers should give individuals, free of charge, at reasonable intervals, electronic means of exercising their rights to access, rectify or delete their data, and their right to object to processing and to be able to verify the lawfulness of the processing

Individuals have the right to have personal data erased where:
• The data are no longer necessary for the purposes for which they were collected;
• They withdraw consent and you have is no other legal basis to use the data;
• They object and there is no overriding legitimate basis for the processing;
• The data have been unlawfully processed

HOW THIS CHANGES EMAIL MARKETING

Marketers need to understand and accept that they can no longer collect data "just in case" or because it's there.

More planning: We need to plan what we want to do, look at the different ways this can be acheived and decide which way uses the least data and the least sensitive/risky data.

More information: We need to tell consumers what we want to do with their data. Why. And why it would benefit them if they agreed.

More choice: Sometimes you need to use data, Name, address and payment details are quite useful for fulfilling an order, but if you want to use data for anything unexpected, optional or for a reason other than the reason it was collected, the individuals have a right to object, have their information deleted or not provide it in the first place.

More proof: Your customers can request details about the data you hold and how it's used. So can the regulators. You need to start collecting some details which show where you obtained data, what options/choices/information you gave prior to data collection. And you need to store it in a way which make it easy to respond to queries and complaints.

Less data: You need to work out how you can deleted or anonymise data. And you should probably look at ways for people to get your emails or buy from your site anonymously - but use this time to explain the benefits of sharing their details with you.