Getting consent to send your subscribers emails and marketing information is fundamentally important, not only so that you can send your future campaigns legally but so you can be 100% sure that person wants to hear from you.
The clock’s ticking and with a zero-tolerance approach and heavy fines being introduced, you can’t take the risk of not being able to prove consent. Sending to someone who hasn’t explicitly told you they want your want your articles, advice, newsletter emails and other marketing will leave you in deep waters once the GDPR comes into effect.
Where B2B communication stands now
At the moment we’re able to assume consent if the person we’re emailing doesn’t unsubscribe or opt-out of those messages. If someone’s subscribed to you 2 years ago but hasn’t opened an email since, you can still send to them as they haven’t chosen to physically opt-out yet. In future, this won’t be enough.
You can no longer assume you have someone’s permission
When the changes come into effect, consent can no longer be implied, and an indication or an assumption of consent will not be enough to keep you on a clear track.
Silence, pre-ticked boxes or inactivity should not constitute consent – Recital 32, GDPR
Stating: “If you don’t want to hear from us again, tick this box or click this link” in the small print at the end of an email will not be enough.
Consent needs to be explicit
The savvy among us will make sure they have explicit consent to use a person’s data or to send them emails and marketing. Explicit consent means the subscriber must take a positive action to consent to your marketing.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of agreement – Recital 32, GDPR
Not only that, but your subscriber must be clearly informed of how you will use their data and exactly what they are consenting to. This means no more hiding behind jargon full privacy policies.
As a minimum they need to know:
- The identity and contract details of whoever controls their data
- The purposes of processing their data
- How long their data will be stored for
- Their rights to access, erase or to object to the processing
The request for consent shall be presented in an…intelligible and easily accessible format using clear and plain language – Article 7.2, GDPR
Consent needs to be provable
Because of the increased risk of fines and legal action, you want to be able to respond to queries and complaints quickly and easily.
The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data – Article 7.1, GDPR
This means when you gain consent you should collect it in a manner which shows where and when consent was requested and given, and what the context or detail of that consent was.
It should be as easy to withdraw consent as it is to give it
Controllers must inform data subjects of the right to withdraw before consent is given. Once consent is withdrawn, data subjects have the right to have their personal data erased and no longer used for processing.
Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment – Recital 42, GDPR
What to do?
The important thing here is not to worry. This all sounds scary, but taking the right steps now will prevent this from becoming a major issue 18 months down the line. Take a look at these 6 steps, give us a call on 01672 505050 or drop an email to firstname.lastname@example.org to chat with one of our specialist advisors.