GDPR Looms: Do you have proper proof of consent on file?

Tom Ellengold
GDPR Looms: Do you have proper proof of consent on file?

With full GDPR enforcement only a week away, there is only a short amount of time left to ensure your proof of permissions are set in place.
GDPR sets the consent bar higher than what was required in the past. Of course, you already will have updated your sign-up forms to comply with the new requirements, but what about all of your existing subscribers?

Surely, you won’t be expected to produce the newly required information for subscribers that you have had a healthy relationship with for the past few months/years…would you?

Actually, you will… GDPR does not include any kind of a grandfather clause for existing subscribers. This means that once enforcement begins on May 25th, in each case you should receive a request for proof of consent, you will need to have all the necessary items for all subscriber addresses that you mail to.

In reality, GDPR was officially approved way back in April 2016, but it is not being fully implemented until May 25th. These past 2 years can be looked at as both the advanced warning and grace period for getting in line with the upcoming requirements.

OK, so now what? Well, they say the best time to plant a tree is 50 years ago, but the second-best time is now. So, if you haven’t already done so, you should start putting together a re-permissioning campaign.

You will want to reach out to all of the subscribers that need updated permissions and explain to them what is going on and have them take an affirmative action to grant you that express permission. (Simply opening the re-permission email is not enough, they would need to click a link or fill out a form, etc.).

The exact form and flow of the message is really up to you as long as it includes all the necessary items to bring you in-line with GDPR requirements.

A good reference for covering all the GDPR opt-in consent and message content requirements can be found here in our CSA Compliance Checklist. Following the CSA requirements will help ensure you are in good standing for GDPR consent compliance as well. This checklist can also be used as a guide to set up compliant sign up forms, if you are still working on those *cough* slacker *cough*. Ahem, Excuse me.

(*Ever obligatory disclaimer that we aren’t lawyers and you should always verify with your own legal counsel)

Since you will already be putting in the leg work for the re-permissioning campaign, you may decide to take this opportunity to also draft a slightly different version of the message to reengage some of your older / inactive users at the same time.

As always, the Deliverability team and your Account Managers are standing by to assist you with creating a successful strategy and deploying your reactivation campaigns as well as answering any lingering questions you may have.

Recent Articles