Mumara Campaigns and GDPR – Mumara

This blog attempts to provide an overview of GDPR with a quick guide on how you can ensure compliance if you are using Mumara Campaigns.

Table of Contents

1. What is GDPR?
2. Does GDPR affect email marketing?
3. Collection of data/consent
4. Only double opt-in is acceptable
5. Unbundled
6. No passive opt-in
7. Avoid tricky ways
8. Do an audit
9. Clear and easy opt-out
10. Process removal request
11. Profiling

What Is GDPR?

GDPR is the legislation that came into effect on the 25th of May 2018. It has replaced the previous data protection laws of EU member states, i.e. Data Protection Act and Data Protection Regulation UK.

The scope of the whole law is wide enough to cover every industry/business or entity whether in a personal capacity or as an organization, collecting and processing the data belonging to EU residents.

No matter whether they belong to a region outside of the EU, unless they are collecting and processing the EU residents’ personal data, GDPR would apply.

Does GDPR Affect Email Marketing?

The straight answer is Yes it has already affected email marketing. We believe that still there is a large portion of marketers/businesses unaware of these changes/updates or some of them are confused that if there are some extra measures they need to take to ensure GDPR compliance.

Mumara has a close connection with email marketing and marketers. This quick article has attempted to cover the most important updates of GDPR and how Mumara users can continue using the application without getting penalized.

Collection of Data/Consent

How you collect the data from the recipient’s end has become stricter with GDPR. Regulations and laws working in other regions of the world like CAN-Spam or CSAL do talk about the importance of permission-based email marketing.

But with GDPR, they have expanded the scope of Consent. What they say it should be “Freely given, specific, informed and unambiguous”. Since we have mentioned that this is going to be a quick guide, therefore, we’ll be discussing more specific points without going into the details.

Only Double Opt-in Is Acceptable

For the users of Mumara Email, this part of permission being “Freely given, specific, informed and unambiguous” is not a hard nut to crack. Any kind of non-opt-in, single, or soft opt-in permission is no longer acceptable to protect against the GDPR.

You need to follow this compact process of getting the consent that Mumara Web Forms can offer. Use the web form function of Mumara to easily create signup forms.

Moreover, the process helps you trace back the exact date when the contact provided consent and was added to the system.

Unbundled

Consent should be separate from other terms and conditions. Using double opt-in forms powered by Mumara would help you keep the consent clear, separate, and unbundled.

No Passive Opt-in

Passive opt-ins are no longer acceptable under GDPR. The consent box should be unchecked. And the subscriber should actively check and provide consent instead you providing them readily ticked checkboxes to grab passive consent.

Avoid Tricky Ways

As the consent should be specific and informed, you must not use tricky ways to collect and later process the data for marketing purposes. Like if you are offering a giveaway for an email address, you should clearly mention if the email will later be added to a mailing list and will be used to send newsletters. You can’t just collect an email to offer a freebie and later consider it as consent to send email newsletters.

Do an Audit

GDPR clearly emphasizes that the authorization must be unambiguous. What’s a better way of collecting it when you have the contact’s email with the confirmed status? Also within Mumara, contacts can be categorized as Confirmed and Unconfirmed. And this would work more smoothly if you are using the Mumara signup forms for collecting consent.

If some of the lists have contacts with ambiguous permission, try separating them out using the appropriate filtration option within segmentation. And resort to acquiring fresh and unambiguous consent that can comply with GDPR.

Clear and Easy Opt-Out

Consent that you have collected once isn’t valid for a lifetime. Further, there should always exist a way for the subscribers/contacts to request the removal of their personal data.

With Mumara, you can not only insert an unsubscribe link within your email but also can use global email headers to take one more step and provide a Mailto unsubscribe (List Unsubscribe).

Process Removal Request

Once you have collected the unsubscribe request, process it as soon as possible. The bare minimum you should do is to don’t send emails to the contacts that have requested removal.

Mumara actively performs this function by updating the status of the contacts to Unsubscribe, contacts with an unsubscribed status in the list will not be included while sending future campaigns.

Profiling

Profiling isn’t prohibited under GDPR but there are certain measures that you need to take and ensure that the data is being processed in compliance with GDPR. It uses personal data in a certain automated workflow that would help you predict the behavior of the contact or subscriber.

Email marketing automation, drip campaigns, and trigger-based email campaigns may fall in the scope of profiling. As mentioned, it isn’t prohibited but there are steps that need to be taken.

• When you collect consent make it noticeable to the contact that you will use their personal information for profiling
• Or write it in the consumer agreement if it applies
• Provide contact/consumer a way to request stopping the use of his/her personal data for profiling (Half Profiling)
• Do other necessary steps defined in GDPR and fall under the profiling scope

Click for more EMail Marketing Blogs.

Sign up for Muamra.