GDPR Email Marketing Flow Chart
It can be confusing to know where to start when you're getting your mailing list ready for the upcoming GDPR.
Download this flow chart and you'll be able to see what you need to do for the different types of people on your mailing list.
Non customers - 'consent'
There's a new, higher standard for consent under GDPR, so you'll need to check if you've reached this standard with all of the consent you've gathered so far.
Consent under GDPR must be clear, use a positive opt-in (no pre-ticked boxes!) and easy to ‘opt-out’ from later. For more info, check out our consent check-list.
From the ICO's guidance on PECR:
You must not send marketing emails or texts to individuals without specific consent. There is a limited exception for your own previous customers, often called the ‘soft opt-in’.
Previous customers - 'soft opt-in'
If your organisation sells tickets, then soft-opt in is another option available.Soft opt-in can be used when a customer has bought a service or product from you, or negotiated a sale (they may have been part-way through buying tickets and left them in the basket). This means you can send them marketing material - but it must be about similar goods and services. Not only this, but you must give them the option to opt-out each time you send them an email after this.
When it comes to contacting companies - there's some more good news. You don't need consent to email companies - if you are emailing a non-personal email address without a name (such as info@ or admin@). If not, you will need consent. However, you can still rely on the soft opt-in. For example, if a school class bought tickets from you before, you can still send marketing messages to the teacher, so long as you include an ‘opt-out’ or unsubscribe link in each subsequent email you send them.
Here's the official guidance from the ICO:
You can send marketing emails or texts to companies. However, it is good practice to keep a ‘do not email or text’ list of any companies that object.
Note: This is intended to provide an overview of GDPR and is not a definitive statement of the law.
For a definitive guide, check out the Information Commissioner’s Office website.