NOTE: This is the second in a series of articles addressing the GDPR and its effects on email marketing. For an overview of the subject, see our previous article: GDPR and Email: Part 1, an Overview.
No aspect of the General Protection Data Regulation (GDPR) has generated more confusion and misinformation than Article 17—the notorious “Right to Erasure” clause.1 Partly, this confusion is a result of the GDPR’s failure to address email regulations head-on, choosing instead to try and tackle the privacy issue on a grander scale (you won’t even find the word “unsubscribe” used anywhere in the GDPR or its “recitals”).
As we mentioned in the previous article, whether or not you’ll need to concern yourself with the ramifications of the GDPR will depend entirely on your subscriber base, and whether or not you actively seek subscribers in countries that belong to the European Union. If all your subscribers are in the United States, then you have things pretty easy. If a good percentage of your subscribers are in Europe, then you’ll probably want to make sure you follow the rules laid down by the GDPR. The fines for ignoring it are steep.
Forgetting Isn’t Unsubscribing
The most important point to remember is that “forgetting” and “unsubscribing” are two different things. When a person asks to be unsubscribed, they are saying: “I don’t want to receive any more email from this source.” Sometimes that means unsubscribing from a specific topic. For instance, you might unsubscribe from PC World’s Tech Deals newsletter but still receive their Daily News updates. Sometimes it means unsubscribing from all the mailings a company sends.
Forgetting—or the “right to erasure”—is another animal entirely. In this case, the subscriber is asking not only to be removed from your active mailing list but to have all identifying information removed from your system, with the possible exception of the email address used to verify the erasure request. When a subscriber asks to be forgotten, all personal data must be removed from the database.
Why does it matter?
Right now, nobody knows what effect the GDPR will have on email subscriptions, but some sources predict dire things. Pegasystems, a provider of customer engagement software, reports that 82% of European consumers plan to exercise their new rights to view, limit, or erase the information businesses collect about them, although the article goes on to say that only 21% of those surveyed had any idea what GDPR is or what it enables them to do. According to a survey commissioned by Veritas and conducted by 3GEM, 40% of British consumers plan to exercise their GDPR data rights.
One country that might live up to the dramatic figures for erasure requests is Germany. One need only compare Google street views for Germany versus any other country in the world to see that Germans love their privacy. People had to request that their buildings be blurred out, and Germans did it in droves. Will they do likewise with the GDPR’s right to erasure?For most, we suspect that the unsubscribe will suffice.
How to Forget
How each email marketing software provider (ESP) contends with the right to erasure varies. Some ESPs instruct recipients to send them an email if they want to be forgotten, while others remain silent on the means to be forgotten. For our own part, we decided to automate the feature in Symphonie, so if it’s enabled by the administrator, recipients can choose to be forgotten with no manual labor. If the number of requests to be forgotten for European users climbs as high as some suggest this could be a big labor saver for Symphonie users.
As mentioned previously, the true test of these clauses in the GDPR will be put to the test over the next few months. Given the ability of people to find loopholes where the creators thought none existed, we’re sure to see some amendments to the regulation.