What You Need to Know About the GDPR (and How It Affects OptinMonster)

On May 25th, 2018, the long-awaited General Data Protection Regulation (GDPR) will go into effect. Many of you have already been hearing about GDPR the past several months. That’s because this new regulation makes some big changes to data privacy and individual rights for people in the European Union (EU), and affects businesses around the world.

Speculation about GDPR has caused some panic among business owners and marketers. A lot of misinformation is being spread, and we have received many questions from our users about what this change means for you.

In this post, I want to explain about how the GDPR may affect your online lead generation and email marketing, and how OptinMonster is working to help you stay ahead of the curve and keep converting visitors into subscribers and customers.

Note: This article does not constitute legal advice. We recommend consulting with professional legal counsel to make sure you’re compliant with all GDPR regulations.

Is This the End of Marketing in the EU?

Because GDPR requires you to get explicit consent before collecting email addresses or sending any marketing emails to EU citizens, some folks have jumped to the conclusion that they need to stop email marketing altogether, or completely block website visitors from the EU to avoid facing huge fines and penalties.

Thankfully, that’s just not the case.

Straight from GDPR, here is what they define as consent:

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

There’s been a lot of speculation about how exactly this should be put into practice. But it’s only that – speculation. GDPR doesn’t tell you exactly how you need to obtain consent.

That said, there are a few methods that are being talked about and put into practice around the web.

To help you to figure out exactly how GDPR may effect your email marketing, and how OptinMonster can help you to keep generating leads, let’s take a look at a few possible approaches to the “GDPR problem”:

  • The Avoidance Approach
  • The Average Approach
  • The Smart Marketer’s Approach

Let’s take a look…

1. The Avoidance Approach: Ignoring the Issue

The GDPR is 200 pages long – that’s a LOT of legal mumbo-jumbo to sort through.

It’s easy to just throw your hands up in the air and give up marketing to EU citizens altogether.

Well, that is one approach… but there are some serious risks involved here:

  • If you keep doing email marketing as usual without gaining proper consent, you could be fined millions of euros.
  • If you block all visitors from the EU, you’re missing out on a HUGE customer base and throwing away all that potential revenue.

There’s a better way.

Next let’s take a look at the average approach, which is the most common so far.

2. The Average Approach: Always Ask for Explicit Consent

The past few weeks, you may have seen your inbox flooded with emails asking you if you still want to remain subscribed.

This is the approach many businesses are taking – to get consent via email, either with a “re-consent” email, or with a double opt-in email for new subscribers.

The double opt-in confirmation email can be used to get explicit permission to send marketing emails. The email could be as simple as this example from Preact CRM:

gdpr double opt-in example

Here’s another simple example from The Pool, although their button CTA could be considered problematic. The button text could be improved by changing it to something more specific, like “I Consent” or “Sign Me Up”.

example double opt-in

The double opt-in method has some benefits:

  • They won’t receive any further emails unless they click the button to agree to them.
  • The subscriber’s consent will be explicit, so their data won’t be used unless they consent.
  • A record of their consent is automatically kept by your email newsletter service provider.

Using a Required Checkbox to Get Consent

Besides double opt-in, some businesses are choosing to use another method to get consent from all new subscribers: a checkbox on the optin form itself. Unless the visitor checks the box to agree, they won’t be able to submit the form to sign up.

Note: It’s a common misconception that checkboxes are specifically required by GDPR. This is just one method some businesses are using to get clear consent.

With OptinMonster’s customizable forms and fields, you can add a consent checkbox to any optin campaign.

An email signup popup with a Consent checkbox option that says "I agree to receive personalized marketing emails. There is a settings sidebar to the left with the options including: a "Required" toggle, Field Label text box, and Field Name text box

You can choose to make the checkbox Required. If the checkbox isn’t checked, the visitor will not be able to subscribe.

The Field Name setting in the left-hand is especially important for GDPR compliance. For full compliance, you’ll want to use Field Mapping for your checkbox field and all personal data fields.

Field Mapping is how you connect the data fields in your optin forms with your Email Service Provider’s (ESP) subscriber database.

You can use Field Mapping to carefully control where, how, and if each subscriber’s personal data is stored. By doing so, you can make sure that you are following GDPR rules.

Field mapping is currently available for users with these integrations. The exact process for mapping will be a little different for each ESP, but it all starts by carefully choosing the Field Name for each field. You’ll have to match that name with the Field ID in your ESP to control how you use that data.

For more on adding fields to campaigns and Field Mapping, watch this video:

What Makes This Approach “Average”?

Using double opt-in and/or checkboxes is a clear way to get explicit consent.

But there’s a downside. You’re going to be missing out on a lot of subscribers and leads who miss your double opt-in email or don’t want to be bothered with a checkbox.

Double opt-in creates a longer signup process for subscribers. The more steps there are, the more likely it is that some people won’t complete them. People who signed up actually WANT to have a relationship with you, but that’ll never happen unless they click the double opt-in. If they miss your email or forget to click, you lose out on a lot of potential revenue.

One huge benefit of single opt-in is that when a subscriber signs up, they’re immediately on the list. That allows you to grow your list fast, and connect with new subscribers more quickly.

But in the era of GDPR, can you have it both ways?

If you’re smart, you can. Here’s how…

3. The Smart Marketers Approach: Geo-Targeting

A smart marketer can get consent only from EU visitors, WITHOUT requiring other users to jump through extra hoops.

Using OptinMonster’s Geo-Location Targeting, you can create separate campaigns targeted to specific locations. We’ve also just added a new feature so you can easily target or exclude the entire EU at once for each campaign you create:

eu geotargeting for gdpr

Best of all, you can actually choose to enable double or single opt-in on a per-campaign basis. Here’s how to enable single or double opt-in with MailChimp, for example.

That means you can require EU visitors to complete the double opt-in process, while adding visitors in other countries to your list right away.

Here’s how you can unlock geo-location targeting in your OptinMonster account today.

Remember, to ensure full GDPR compliance, we recommend getting professional legal counsel.

Common Questions About GDPR

There are a few more common questions we’ve gotten about GDPR and OptinMonster that we’d like to help you out with.

Do I have to comply with GDPR even if I’m not in the EU?

Yes, GDPR applies to all companies that control and process EU data, no matter where your business is. That includes you if you collect the email addresses of any EU citizens.

Can I still offer a lead magnet in exchange for someone’s email address?

Yes, absolutely. You just have to get their consent to send the lead magnet, AND get their consent to follow up with marketing emails. Keep in mind: just because they requested your lead magnet doesn’t mean they also consent to your newsletter.

You can do this with double opt-in emails, as we talked about earlier.

And using OptinMonster’s geo-location targeting, you can make sure that EU residents are asked for explicit consent, without reducing your email signups in other countries.

Do you offer a Data Processing Agreement?

Yes, our Data Processing Agreement (DPA) offers terms that meet GDPR requirements, and reflects our data privacy and security commitments to our customers.

If you’re processing personal data on behalf of EU/EEA individuals, you can sign this agreement here.

We’re also offering a GDPR Audit Concierge service for our customers. If you’re being audited, we want you to know we have your back and will get you any data we have that can help you comply with the audit.

You can find all these and more resources on our GDPR page.

What’s Next?

If you’re not getting clear email marketing consent from EU subscribers, then please consult with a lawyer and implement the tips suggested above before May 25, 2018.

If you have a friend who’s using a non-compliant lead-generation solution, then let them know about this post and convince them to get OptinMonster today!

(Yes, we have an affiliate program, so you can even earn some extra $$$ too ;))

But in all seriousness, we’re committed to helping you convert visitors into subscribers while complying will all legal requirements and delivering the best user experience.

As always, I want to thank you for using OptinMonster. We’re proud to help you build your email list in a “GDPR Friendly” way.

Thomas Griffin, Co-founder and President of OptinMonster

Not using OptinMonster yet? Stop losing subscribers and get started with OptinMonster today.

About OptinMonster

Over the years, we found that many businesses struggle to collect emails simply because the tools aren’t easy to use and are far too expensive. So we started with a simple goal: build powerful enterprise-level technology to help businesses grow their customer base and revenue.

Since our launch in 2013, we have been improving conversions for small independent businesses to Fortune 500 companies. Over a billion people see a website with OptinMonster on it every month. Our customers are seeing huge increases in their subscriber growth and overall sales.

Press Contact

OptinMonster PR & Communications: [email protected]