It’s been over a year and a half since the new General Data Protection Regulations (GDPR) were introduced, so you’re probably aware of these by now. Under this new legislation businesses had to double their privacy settings and follow new rules in regard to collecting, using and keeping sensitive personal data. At the time this meant a lot of changes and to this day means that companies need to consider at every stage of their business, but particularly during their marketing efforts. Otherwise, they could face a huge fine.

It’s that time of year when many retailers or providers are spreading Christmas cheer by slashing their prices or offering discounted rates to their customers. And one of the best ways to let them know about this is through seasonal email campaigns. The thing is, before you begin sending out your promotional emails you need to make sure you’re ticking all the right boxes and that you’re fully GDPR compliant.

We understand that following the rules for Christmas promotions and remaining compliant can feel like a huge task. Though hopefully your business has good systems in place throughout the year to help you do this. But just in case you’re feeling unsure, we’ve put together this guide to help you prepare for the festive rush. Here are six things you need to take into consideration when creating your Christmas email campaigns.

  1. You’ve got a list, but you need to check it twice

Let’s start off looking at the data you already have. If you’ve found an old ‘Christmas’ list on your system, it can be tempting just to fire off a round of emails and try to re-engage customers from the year before. Sadly, this could leave you in breach of GDPR. It’s OK if you want to send seasonal promotions to them once again, but first you must get re-permission to do so.

This means sending them a request outlining how you want to use their data, suggesting the benefits of them once again agreeing to receive your Christmas communications. Some might opt back in; in which case they can be added to an updated list. For those that opt-out or don’t respond it’s important that you remove their details from your systems as soon as possible.

  1. You must always get consent

One of the biggest parts of GDPR is consent. You need to make sure that before you collect anyone’s data you explicitly ask for their permission to do so and you clearly outline how you intend to use this information. If you are using personal data and you have not been granted permission from the individual, you could find yourself facing a lot of backlash and potentially even a hefty fine. There are some simple steps you can follow to ensure you always get consent; these include:

  • Getting clued up on what is classed as personal data under GDPR
  • Using simple sign up forms that are easy to read and understand
  • Always outlining how the data will be used – again, using simple language
  • Keeping a record of how and when you’ve asked for consent from each individual
  • Reviewing consents regularly
  1. Only gather the essential data and use it for its intended purpose

If you’re offering promotions and asking customers to sign up, you need to make sure that you’re not using the data outside the remits you have set out. So in this case, it’s likely that you’ll be offering promotions specifically for Christmas and the festive period. As such, you should never share these details with third parties or use them for anything outside of the Christmas promotions you’ve promised, unless they’ve given you explicit consent to do so. You should also avoid collecting unnecessary data. If you only need their name and email address, then only ask for this information.

  1. Be careful with checkboxes

When you’re asking for consent you might want to use pop-ups and sign up forms. If you’re going to do this, you need to be careful with your checkboxes. A classic marketing technique used to be pre-ticking opt-ins without really asking for consent. Because of GDPR, this is no longer an option. You need to make sure that you’re not doing anything to try and trick users into signing up for your email campaigns if they don’t actually want to receive marketing materials from you. This includes old tactics such as adding “tick here if you don’t want to receive emails from us”. These can be misleading and can land you in trouble thanks to the new regulations.

  1. Don’t keep the data longer than you need

GDPR states that you should only keep an individual’s data for as long as is necessary and within the bounds of its original purpose. So, once you’ve used the data for its intended purpose ideally you should remove it from your system, again, unless the customer has explicitly given consent for you to use their information in the future. This is particularly true for Christmas promotions. After all, if someone has used your services and signed up for a promotional offer to get someone a gift, this doesn’t mean they’ll be buying other products from you all year round.

  1. Make sure there’s an opt-out

You need to make sure that you provide an opt-out option for those who have signed up to your Christmas campaigns. This is usually found either at the top or bottom of the email and should be a simple unsubscribe button to make it as easy as possible for users. This is because customers have the right to opt-out whenever they want, and they shouldn’t have to jump through hoops to do it.

So, in order for your Christmas emails to remain GDPR compliant, you’ll want a clear opt-out option. And while you might think it’s a bad thing as making it easy for individuals to opt-out makes your email lists smaller, it also means that you’ll only be sending communications to those who actually want to receive them. This, in turn, will lead to higher conversion rates and better sales – so it’s a good thing really.

By Linda

Linda Green: Linda, a tech educator, offers resources for learning coding, app development, and other tech skills.