The GDPR replaces the Personal Data Protection Act (Wbp) and not the Telecommunications Act or the E-mail Code . The Wbp dates back to 2001 and much has changed since then. The Wbp simply needs to be replaced. The GDPR applies to the entire European Union and has two important consequences: strengthening and expanding privacy rights and more responsibilities for organizations.
3. Does an extension of privacy rights also have consequences for the registration process?
Here too, the GDPR does not make any specific statements about the design of the registration process. The current method also remains in force here. As long as contacts give explicit permission to receive mailings and they know for what purpose you use their data, then you are fine.
Suppose you have asked customers or prospects for their date of birth, because you would like to send them a nice birthday email. You do not need separate permission for this marketing. Customers often find such an email very nice and do not experience it as a violation of their privacy.
4. The GDPR does mention data minimization. What does that mean for email marketing?
Data minimization is certainly new. It is very simple: you cannot store all kinds of personal data without using it for your e-mail marketing. If you ask for birth data, get it back and store it without doing anything with it, then you should either delete it or even better: use it. Send a nice birthday e-mail to your contacts. After all, it is a proven effective form of e-mail marketing. It would be a shame not to do anything with that data!
Regular email marketing activities remain possible under the GDPR. It is perfectly fine to track the open and click behavior of your contacts, enrich profiles and create segmentations based on this. The recipients of your emails do not experience any disadvantages from these activities. After all, most recipients like to receive relevant emails.
The GDPR is strict when it comes to so-called korean phone number whatsapp automated decision-making that is to the detriment of the recipient. For example, an insurance company may not automatically increase the premium if the purchase and click behavior - via email, website or via third parties - shows that the recipient has an unhealthy lifestyle. You may also not automatically show higher prices in your web shop for visitors who are determined to live in an expensive municipality based on their IP address.
An insurance company may not automatically increase the premium if purchasing and clicking behaviour shows that the recipient has an unhealthy lifestyle.
Also read: Email marketing & data security: more than just the GDPR
6. What about the right to be forgotten and email marketing?
Suppose you don't like such a birthday email and as a recipient you would prefer all your data to be deleted, then the person in question can use the right to be forgotten. You are then obliged to recognize this right and delete all stored data. This is a clear example of the strengthening and expansion of privacy rights.
7. The GDPR is also strict when it comes to concluding processor agreements. How does that work exactly?
If you work with an E-mail Service Provider (ESP), this ESP is the processor of data and your organization is a controller. These parties must conclude a processor agreement with each other.