Step 9. Editor agreements
Posted: Sun Dec 22, 2024 7:02 am
Please note! If you are unable to demonstrate this for your current customer base, first ensure that you have an email with an opt-in for the actual email list, from which you will then send emails. You will only be allowed to continue sending emails to people who actively register. Incidentally, you may still send emails to customers with whom you have a payment relationship without an active opt-in about similar products or services (yes!). Personally, I would always play it safe, continue to communicate very transparently and always offer a very clear opt-out (option to unsubscribe).
Tip! Set up an automatic mailing to welcome new subscribers. Include an attractive (!) welcome text with the information that the recipient can expect mail from now on and that clear opt-out. Don't forget to include the links to all your social media accounts. Maybe the recipient doesn't want a newsletter from you, but does want to follow you on social media.
web shop gdpr
Foot via rawpixel.com – Unsplash
Step 8. Determine how long you store your personal data
In fact, you may not store personal data longer than necessary for the purpose of your processing. Under the guise of statistical purposes, you can make this term quite long. Statistical purposes are when you use the data for, for example, the construction of your statistics or research. Describe this well in your privacy statement. Incidentally, this is (still) a grey area. So follow the news on this subject well.
ACTION > Clearly state your retention policy in the privacy statement.
You need a data processing agreement (also called DPA) with all parties that have access to the personal data that you collect. This is the most annoying point of the entire GDPR, although it is not new. The expectation is that there will be much stricter controls and a number of mandatory matters have also been added.
This is an agreement that you conclude with parties such as Google Analytics, MailChimp, hosting company, programmer, etc. The agreement offers guarantees that the protection of the rights of individuals is guaranteed. If problems arise, the processor can be responsible and liable for this.
ACTION > Make a list of the parties you work with regarding the processing of personal data. Check how this is currently arranged. There is a good chance that the party in question already has such an agreement ready. If there is no agreement, make sure that this is arranged. There are various model agreements in circulation, such as this australia whatsapp number one from Juridox . You can read much more about processing agreements at Justitia .
Additional to-do's for your newsletter
Make sure all opt-ins you have within your website, shop, social media and landing pages meet the requirements described above. Don't forget your lead magnets!
If someone is not yet 16 years old, someone with parental authority must give (joint) consent
Needless to say, but still: you are of course not allowed to email someone if they unsubscribe from your newsletters.
A 'noreply@' email address is no longer allowed under the new legislation. If you currently use that as a sender for your (newsletter) email traffic, you must change it to an address that the recipient can email to
Only someone's name and email address fall under 'regular information' that you may request. For example, if you ask for a date of birth, you must state why (a surprise on your birthday). Such data should not be mandatory to be able to register.
Check whether the software supplier of your newsletter is GDPR-proof (see also below)
Double check
You can expect your newsletter software provider to be GDPR-proof now or very soon. To be sure, you should check with the source, or ask your question directly.
Tip! Set up an automatic mailing to welcome new subscribers. Include an attractive (!) welcome text with the information that the recipient can expect mail from now on and that clear opt-out. Don't forget to include the links to all your social media accounts. Maybe the recipient doesn't want a newsletter from you, but does want to follow you on social media.
web shop gdpr
Foot via rawpixel.com – Unsplash
Step 8. Determine how long you store your personal data
In fact, you may not store personal data longer than necessary for the purpose of your processing. Under the guise of statistical purposes, you can make this term quite long. Statistical purposes are when you use the data for, for example, the construction of your statistics or research. Describe this well in your privacy statement. Incidentally, this is (still) a grey area. So follow the news on this subject well.
ACTION > Clearly state your retention policy in the privacy statement.
You need a data processing agreement (also called DPA) with all parties that have access to the personal data that you collect. This is the most annoying point of the entire GDPR, although it is not new. The expectation is that there will be much stricter controls and a number of mandatory matters have also been added.
This is an agreement that you conclude with parties such as Google Analytics, MailChimp, hosting company, programmer, etc. The agreement offers guarantees that the protection of the rights of individuals is guaranteed. If problems arise, the processor can be responsible and liable for this.
ACTION > Make a list of the parties you work with regarding the processing of personal data. Check how this is currently arranged. There is a good chance that the party in question already has such an agreement ready. If there is no agreement, make sure that this is arranged. There are various model agreements in circulation, such as this australia whatsapp number one from Juridox . You can read much more about processing agreements at Justitia .
Additional to-do's for your newsletter
Make sure all opt-ins you have within your website, shop, social media and landing pages meet the requirements described above. Don't forget your lead magnets!
If someone is not yet 16 years old, someone with parental authority must give (joint) consent
Needless to say, but still: you are of course not allowed to email someone if they unsubscribe from your newsletters.
A 'noreply@' email address is no longer allowed under the new legislation. If you currently use that as a sender for your (newsletter) email traffic, you must change it to an address that the recipient can email to
Only someone's name and email address fall under 'regular information' that you may request. For example, if you ask for a date of birth, you must state why (a surprise on your birthday). Such data should not be mandatory to be able to register.
Check whether the software supplier of your newsletter is GDPR-proof (see also below)
Double check
You can expect your newsletter software provider to be GDPR-proof now or very soon. To be sure, you should check with the source, or ask your question directly.