In our article European Data Protection Laws – what we think you need to know and do – we’ve tried to create a clear picture of what we as small business owners having a website need to know and do to comply with the new legislation.

In this post we’d like to show you how we think it affects freebies and newsletter list building.

Please note  that we are not legal experts and this is not legal advice – going ahead with this approach is at your own risk, just like you we are learning, adapting and finding new ways :)

A practical example: collecting email addresses

Let’s take the example of collecting names and email addresses as part of your list building activities. Say you provide a freebie as an incentive for people to join your mailing list.

Legitimate interest as a legal basis

Legitimate interest seems a very appropriate legal basis for processing this kind of data. When we go through the ICO’s interactive tool, this is what comes up as a suggested lawful basis in this case. If someone signs up to your newsletter it’s reasonable for them to expect that you send them more info. The data you collect and store is minimal. And if you use a reputable email service provider, there will always be the option for people to opt out at any time.

However, as mentioned before, you always need people’s consent for sending them email marketing, so you can’t proceed on the basis of pure legitimate interests in the case of newsletter list building without asking for consent.  But for the purpose of documenting your thinking about the data processing that you’ll be doing we find legitimate interest, and the LIA (Legitimate Interest Assessment) a very useful tool for clarifying your purpose, evaluating it and communicating about it. (See our article Steps to take for your website for more info on this).

Is unbundled and granular consent an issue?

One of the new requirements of the GDPR is that the consent is “unbundled” and “granular”.  This is widely interpreted to mean that you can’t make one thing available to someone on the condition that they agree to something else too. And in many discussions people cite this requirement as an argument against adding someone to your email-list when they receive your freebie as part of a newsletter sign-up. But we’re not sure this is really an issue.

In a possible scenario, when you give a freebie away in return for adding details to your mailing list, you would have a tick-box underneath your sign up where people can explicitly consent to being added to your newsletter list. In other words, being added to the newsletter list would not be a condition for receiving the freebie. If they don’t tick the box (so they don’t give you permission explicity) you’re not adding them to your list.

However, in practice it really doesn’t make much sense for most business owners to do this. Firstly, because the technology is not really there to easily add these kinds of tick boxes for most newsletter providers, unless you are a web developer. Hopefully more companies like newsletter service providers will make this possible and easy for everyone. And secondly, it’s a very common and accepted practice to provide free valuable information to potential clients in return for the opportunity to appear in their inbox with some promotional messages or other relevant content.

No detriment when using a freebie as an opt-in incentive

We feel that without the option to be able to offer an incentive for joining their mailing-list, small business owners lose some very powerful and crucial marketing tools. They’d have to rely ever more on paid services like Facebook marketing and other paid advertising. In our opinion, as long as you use an email service provider that includes the option to opt out in each email message you send, people can withdraw their consent at any time, even right after they have received their freebie, so there is no detriment. But clarity about what people actually do when clicking the button is very important!

Clarity is important: be upfront about what you’re offering

So we think it’s possible to continue to offer freebies in exchange for newsletter list building, but it’s important to be absolutely clear in your communication about what your website visitors sign up to.

If you say: “Download my free e-book”, with a big “download now button”, we don’t feel it’s justified or legal to add the people that go for that to your newsletter list.

But if you say: “Subscribe to my newsletter  and receive my e-book as a welcome gift”, with a button, “subscribe to list” it’s very clear that the main action is signing up to your newsletter list. There is no deception, or anything unexpected –  this is crystal clear and everyone can make a clear, informed decision on whether they’d like to join your newsletter list or not. Even if someone still wants to receive your freebie and opt out of receiving newsletters, there is the option to do so. Because after they’ve received their freebie they can opt out of your newsletter list without detriment to them.

Link to your terms and conditions for extra transparency

We feel it would also be a very good idea for you to link to your terms and conditions where you go into more detail about what data you collect, and what you intend to use it for, right next to the opt-in box.

Here’s an example of such an optin box in action (click the image so that it opens in a larger size in a new tab):

email optin with privacy policy link

Please note that in this example above I mention “I don’t share your info with 3rd parties, you can opt out anytime”, but this may not be the right text for you. You may plan to share data with third parties yourself, this may be part of your biz model, and you would then explain that in your privacy policy. So please make sure you think well about what you want/need to say there.

Do you have to review your current newsletter list?

You may also have to review your current newsletter subscribers list, if you have been adding people to your newsletter list if they joined a webinar or downloaded a freebie, without them indicating explicitly that they wanted to join your mailing list. As far as we understand to continue to use your list after 25 May, you should make sure the consent of your subscribers is GDPR compliant (so unbundled with something else and a clear positive indication that, yes, they wanted to join your list)… not nice, but as everyone says, an opportunity to refresh your list and start with a small but super engaged tribe!

You could also argue that you are continuing using your list based on legitimate interest. If you have been adding people that signed up for a webinar or e-book, and there was no clue whatsoever at the time that you would also add them to your newsletter list, I would personally consider removing those people from the list, or at least re-confirm consent if possible.

In the case where you have been adding people and there was bundled consent (“subscribe to my newsletter to receive my freebie” for example, so at least it was clear that people were going to be subscribed to your list ) you could argue that at the time that was legal to do, people knew what was going to happen, and if you’ve used a good mail service provider, at any time they have had the option to opt out again. You could consider carrying out a LIA (Legitimate Interests assessment –  see here under step 1) and on the basis of that continue to use your list. You may have invested years in building your list, and while you were doing that it was legal, and you did ask for consent.  Your list may be the spine of your business and taking that away could result in very serious damage to your business. Based on that and considering that your subscribers were always able to opt out at anytime, I think you could make a strong case to continue to use your list. However, you really can only assess that yourself; did you actually ask for consent (even if it was bundled) before you added people? If you asked no consent at all, this may not be a good way to go ahead.

To repeat again – this is not legal advice, but our personal take on this – everyone will have to make their own assessment about the best way forward and any potential risks they would be willing to take.


More info & Free GDPR Checklist

We hope the info here has given you a good overview of the new EU privacy laws and how they relate to your optins. There is more to GDPR than just your website & optins:

Checklist for all GDPR related things you need to do for your biz

We find  Suzanne Dibble’s free GDPR checklist very useful – it gives you a quick overview of what you need to do to make sure your business is GDPR compliant. Suzanne is a Data Protection Lawyer.  By requesting the free list you’ll also be invited to her free facebook group where you’ll find lots of further guidance and free videos, and you can learn more about her GDPR Compliance pack, with 20 legal templates to help you get set up with your Privacy Policy, Cookie Policy and much more. We have bought this pack, many of our clients have also – we find it very useful,  affordable, and highly recommend it to make all of this much easier!

You can download the free GDPR checklist here.

Please note that we earn a small commission if you decide to buy the legal pack from Suzanne through our referral here :)

For further reading, also see these guides published by the ICO:

Guidance on Using Marketing Lists
Direct Marketing Guidance

We hope this is useful info to help you continue to grow and blossom your biz, even post GDPR :)

With love,

Helena & Dave

Pin It on Pinterest