GDPR Means Revisiting Email Marketing

Data security always has meant different things to different people. Most have agreed on the importance of using firewalls, but for decades, businesses have been able to choose the level of data encryption they employ. If they didn’t think a VPN was necessary, they simply didn’t use one. If they didn’t think they needed end-to-end data encryption, they would skip it and take their chances. That is, until recently.

Thanks to the newly enforceable General Data Protection Regulation (GDPR), data security is starting to have a legal definition, making it a legal requirement to have certain types of data security.

The GDPR regulations exist to protect the data of EU citizens and applies to enterprises globally because EU citizen data is stored by businesses all over the world.

Since a majority of personal data is collected and stored when people sign up for newsletters, businesses can no longer approach email marketing strategies casually and need to take extra precautions.

Don’t skip the double opt-in

A double opt-in process gives you tangible proof that each user joined your list of their own free will. Under GDPR, you are required to be able to prove every user chose to sign up.

Wanting to skip the double opt-in process for your new leads is understandable. Will the confirmation email go to spam? What if they forget to check for it, or the email is delayed? How many signups will you lose because people don’t want to go through the extra step?

These questions are valid concerns. However, they’re based on flawed logic. The incorrect perception is that getting as many leads as possible is a productive approach to email marketing. The truth is, if your leads don’t take the time to confirm their choice to join your email list, they’re not likely to be good customers.

Good customers are the heart of every successful business. For most businesses, 80% of sales come from about 20% of their customers. You really don’t want to keep every customer, and experts even recommend “firing” 10% of your customers each year.

Leads that don’t take the time to confirm opt-in probably don’t care much about the information in the first place. Or, they were just looking for a freebie. Your best leads will be people who are passionate about what you’re sharing and can’t wait to receive your confirmation email.

Encrypt internal email messages, too

No matter how private you think your emails are, every email you send and receive is stored on a remote hard drive you have no control over. If your email provider doesn’t encrypt your emails from end-to-end, (most don’t), all company emails are at risk.

Encrypting employee email communications plays a huge role in maintaining GDPR compliance. The average employee won’t think twice about emailing co-workers about sensitive issues that may include data from the business database. For example, someone might send a customer’s credit card information to the sales department for processing a return.

To protect your internal emails and maintain GDPR compliance, buying general encryption services isn’t enough. You need to know exactly how and when the data is and isn’t being encrypted. Not all encryption services are complete.

For instance, if you’re using Microsoft 365, you’ve probably heard of a data protection product called Azure RMS. This product uses TLS security to encrypt email messages the moment they leave a user’s device. Unfortunately, when the messages reach Microsoft’s servers, they are stored unprotected.

“This means that Microsoft and other intermediary third-party providers can access the securely-sent data,” say security experts at Virtru, “making certain data residency, privacy, and compliance requirements more difficult to meet.”

How you secure your Data is no longer your choice

GDPR regulations require businesses to take specific measures to protect data, including:

  • The pseudonymisation and encryption of data;
  • The ability to restore users’ access to their own personal data after a breach;
  • The frequent testing of a business' security measures;
  • The right to have personal data deleted (although it’s already a law (Google Spain vs. Costeja).

Fines for ignoring these requirements can be hefty at up to 10 million euros or 2% of the business’ annual turnover, whichever is higher. Additionally, that fine may rise to 4% if certain obligations are ignored.

Employing data security according to your own preferences is simply no longer worth the risk.

Information-Management:

You Might Also Read: 

GDPR Survey Shows 80% Non-Compliance:

Get Ready For ePrivacy Regulation:

 

« Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats
AI Driven Security Is Much More Than An Algorithm »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.