Friday, 20 April 2018

#FridayFacts - Getting your email newsletter GDPR ready!

This Friday, Pict Publishing author Sarah Marie Graye talks us through the process of getting your email sign-up form GDPR ready and how to update the sign-up permissions of your current list.

by Sarah Marie Graye

I'm going to start this article with a DISCLAIMER.

I'm not a lawyer or expert in EU data laws. My background is CRM marketing and this article covers my understanding of the requirements needed to cover the basics regarding GDPR.

This article does not claim to be legally or factually accurate. Nor does it claim to ensure that you will be GDPR compliant if you follow the information included here.

PLEASE NOTE: If you wish to dispute any of the information covered in this article please email the Pict team at

This is a 'HOW TO' article

For who/what/why questions about GDPR
See: What GDPR means to indie authors and book bloggers

The double opt-in process

In these instructions, I opt for the "double opt-in process" over the "tick-box" option. This is because Germany's email marketing permissions already require a double opt-in process.

GDPR is meant to bring "parity" across all EU member states. So it makes sense to set up your email process to meet the strictest interpretation of the laws in these countries.

(Even if you don't do any business in Germany, if people in Germany could theoretically sign up to your emails - e.g. via your website - then you should meet their requirements.)

GDPR steps

There are four parts to setting your email newsletter list to be GDPR ready:
  1. Setting up a new list 
  2. Setting up a new sign-up form connected to the new list 
  3. Emailing your old list asking them to confirm they still want to receive your emails 
  4. Moving those who confirm from the old list to the new list

1. Setting up a new list 

  • Go to lists 
  • Click to create a new list - call it Newsletter (double opt-in) and fill in your details (name, email, etc) 
  • Under "form settings" tick "enable double opt-in"
  • Save the list

MailChimp has set up an option to "enable GDPR fields". This adds a tick box section to the form which allows people to choose whether they want to sign up to: email marketing, direct mail or customised online advertising. 

If you use MailChimp for email marketing only, you don't need to "enable GDPR fields". Firstly, because your form doesn't need to let people choose and, secondly, because the double opt-in process is being used in place of a tick box.

2. Setting up a new sign-up form

  • Go back into your Newsletter (double opt-in) list
  • Under "signup forms" select "form builder" and create a new opt-in form.

You need to include certain information in the form which makes it clear: what they are signing up for, how they can stop receiving it, how their data will be stored.

  • Where it says "Newsletter (double opt-in)" change this to "[YOUR NAME] email newsletter" - "Newsletter (double opt-in)" is your internal name
  • On the sign-up form there's one editible text section, just below the name. You need to include all of the following information to meet GDPR requirements:

Please fill in the form below to receive [your name] email newsletter, which will keep you up to date with all [his/her] news. 

You can stop receiving [your name] newsletter at any time by clicking the unsubscribe link in the footer of any email you receive from [him/her], or by contacting [your name] at [your email address]. 

[Your name] uses MailChimp for their email newsletter. Any information you provide on this form will be stored safely in [his/her] MailChimp account. 

  • The email address you provide must be the same one you send your MailChimp emails from.
  • Save the form

The double opt-in information

  • While still under "form builder" Choose "opt-in confirmation email" from the drop-down menu 
  • It will show "[your name] email newsletter" as the name - which you can't change (this is a copy of what you've put on your sign-up form) 
  • Change "Please confirm subscription" to "Please click the button below to confirm you want to join [your name] newsletter list." 
  • Leave text below as-is 
  • Save the email

This email will now be sent out when someone fills in your sign-up form. They need to open the email and click on the button "Yes, subscribe me to this list" to be added to your new email list.

Your new sign-up form is now ready to use

You must use your new sign-up form in place of your old one anywhere you have included it - for example, your website, linktree account, Facebook page, Twitter profile.

3. Emailing your old list 

These people have already signed up, but they've not been through the double opt-in process. And as GDPR rules are being applied retrospectively, we need to get them to go through this process. This is called "repermissioning".

If you wanted, you could send your new sign-up form to your current list, asking them to sign up again via the form and go through the process. However, asking people to fill in the form again could significantly reduce the number of people who go through the repermissioning process.

We just need them to go through the "Yes, subscribe me to this list" part of the process. So we're going to replicate this in an email.

Setting up a landing page

In order for a button to be clickable, it needs a link behind it. So we're going to set up a "thank you" landing page to link the button to.

  • Go to campaigns 
  • Click to create a campaign 
  • Click "create a landing page" 
  • Select "product page" as a type of page
  • Call the page "repermissioning thank you" and select the "old" list, click "begin" 

Creating the landing page

  • Add your banner to the top of the page
  • Change the title to "Thank you" 
  • Add the following text in a text box:

Thank you for confirming you'd still like to receive [your name] newsletter. You don't have to do anything else, except to look out for the next edition in your inbox. 

  • Delete all the extra content blocks
  • Click "save and continue
  • Call the page "thank-you"
  • Publish the page

You will now be given a URL (website link) for your landing page. Copy and paste this somewhere as you'll need to have it handy in order to include it in your repermissioning email.

Setting up repermissioning email

  • Go to campaigns 
  • Click to create a campaign 
  • Click "create an email" 
  • Call it "Repermissioning old list" 
  • Select your old list and standard send info 

Subject: I need to check you still want to receive my newsletter
Preview: The changes to data laws in May mean I need to ask you if you still want to receive emails from me

  • Click to design your email - and choose one of your templates with your header already set up
  • You just need your header section, text section and button - so you can delete the other sections you might have in the template you chose.
  • In the text section add:

You are currently signed up to receive my email newsletter - I hope you enjoy receiving it. 

Changes to EU data laws mean I need to ask you if you still want to receive my email newsletter. If you'd like to still receive it, please click the button below to confirm, thank you. 

You can stop receiving my newsletter at any time by clicking the unsubscribe link in the footer of any email you receive from me, or by contacting me at [your email address]. 

I use MailChimp for my email newsletter, so I can confirm the data you have provided (such as your email address) is stored safely in my MailChimp account. 

  • This is replicating the text required by GDPR to be in the sign-up form.
  • Click on the Button to update it.

Button text: Yes, I still want to receive your email newsletter
Button link: This is where you add the URL of your landing page!

  • Click "save and continue" 
  • You can now send the email

4. Moving those repermissioned to the new list

You need to give people time to click through to the landing page, so wait at least 72 hours before doing this bit.

  • Go to Reports 
  • Scroll down to "Repermissioning old list" 
  • Click on "View report" next to this email 
  • Scroll down to where it shows Opened/Clicked/Bounced/Unsubscribed 
  • Click on "Clicked" 

You will see a list of the links in the email - including the thank you page URL. (If the template you used contained other links - such as social media icons in the footer - these links will also show here.)

  • Click where it says "unique clicks" next to your thank you page URL 
  • It will show you the list of people who clicked on the "Yes" button in the email

These people can be added to the new list!

  • Click "export as a CSV" and select "save file" 
  • You now have a list of people you can manually add to the new list 
  • Go to Lists 
  • Click on your "Newsletter (double opt-in)" list
  • Click "add contacts" and select "import contacts" 
  • You're adding a CSV file, so the right option is selected
  • Click "next" 
  • Select your CSV file from your computer
  • Click next 
  • Check that MailChimp has matched up your columns correctly (email, first name, etc) - and click "save" or "skip" to state which info you want to import 
  • (The file will include click data that you can "skip") 
  • Click "next" 
  • You are adding these people as "subscribed" so the right option is selected
  • Click "import"

These people will be added to your new list.

Check your repermissions (those who clicked on the "Yes" button) one final time on 25 May to make sure you've moved everyone across who completed the manual double opt-in process.

Your old list

Unfortunately, anyone in your old list who doesn't complete the repermissioning process above is no longer a subscriber. From 25 May 2018 you are no longer entitled to email them.

GDPR states that you should not hold personal data if you no longer have a legitimate reason to do so. Although there are exemptions for researchers, journalists, etc., for us "normal" folk, that means deleting the personal data of anyone in your old list who has not been repermissioned.

Those who did repermission can remain in the old list. Although you cannot send to this list, you are still entitled to keep their data for reporting purposes - e.g. open/click data.