GDPR Means Revisiting Email Marketing

Uploaded on 2018-08-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Data security always has meant different things to different people. Most have agreed on the importance of using firewalls, but for decades, businesses have been able to choose the level of data encryption they employ. If they didn’t think a VPN was necessary, they simply didn’t use one. If they didn’t think they needed end-to-end data encryption, they would skip it and take their chances. That is, until recently.

Thanks to the newly enforceable General Data Protection Regulation (GDPR), data security is starting to have a legal definition, making it a legal requirement to have certain types of data security.

The GDPR regulations exist to protect the data of EU citizens and applies to enterprises globally because EU citizen data is stored by businesses all over the world.

Since a majority of personal data is collected and stored when people sign up for newsletters, businesses can no longer approach email marketing strategies casually and need to take extra precautions.

Don’t skip the double opt-in

A double opt-in process gives you tangible proof that each user joined your list of their own free will. Under GDPR, you are required to be able to prove every user chose to sign up.

Wanting to skip the double opt-in process for your new leads is understandable. Will the confirmation email go to spam? What if they forget to check for it, or the email is delayed? How many signups will you lose because people don’t want to go through the extra step?

These questions are valid concerns. However, they’re based on flawed logic. The incorrect perception is that getting as many leads as possible is a productive approach to email marketing. The truth is, if your leads don’t take the time to confirm their choice to join your email list, they’re not likely to be good customers.

Good customers are the heart of every successful business. For most businesses, 80% of sales come from about 20% of their customers. You really don’t want to keep every customer, and experts even recommend “firing” 10% of your customers each year.

Leads that don’t take the time to confirm opt-in probably don’t care much about the information in the first place. Or, they were just looking for a freebie. Your best leads will be people who are passionate about what you’re sharing and can’t wait to receive your confirmation email.

Encrypt internal email messages, too

No matter how private you think your emails are, every email you send and receive is stored on a remote hard drive you have no control over. If your email provider doesn’t encrypt your emails from end-to-end, (most don’t), all company emails are at risk.

Encrypting employee email communications plays a huge role in maintaining GDPR compliance. The average employee won’t think twice about emailing co-workers about sensitive issues that may include data from the business database. For example, someone might send a customer’s credit card information to the sales department for processing a return.

To protect your internal emails and maintain GDPR compliance, buying general encryption services isn’t enough. You need to know exactly how and when the data is and isn’t being encrypted. Not all encryption services are complete.

For instance, if you’re using Microsoft 365, you’ve probably heard of a data protection product called Azure RMS. This product uses TLS security to encrypt email messages the moment they leave a user’s device. Unfortunately, when the messages reach Microsoft’s servers, they are stored unprotected.

“This means that Microsoft and other intermediary third-party providers can access the securely-sent data,” say security experts at Virtru, “making certain data residency, privacy, and compliance requirements more difficult to meet.”

How you secure your Data is no longer your choice

GDPR regulations require businesses to take specific measures to protect data, including:

  • The pseudonymisation and encryption of data;
  • The ability to restore users’ access to their own personal data after a breach;
  • The frequent testing of a business' security measures;
  • The right to have personal data deleted (although it’s already a law (Google Spain vs. Costeja).

Fines for ignoring these requirements can be hefty at up to 10 million euros or 2% of the business’ annual turnover, whichever is higher. Additionally, that fine may rise to 4% if certain obligations are ignored.

Employing data security according to your own preferences is simply no longer worth the risk.

Information-Management:

You Might Also Read: 

GDPR Survey Shows 80% Non-Compliance:

Get Ready For ePrivacy Regulation:

 

« Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats
AI Driven Security Is Much More Than An Algorithm »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.