The French have an increased awareness regarding their personal data. They want more control and more protection. 85% of French people say they are concerned about the protection of their personal data in general (source: CSA research 2017) and up to 90% of people questioned during this same study say they are concerned about their data which is put online. This is what legislative bodies are working towards: they want to establish more trust and more transparency in exchanges between businesses and consumers.
The CNIL, a central player in protecting and raising consumer awareness of data
In France, the CNIL is particularly present in the data landscape in order to help citizens understand their rights (how to access their personal data, rectify or delete them), to control their data (how to protect their privacy) and to act in order to assert their rights in the event of a problem. The discourse on data is made accessible to all. Actions and events are even set up to raise awareness among the youngest (example of the educnum.com platform, digital education for all).
On the other hand, a new General Regulation for Data Protection (GDPR) will also be put in place from May 25, 2018. Companies then risk heavy penalties if they do not follow the new directives to the letter in this regard. concerning the date. This regulation aims to better protect consumers within the e-commerce environment.
For example, senders of marketing e-mails must pay attention to the various conditions necessary to obtain the recipient's authorization to be prospected.
What are the big changes for the General Data Protection Regulation?
You must have already heard of the General Data Protection Regulation (GDPR) since it already entered into force on May 25, 2016. However, until now, this regulation was of a transitional nature. From May 25, 2018, this European regulation will be mandatory in all member states of the Union.
The General Data Protection Regulation was created primarily to increase the rights of recipients of marketing messages. This regulation therefore includes the right of full access to data, the obligation to inform, the right to rectify data, to erase it, to limit the use of data as well as the right to data portability. and the right of appeal. Any company that does not respect these rights conferred on citizens is subject to heavy penalties.
It is obvious that the new regulation concerns all marketing practices but also particularly commercial emails. The double opt-in represents a promising solution in order to have proof of voluntary and informed consent on the part of Internet users. This type of practice is particularly encouraged in order to move towards more consumer-friendly communications.
This European regulation thus has the real objective of concretizing the legal provisions which are still vague at the present time for companies. It also makes it possible to communicate on the sanctions put in place if violations are observed. It is obvious that such a level of sanction will be particularly prohibitive. It therefore seems essential to know all of these new legal provisions in order to comply and adapt its various marketing actions.
Commercial and marketing emails: the bane of the new European regulation
The new regulations which come into force are particularly aimed at communications made using emailing.
For example, until now, in B2C, there was an obligation of consent, whereas in B2B, marketing emails were authorized on the sole condition that the recipient is informed of the use of his personal data in order to carry out marketing actions. In B2B, the recipient simply had to be able to object to the use of their personal data.
Now, according to the GDPR, “the consent of the recipient must be voluntary, active, explicit and take place separately for each concrete case not only for B2C, but also for B2B”.
Details also indicate that the fact of having pre-checked a box in a form no longer corresponds to consent. This consent refers to an authorization but also to detailed information regarding the use of data. In this sense, the sender of group emails must prove that he has obtained the recipient's consent (responsibility obligation). It is then a question of double-opt-in. This method ensures that consumers actually want to receive your communications.
With regard to B2B, if your customer must, before sending his order, give his consent to receive commercial and/or marketing emails, this authorization is in no way valid.
Finally, please note that in the event of a violation of the GDPR, the penalties are strong: up to 20 million euros or 4% of annual turnover as well as warning costs and compensation claims. .
