Question time with Matthias de Bruyne, DDMA Legal Counsel
Next week it’s finally here: the DDMA Email Summit will take place at the impressive Kromhouthal in Amsterdam. Many experts in the field will be speaking at the event. To get warmed up, Tripolis interviewed Matthias de Bruyne. As legal counsel at DDMA, his job is to help companies meet the requirements of the new European privacy law. In the past year he worked his fingers to the bone to get everyone good and ready for the GDPR.
As long-time member and sponsor of the DDMA, Tripolis will be attending yet another Email Summit this year. In light of the GDPR, a Q&A session will take place where email marketing automation consultant Mick Lodder will interview Matthias de Bruyne on the most frequently asked questions about the GDPR and email marketing.
Burden of proof
Atop the FAQ list is the burden of proof. “People get stressed out because the GDPR states that you have to be able to provide evidence of permission. Essentially, this is nothing new. Dutch supervisory body Authority for Consumers & Markets (ACM) has always stressed the importance of permission in the case of complaints. With the introduction of the GDPR, many organizations panicked because for some opt-ins, the origins could not be traced. This led to countless businesses sending emails saying: “do you want to continue receiving our emails?” Anyone who didn’t reply was removed from the database, even though in most cases, this was unnecessary. This had far-reaching consequences: the conversion of these emails was very low, causing a major part of the mailing list to disappear into the bin.”
Don’t rush it
De Bruyne advises not to be too hard on yourself when it comes to burden of proof. “According to Working Party 29, the umbrella body of European Privacy supervisors, you are allowed to give proof of permission in a way that fits with your operational management. Look at old opt-ins from before the GDPR to see what you can provide evidence for: which information was gathered about whom, when, who gave permission for what, and on which information was this based? This will give you an idea of which information you can still provide proof of permission. For new opt-ins, make sure you make use of the new possibilities of logging, to keep track of exactly this information. This way, you have accurate proof in the case of complaints.”
Many questions remain about the topic of profiling. Although it is true many businesses have to watch their step when using profiling, permission is not always necessary. This is only the case when you profile with legal or similar consequences, for example, when you specifically target ads for loans at people with debts. Such profiling decisions can only be made once you have permission, which in 99% of all email marketing is not the case.
The DDMA Email Summit is the yearly event for email specialists, with a line-up chockfull of national and international top speakers and cases. De Bruyne himself is most looking forward to Jordan Grossman, product manager at Gmail. “Grossman will reveal a development that is very important to email marketers and the way their emails will be displayed in Gmail. But that’s all I can tell you for now…”