How to send out emails to your marketing list

With the amended Personal Data Protection Act (PDPA) in Singapore earlier this year, many organisations are reviewing their processes to ensure that they remain compliant with the updated regulation. An organisation's marketing efforts are a vital part of its operations, and email marketing is one of the best methods to connect with customers.

However, if marketers are not careful and unaware of the PDPA, the email campaigns could get the organisation in trouble with the law. Here is what marketers should consider before hitting ‘send’ for your next electronic direct mailers (EDM).

Database source

Marketers need to look at the source of the database that they are sending their EDMS to. They must ensure that recipients have consented to receiving emails from the organisation for a specific purpose and they must only send emails to fulfil that purpose.

According to Singapore’s PDPA, a category of personal data called business contact information (BCI) is not covered by the Act. Typically, BCI refers to information printed on a business card of an individual that is used for business purposes. If the database is newly acquired by the organisation, they have to ensure that all the emails in the list are business emails. Otherwise, they have to seek consent from the individuals to send them marketing messages.

Unsubscribe button

Another important feature that marketers need to include in their EDMS is an “unsubscribe” button or link. The PDPA requires organisations to provide the individual with an option to withdraw their consent to the organisation’s collection, usage or disclosure of their personal data. By including the unsubscribe option, this gives the recipient an option to be removed from the mailing list and stop receiving emails from the organisation. The unsubscribe button or link is typically found at the start or the bottom of the EDM.

What should you do if someone writes in to complain?

When an individual replies to the marketing department's EDM or writes in to complain, the marketing department should remain calm. Here is what can be done to resolve the issue:

• Find out the source of the email and how did the organisation gain access to the email
  • Check if there was consent given by the complainant. If the answer is yes, was the EDM sent for the purposes that the complainant has consented to?
  • Check if the email is a business email as BCI is not covered by the PDPA
    
    
• Inform your Data Protection Officer (DPO) of the complaint and provide him/her with the details. The DPO will make a record of the incident detailing what happened and what actions were taken to resolve the issue with the complainant.

With the amended PDPA, it is increasingly important for marketers to be data protection-savvy to ensure that the organisation does not get into trouble with the regulation. Data protection training needs to be provided to all employees in organisations so they understand the importance of protecting personal data and how their roles and responsibilities relate to keeping the organisation compliant with the law.

As an introductory course, the PDPA - An Operational Perspective is perfect for professionals who want to gain new competencies for the digital future.  In the new era of compliance in the protection of personal data, the course provides a practical foundation and the necessary competencies. Furthermore, it discusses the 10 Obligations and Do-Not-Call (DNC) registry of Singapore's Personal Data Protection Act.

Article by: Steffi Tay (GRCP)

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.