Bulk Email Guidance
Collecting and cultivating email lists is an integral part of running an effective Local Party. When sending bulk emails, it is important to be aware that data breaches can easily happen if your mailing lists are not handled and managed correctly.
Follow these steps to keep your mailing lists compliant and reduce the likelihood of data breaches:
1. Consent
Make sure that you only add email addresses to your list if you have explicit consent from the individual that they want to be added to your mailing list first. In most cases this will mean the individual will tick a box confirming that they want to be added to your mailing list or ask you directly to be added. Consent can also be verbal, but you must ensure you record the date and the circumstance in which the individual gave their permission on Connect. As with any personal data you must provide the individual with a Fair Processing Notice (FPN).
2. Include a mechanism for opting out
At the bottom of each email there must be an option for the individual to opt out themselves out communications. It is also best practice to include a ‘why am I receiving this email?’ line for absolute clarification. For the majority of approved bulk email providers, the opt out function is included by default.
3. Honour opt outs
Once an individual has opted out of communications, it is important to ensure that they are removed from the email list. If the individual uses the automated opt out within the email they received, the email address will automatically be removed. However, it could be the case that someone contacts you directly asking to be removed from your mailing list. If this is the case, you must ensure that the email address is removed immediately.
4. Use an approved bulk email provider
You must use an approved bulk email provider to send bulk emails. The approved bulk email providers are: Targeted Email and Mailjet.
It is not permissible to use the BCC/Blind copy function in regular emails to send a bulk email of more than 15 people to your mailing list. The reason for this is that we receive a large number of data breach notifications from people who forget to use BCC and cause a data breach by sending an email to a large number of people with their email addresses exposed.
The ICO also issued a reminder to all political parties recently about the risks of using BCC: ICO warning
5. Store your email addresses within the system.
If you are using an approved bulk email provider to manage your mailing list there should be no need to store email addresses outside of that system. Keep your lists within Connect/Mailjet and ensure that only the people who need access to your account have access.
If you have any queries about this, please email: Data.Protection@libdems.org.uk.