Enforce Marketing Permission switch is by default enabled on all Nosto accounts on 25th of May when GDPR goes in effect.
The switch controls whether the marketing permission tag is respected or not. By default the switch is enabled and as an outcome Nosto dispatches Triggered Emails only to recipients who have consented for direct marketing and who have been mapped to Nosto as marketing email subscribers. Consent is technically based on the marketing permission tag, mapped to Nosto from your e-commerce platform.
If the switch and setting is disabled, Nosto sends Triggered Emails to every email address mapped to Nosto, basically meaning that Nosto treats all emails that you map to us as valid subscribers for Triggered Emails. Depending how you or your system integrator has implemented Nosto, this could mean all users/emails regardless if they have consented for direct marketing, might receive Triggered Emails.
Marketing permission tagging and status of each user effectively adds a condition to the email delivery process. Let's cover the behaviour with examples:
[A] Customer/email who doesn't have any status for marketing permission i.e. the tag is empty or doesn't exist.
[B] Customer/email whose status for marketing permission is false
[C] Customer/email whose status for marketing permission is true
Case: Enforce marketing permission setting is enabled:
Only customer C receives Triggered Emails.
Case: Enforce marketing permission setting is disabled:
All customers, A, B and C receive Triggered Emails.
Read related the support article to learn how to map the marketing permission tag to Nosto.
Why did we build the tooling?
Marketing regulations differ from region to region and due to GDPR, the European Union has one of the strictest regulations affecting for example email marketing from May 25th 2018 onwards.
Countries outside the EU can have more lenient approach and regulation governing behaviorial Triggered Emails, which are by their nature different to traditional recurring email newsletters and marketing, as Triggered Emails are evoked by user's behaviour on the site. Nosto has clients across the globe, hence the override capability by disabling the controls, is mainly built for for non-EU businesses and companies, when compliancy with GDPR is not necessarily needed.
Note that according to regulation in the EU (GDPR), company’s location (Controller, Processor) is irrelevant if data subject (ie. individuals whose data is collected) is within EU. In practice this means that if you do process EU resident's data, GDPR also affects you regardless of your businesses location.
Please consult your legal council in case you need help interpreting and implementing the GDPR or any data privacy regulation in your area as Nosto is not in a position to provide you with any legal help.