Thanks for being the first to offer to take up the challenge.
I didn't want to paste the source code without first stripping out anything that could identify my client and I didn't have time to do that when I first posted. I was hoping for a knowledgable person saying something like:
"I hope you're using tables to separate those icons out and not just using display:inline-block on a span, because Outlook 2019 on Windows 10 doesn't support padding or margins on those, despite every other OS/Client combo supporting it."
Because that's what it was.
Disclaimer: I am not a lawyer (but I have spent a lot of time in the company of lawyers trying to figure out GDPR).
First up: Speak to your legal team and give them every piece of information about what happened. Including times, names of staff involved, names of who the email was sent to, who replied, when - everything. They will need this in the event of a worse-case scenario.
Sorry to hear about this - I imagine this sort of scenario breaks most marketers out in a cold sweat. As far as the first question goes, the answer I'm afraid is "it depends". The consequences could be absolutely nothing beyond the handful of people who replied and asked to be removed from your list. If none of the recipients feel that this is a breach of data protection then the only cost is the anxiety of you and your team. If any of the recipients do feel it is a breach of GDPR, then they would have to bring a case against your firm and how that plays out will be up to the lawyers. Again, speak to your legal team.
I know the instinct would be to apologise to the recipients, and under 'normal' circumstances this is ok, but since you shouldn't have emailed them in the first place, I think you could get into further trouble by contacting them again - speak to your legal team for advice, but I think they will say to not follow up.
Make sure you review all of your human and technical procedures, ensure your DP processes are sound, review your Privacy Statement again. Maybe have a quick round of refresher training internally too.
Hi everyone, I have an update from this question I posted 2 years ago!
We have received many (in the hundreds) of complaints/enquiries from contacts and customers who do not trust the sub-domain email. In almost all cases they thought the email was a phish and wrote to the person whom name was associated to inform them that they had been spoofed somehow.
Obviously this isn't how anyone wants to conduct business, so for small-scale email distributions, we're switching to using the primary domain.
Thanks for the info Charles. Do you happen to know what happens if the RTF version is not available - does the AW fall back to the text multipart version?
Alternatively, do you know of a good resource I could go and read up on the email support for AW?
Hi Darren, this has been our assumption too, but we have no hard evidence. All ESPs I have used auto-generate a txt version, but sometimes it's just not readable - I'm trying to figure out if it's worth the time to format the text version prior to sending or just leave the auto-generated mess.
Hi Nicole, good catch on the Apple Watch! I have passed this on to the team and they're doing some endpoint analysis - although with more wearables coming into play, I can see this being a larger group of devices that use plain text.