Despite all the talk of Brexit, it looks as if the UK will still be affected by the General Data Protection Regulations (GDPR) around May 2018, along with the rest of Europe. This legislation has the potential to dramatically shift the way marketers and sales companies collect, handle and process information. So, how will GDPR affect marketing?
GDPR covers areas such as security and privacy, but one of the major changes that affects email marketing is that the current level of consumer opt-in consent will not be enough under the new regulations. Now marketers cannot contact EU email users who do not opt-in to be contacted, meaning that an audience cannot receive emails from companies without the correct authorisations. This includes both B2B and B2C marketers, so whichever segment your business targets, you need to be in clear possession of documentation which proves that the audience is happy for you to use their data and be marketed to.
Marketers now need to be aware of who is in their databases. Even if you think you’re sure that you’re not sending emails to anyone within the EU, it is worth double checking email lists to avoid incurring penalties. There are three main ways marketers can audit their databases: they can manually search for EU suffixes in subscriber profiles; they can utilise ESP technology to create approaches to remove EU addresses; or generate opt-in subscriber information based on physical location data.
Consent in email marketing has long been an ambiguous topic, a problem that GDPR attempts to rectify. This is especially true for users under the age of thirteen, who will now require parental permission to receive emails from companies. Email marketers now need ‘unambiguous’ consent from should be able to clearly convey their online consent policies with consumers and ensure that consent responses can be straightforwardly revised, including both current and future subscribers. These subscribers need a way to easily opt in or out of email campaigns. This could be achieved through a straightforward call-to-action that lets customers check a yes box to consent to receiving emails. It doesn’t matter how consent is obtained, as long it comes directly from the customer and it can be proved that companies have this consent.
Data owners are not accustomed to storing consent forms, but at some point, it will be a necessary task, as one day all forms will need to be presented if requested by the ICO. Creating a storage facility will therefore be an essential part of compliance.
Customers will also need to be able to quickly remove data if requested. This is known as the ‘take down’ clause which demands that it is compulsory to provide a clearly identifiable route for members of the public to make contact and communicate their request so that it can be responded to.
As well as consent, GDPR forces email marketers to improve transparency for data collection and storage procedures. A vital part of data collection is the identification and tracking of the source of subscribers’ information. Companies that store sensitive data have a responsibility to make sure that this data is kept accurate and safe. Email marketers must be transparent about what kinds of data they’re storing, and where it is being stored. Not only is this an obligation to customers, but good business practice, as nowadays consumers are very safety conscious about who stores their information. You will gain more business if you can assuage these fears. You can do this by educating customers about how you are treating your data. Because of this transparency, you should be able to build a sense of trust with shoppers.
These aren’t trivial responsibilities, and transitioning to them won’t be immediate. There is also no way around these changes unless you are willing to write off your databases. However, the need to contact customers and prospects can potentially be used to your advantage. This interaction can help you acquire new data on an extensive and detailed scale, and at the same time directly make offers.
Though businesses might try to look for a shortcut, or delay parts of the compliance process, GDPR is inescapable, and any efforts to avoid it may end up costing more to your organisation. Every business will eventually have to be scrutinised by the Information Commissioners Office (ICO), or the general public, and you can no longer ignore the threat of fines or customers claiming damage for misuse of information. The penalties can be up to 4% of the annual company turnover.
Not many organisations are adequately equipped to tackle such a dramatic shift in terms of compliance, and there aren’t many data suppliers that understand what GDPR entails. It would be a smart move for businesses to enlist help to deal with compliance. When searching for this help, it’s a good idea to ensure that it comes from established reliable sources. You should make sure they have a history of compliance, and that they completely understand the impending regulations by asking questions about them. Not every compliance advisor will be able to answer these questions, but if you keep looking you will end up with the support that you need.
Another essential step is to assign someone to supervise the compliance process. This should involve the production of written guidelines on GDPR, and distributing them to all relevant employees. The guidelines should explain GDPR clearly, and what is prohibited in terms of consumer data so that your team can rest assured that nothing they are doing is illegal.
GDPR represents a dramatic shift in marketing, with new focus on consent, security and privacy. Though this will require a lot of planning, effort and time to achieve this transformation, it will be beneficial to consumers through increased transparency of business, whilst companies can benefit from the increased interaction and trust of their clients.