Are you prepared for the new regulations on data protection? Find out why they shouldn't affect your email marketing strategy, if you play by the rules.
Picture this: It's May 2016 and you're enjoying listening to Drake's One Dance while waiting for the finale of Mike and Molly. It was such a simpler time. Barack Obama comfortably sat in The White House and Brexit was but a buzzword. worthy of an eye-roll You may have read somewhere in your daily attempt to keep up with trends that data protection regulations were going to change. But you saw you had two years to deal with it and did nothing.
The GDPR groundwork should have been laid as early as May 2016, but there's still time to avoid heavy fines or lost revenue.
Smash cut to May 2017. You see that Love Island is going to be on TV soon and wonder what benefit it would have to sign up to such an intrusive show. They'll never be famous! You have a chuckle at the photo of Trump with the orb in the Middle East and let out a hearty guffaw at the mocking SpongeBob meme. You see an article about GDPR, but clock the 2018 date and ignore it. Little did you know SpongeBob would come back to mock you.
GDPR will take effect on May 25 2018 - which gives you less than a week to ensure you're on top of it.
It is now actually May 2018 and GDPR will come into force on May 25. You've built your entire marketing plan around emailing your extensive database, but now worry that you won't be able to because you don't have proof of opt-in consent. You receive Privacy Policy after Privacy Policy and skim them quickly to see if there are any hints for your own business. You've left it too late, you have less than a week. GDPR is real and it will shake up how business is done. But, despite the seeming inconvenience, it will actually make the business-consumer relationship more transparent and trustworthy and be beneficial in the long run.
How Will GDPR Affect Email Marketing?
Email marketing is extremely lucrative and creative copy can yield high conversions. You can send out masses of information and CTAs to potential customers and on the whole businesses find the process to be incredibly effective. But GDPR means that you need to have proof of consent that you can contact your database for promotions, you need to have a way for them to request all their information, and you need to have a simple and hard opt-out policy that doesn't put people off. Will email marketing change forever? Quite possibly. But it's not too late.
Gaining Permission
You need to obtain express permission to use data subjects' contact data in a way to send marketing emails. Many savvy email opt-ins should already have cleared the issue of express consent, so many strategies will be fine, especially for mailing lists. But if you've somehow amalgamated lists from data collected elsewhere (i.e. through sales or enquiries), express consent needs to be given. Consent should be separated from other Ts and Cs so subjects know exactly what they are opting-in to. Opt-in boxes will not be pre-ticked and must be physically selected. Permission should be gained for each separate use of subjects' data to allow complete granular control. The permission must contain information on any third parties that may see the data and how they will use it.
Right to Unsubscribe
The unsubscription link should be present in every email and should contain the ability to unsubscribe from this email, from all email communications, and contain the ability to contact a return email address. The data subject can halt the profiling and the company must abide by this request. Or, they could refuse use of their data indefinitely and even request a copy in an easy to download and read electronic format.
What is GDPR?
GDPR essentially focuses on seven key areas in which businesses need to strengthen their data protection. It is imperative to appoint a Data Protection Officer and to have the entire team educated as to what could be potentially company-damaging legislation. Here are the basics of what GDPR consists of:
• Mandatory breach notification – The ICO must be informed within 72 hours of any data breaches - and those who have had their data breached must also be informed. This changes from the months and years businesses often waited before reporting a breach. • Consent – If you're storing data for any reason you must ask for consent to do so and explain what you will do with the information. If it's to send email marketing, you need to make it clear, so the data holder can opt-out. The storage should be airtight. • Right to access – Companies must be able to explain where the data they hold on someone is stored, how it is stored, and send it to them should they make a Subject Access Request (SAR). • Data portability – Individuals will be able to ask for their data to reuse it, so the format it is delivered back to them in must be easy to digest and transfer. • Right to be forgotten – Individuals can request companies to delete all data on them and refuse to share it with third parties. The process to opt-out must be easy enough and must work. • Data protection officers must be appointed • Penalties – Heavy fines for non-compliance can be 4% of the business's annual turnover or up to €20 million.
GDPR means new rules for your business and how it tackles data protection.
Ultimately, businesses should show privacy by design - data protection processes built into the standard running of the business and the data being secured in a safe and secure way and used in the manner it has claimed it it being collected for. Basic common sense should prevail and it will drastically reduce consumer apathy with marketing interactions with companies.
As long as your email marketing strategy takes into account the sensitive nature of the data you hold and intend to use to spread your marketing messages, you should be fine. It will certainly be interesting to see which companies are caught out by GDPR - and it is predicted smaller businesses without a dedicated DPO will be the majority.