How GDPR is an opportunity for Marketers

By now, you’re likely to have been inundated with messages from companies telling you about GDPR, updated privacy policies and terms of service. These companies all want to tell you how they are using your data. They also want to know if you wish to continue hearing from them. 

Similarly, it’s not uncommon to hear GDPR come up in conversation. All of these changes are being driven by the rapidly approaching GDPR compliance date on May 25, 2018. While the GDPR may sound intimidating and the fines for not complying may give you sleepless nights, the reality is a perfect opportunity. Think about it. A better understanding of your contact’s preferences and consent will help you do what you do best – build trust, drive engagement and deliver more targeted campaigns.

So, with much to cover on the subject of GDPR, I have taken a couple of key areas to discuss: permission of data usage and accessing data. Let’s review each of these individually.

Data permission

Firstly, GDPR sets a high standard for consent. Consent means offering individuals genuine choice and control over the lawful processing of their personal data.

From May 25, you will no longer be able to assume that individuals want to be contacted. Contacts need to express consent in a ‘freely given, specific, informed, and unambiguous’ way. Furthermore, they need to do this by a ‘clear affirmative action’. Previously you could rely on ‘opt-out’ consent in some circumstances. But today, the GDPR now requires an obvious and specific statement of what is being consented to.

“Consent is central to the rules on direct marketing. Organisations will generally need an individual’s consent before they can send marketing texts, emails or faxes, make calls to a number registered with the TPS. If they cannot demonstrate that they had valid consent, they may be subject to enforcement action.” *
What does this mean for you?

Importantly, individuals need to physically confirm that they wish to be contacted by you. A pre-ticked box that automatically opts them in is no longer acceptable. Opt-ins need to be a deliberate choice. In other words, you need to actively seek their permission.

Opt-in boxes are where a tick in the box indicates that the person agrees to receive the specified marketing. Best practice is to provide an unticked opt-in box and invite the person to confirm that they wish to receive marketing messages via specific channels. (e.g. by post, email, phone call etc.). The safest way of demonstrating consent requires a positive choice by an individual.

In addition, you should consider how you will collect and store the proof of opt-ins and subscriptions. At the same time, you need to keep clear records of exactly what someone has consented to. In particular, you need to record the date of consent, the method of consent, who obtained consent, and what information was provided to the person consenting.

With this in mind, there are several mechanisms that can help you collect the data as a record of their consent.

You may wish to consider the following:
  • Include opt-in requests on each of your online forms asking for consent. Opt-in tick boxes allow you to capture consent of those who wish to receive communications from you.
  • Double opt-in of consent. A double opt-in is merely a method to double-check the authenticity of any given consent. With double opt-in enabled, an automatically generated email with an activation link will be sent to the address provided to you by the new contact. Although it is not always a legal necessity, it should be considered best practice to use a system of double opt-ins. In turn, double opt-in helps to drive the quality of data in your database. This extra layer of consent helps you check that the person who subscribed to your list has access to the account provided. Another benefit is that you know that the address is valid and in use.
  • Add a link to your privacy policy when requesting an opt-in. When you ask for consent, you also need to provide a separate link to your Privacy Policy. The link needs to be included on all subscription forms.
  • Update your email and website footers with your privacy policy. It’s also good practice to add the link to the footer of emails and on your website. Your legal team will need to make any changes required to your Privacy Policy to comply with transparency about how personal data may be stored and used under the new GDPR. And remember, make it easy to read!
GDPR compliance
GDPR compliance
GDPR compliance

Data access

GDPR gives individuals a method to gain more control over how their data is collected and used. It also includes the ability for individuals to access or remove their data – in line with their right to be forgotten.

What do you need to do?

It’s considered good practice to use privacy dashboards or other preference-centre management tools, commonly found in lead and campaign management tools. They allow individuals to update their details and choose what information to receive from you.

The benefit of a well-structured preference centre will enable you to deal with an individual’s right to access, their right to be informed, their right to have information corrected, and their right to object to email marketing. By enabling subscribers to amend their preferences themselves, it will help you to maintain cleaner and up-to-date data. And, ultimately, by offering this choice, it will result in improved engagement, higher retention, and better responses to all of your campaigns.

Here are some recommendations:
  • Include a link to the Preference Centre in all your emails. Direct your customers to the preference centre with your first email after they’ve opted in. You can start by getting to know them better! After this, each of your subsequent emails can link them there. The preference centre enables them to unsubscribe easily, at any time during their relationship with you.
  • Add an unsubscribe option via your preference centre on each landing page. Contrary to what some email marketers think, you shouldn’t be afraid that someone will opt-out. In fact, you should make it easy for them to do so with a prominently displayed link to your preference centre.
  • Put a link to the Preference Centre from your website footer. Your customers want to make their own choices. If they can’t find an easy way to unsubscribe or decide what they want to receive, they might view your mailing as spam. That can harm your reputation and risk your emails going undelivered.

Finally, with May 25, on the doorstep, it’s time to check that you are ready for the new legislation. Importantly, keep in mind the basics. Don’t contact someone unless they specifically ask to be. Let them control if they want to hear from you. If you can do this, then you’re taking a significant step towards being GDPR compliant.

And, remember, GDPR isn’t designed to stop you from communicating with your customers. The changes present an opportunity to improve your data quality. At the same time, it will drive trust as you inform individuals about how you are using their data.

 GDPR compliance

How I can help

I offer a range of services to help you prepare for the GDPR.

GDPR Marketing Audit and Action Plan
I can review your GDPR compliance activities and help to identify gaps and risks. I’ll create a tailored action plan that will guide you towards compliance. This action plan will enable you to prioritise activities to minimise risk and make the best use of your existing platforms.

Compliance for Eloqua Users
Your marketing automation platform can be a massive asset to your GDPR preparation strategy. For Eloqua users, you already have access to a variety of features that will help you become GDPR compliant. I offer the following services:

  • Review how you are using Eloqua to take advantage of the features of the solution to assist your compliance efforts.
  • Create a practical plan that will help you manage GDPR compliance.
  • Set up your Eloqua instance to drive compliance.

Get in touch today to ensure you are GDPR ready.

Disclaimer: The content of this blog post is not to be considered legal advice and should be used for information purposes only.

Penny Thorn