Embed Size (px)
Citation preview
1 intelligently connecting audiences and brands
What does the GDPR mean for marketers?
Kingpin London | San Francisco kingpincomms.com
2 intelligently connecting audiences and brands
What does the GDPR mean for marketers?
Kingpin recently spoke to Simon Moss, head of marketing at automation software provider Communigator, about the General Data Protection Regulation (GDPR) and what it means for marketing professionals.
Kingpin: The GDPR isn’t exactly light reading and covers a lot of ground. At Kingpin we’re focused on marketers – what areas do they need to be aware of? Communigator: The key consideration as marketers is to make sure our email marketing practice complies with the GDPR. The GDPR will affect your marketing efforts in some way whether you are a B2B or B2C marketer.
So irrespective of whether you are based in the EU or not, or have an ESP in the EU, if you want to process the data of EU citizens you will need to be GDPR compliant.
The key thing is you’ll need to double opt-in your lists and have a provable, recorded database that confirms who has agreed to what communications and when.
Do you need to keep some kind of proof that every individual on their list has gone through the correct process?
Yes, you need to keep some kind of evidence! GDPR requires you to show “provable consent” although there’s no black-and-white definition of what this is.
At Communigator we capture the time, date and IP address as well as the consent statements you sign... in other words, what you’re agreeing to be sent.
With subject data access rights along with the right to be forgotten, having this information to hand will save a lot of time and effort, especially if someone turns around and says they don’t remember opting in to your communications.
What are the practical actions marketers can take to ensure their lists are double-opted in?
Double opt-in itself is a pretty simple process. You fill out a form, then you get sent an email asking you to confirm you are interested in receiving data.
But the message of “consent” has changed to be unambiguous. This means marketers need a clear, affirmative action from a prospect or customer saying they want to receive your marketing communications. Gone are the days of a pre-ticked box.
The harder part is getting people to double opt-in.
3 intelligently connecting audiences and brands
How can you encourage people to go through the double opt-in process?
Essentially, email marketers should offer valuable content in exchange for opt-in consent. Content marketing comes into play here. Offering something of value in exchange for contact details works extremely well.
Open content such as blogs are useful to establish a reputation when it comes to high-quality content. But when it comes to resource guides and whitepapers that provide vital, weighty information, marketing should be using gated content to ask for double opt-in details in exchange for this.
Waiting for the opt-in details before providing the content is the fastest way to build a genuine double opt-in database. We would recommend doing this through an email campaign, off the back of a form on your website or via a pop-up on your website.
But I can still market to my existing lists and databases after GDPR hits, right? It depends who you market to. If your clients are consumers rather than businesses then you can only continue to market to them if they have double opted-in to your communications. That’s why it’s so important to start now. Once the GDPR hits on 25 May 2018, you will no longer be allowed to market to anyone who hasn’t double opted-in to your communications.
The situation with B2B marketing is less clear. Within the UK we are ‘protected’ by the Privacy and Electronics Communications Regulation, which is this country’s implementation of the EU-wide E-Privacy Directive.
In essence this means that in the B2B arena we have opt-out legislation rather than the opt-in path the GDPR takes us down.
There has been a fair bit of discussion about whether the E-Privacy Directive would be amended to bring it in line with GDPR. Until as recently as last December it looked like this might be the case.
However, the first draft of the E-Privacy Directive was published in January and has stayed with the opt-out position for B2B rather than the more draconian opt-in consent position.
Just bear in mind that drafts may change so there isn’t anything that is iron clad at the moment.
What does this mean for buying marketing lists? Purchased data lists will still exist in the new post-GDPR data realm, but not as you currently know it. New data lists will be much smaller and probably more expensive. Also, as a buyer you must make sure you know the data you’re buying is double-opted in. Make sure you buy from reputable sources and insist on receiving the provable audit trail, too.
4 intelligently connecting audiences and brands
What’s a sensible GDPR checklist for marketers?
1. Determine if and how you will be affected by the GDPR – this is easy to assess. If you are sending emails to anybody in the EU you will affected by the GDPR. Your location doesn’t matter.
2. Make sure you understand the penalties. They are significant.
3. Plan according to the timeline. You have less than 18 months left to get as much data double-opted in as possible.
4. Establish which controls you will need in place such as an opt-in service. Chat with your email providers to understand what they have in place.
5. Get the specifics of your opt-in statement right. Talk about the catch-all, but remind them to get it approved by their legal team. Get the balance of the wording right. Be clear and unambiguous.
6. Check that your privacy and cookie consent policies are transparent in compliance.
7. Get explicit double opt-in consent from those with implied consent… in other words, from your customers and engaged data contacts. Email them and explain why you need them to double opt-in.
8. Get as much of your data as possible to opt-in to your future communications as soon as you have the above all set up. If you host events ask attendees to opt for the slides, have a pop-up on your website and run double opt-in campaigns.
9. Buy as many targeted data lists as you can now and get as many of them as possible to opt in to your communications.
Double opt-in plans aside, what are the other key actions marketers need to take to be GDPR-ready?
If they haven’t already done so, marketers need to analyse their data processes, in particular: • How they collect it (the double opt-in process)
• How data is recorded (the provable part)
• The storing system (safety and privacy paramount here)
• The retrieval process (you need to be able provide data if requested)
• The disclosure process (who you share details with – you need to be crystal clear on this and you share responsibility with other parties that hold the data)
• The erasing process (the right to be forgotten)
5 intelligently connecting audiences and brands
What happens after May 2018 if marketing data doesn’t meet the double opt-in standards of the GDPR? Fined? Or just a slap on the wrist?
The penalties are significant. How strictly this will be applied is yet to be seen but we’ll be watching with interest when that first test case comes through.
If you market to data that has not double opted-in to your marketing communications, you could face a fine. The GDPR contains a number of areas where penalties can be applied, in some cases up to €20 million or four per cent of your global annual turnover, whichever is the greater. This is non-negotiable and could ruin entire businesses (it did when a similar law came into place in Canada). That’s why it’s so important to become GDPR-compliant as soon as possible.
Is it all doom and gloom? We’ve talked a lot about the problems and challenges of GDPR, is there any good news in there for marketers?
It seems a bit depressing that all of a sudden you can’t do what you used to be able to do. But from a marketer’s point of view we all know we should be sending emails only to people who want to hear from us. Creating an opt-in database isn’t as hard as you might think and the data performs at a much higher rate than opt-out data.
Contact Kingpin to find out the latest on the EU GDPR and what it means for your marketing. Call us on UK +44 (0)20 7803 1000 | US +1 415 793 8370 or email us on [email protected] to also get more content in this series.
