General Data Protection is looming…

From this time next year, the General Data Protection Regulation (GDPR) will be in place. This legislation aims to protect all EU citizens’ privacy – and the general consensus is that Brexit won’t affect it.

We have always encouraged clients to gain prior consent from recipients before sending any marketing emails, but as a result of GDPR, ‘permission-based’ marketing is set to become more regulated than ever before.

GDPR will require that anyone you contact must have given you permission to do so. What’s more, you must be able to provide evidence of this consent. The details of this legislation are still being finalised and it’s not yet clear whether this will apply to B2B  communication – stay tuned for further updates – but in the meantime, let’s consider what this means for B2C…

What’s crystal clear is that making sure your marketing audience has opted in to receive email communication from you is more important than ever. We’d therefore suggest that over the next 12 months, your marketing efforts are focused on making sure you have clear consent from your contacts and setting up ways to gain new opt-ins or signups. The upside being that you’ll end up with a healthy database of people who actually want to hear from you which is far more valuable than the alternative!

Where to start

We’re not saying you will have to ditch all the data you have worked so hard to build up, but… you may need to do a little work on it. One disgruntled recipient and you could be faced with a substantial fine. Here are some ideas of where to start:

Step 1 – Refresh your existing databases

If you’re able to document where your existing data came from – exactly what the person was told, how & when they signed up and that any third parties your share their data with were clearly named at the time – then you can relax. The chances are, like most of us, you won’t be able to do this. So, you’ll need to freshen up your existing database and request that your contacts kindly opt in again.

Methods to use:

  • Emailing your database with an opt-in link, making it clear exactly what they are signing up to receive
  • Write to your contacts asking them to re opt-in either online or via a reply-paid card – keep any hard copy opt-ins in a safe place
  • Telephone your contacts asking them to follow a link to opt-in

Remember to be specific about what they’re signing up to and this time make sure you retain evidence of their consent.

Step 2 – Use inbound marketing for new opt-ins

After refreshing your databases, you might find you have a significantly reduced audience to market to! An “inbound” marketing approach will enable you to gain new opt-ins. This is where you attract prospects to your website with the aim of capturing their details and eventually turning them into customers. It follows the traditional A-I-D-A (Awareness > Interest > Desire > Action) methodology with the opt-in signalling interest.

Inbound marketing tools:

  • Create content – good content, designed to address the needs of your ideal customer, will draw prospects to your website
  • Email sign up form – make sure this is visible on your website to gain visitors’ details
  • Offers & competitions – encourage people to sign up to receive offers or enter competitions
  • Gated content – for access to valuable content, request that users fill in a form (aka ‘gate’)
  • Social media – build relationships here, post about your content, news & offers, driving readers to your website
  • Search engine optimisation – make sure your website and content can be easily found
  • AdWords (or other online advertising) – a great way to boost search results and gain traffic
  • Exhibitions & events – have consent forms ready for anyone who visits your stand, a business card is not proof of consent

What to include when requesting signups

When gaining consent, consider the following to ensure you’re compliant:
> clearly explain what the user is signing up to receive
> use unticked boxes on opt-ins – pre-ticked boxes are set to become invalid
> make sure your privacy policy is easy to find and up-to-date, naming any third parties with whom you are going to share users’ data
> keep records to demonstrate what the individual has consented to, what they were told, when and how they consented and any third parties you share the data with
> give options for different types of consent if appropriate (sales, invoicing, marketing, etc.)

Absolute no-no’s from May 2018

  • using bought, rented or shared data – unless it’s from a reliable, compliant source and you have been clearly named as a third party from the outset
  • using old data – anything beyond 12 months is not advisable, regular refreshing of databases is important
  • using emails that have been given to you for another purpose – eg. sales or invoicing

If you would like to discuss any of the points raised in this article or would like help building or refreshing your databases, please contact Debbie Parsons or Richard Jaggs on 01380 728898.

To learn more about the GDPR, visit the ICO website’s dedicated area.

Written by

Debbie Parsons