10 top GDPR tips for email marketing | IT PRO – IT PRO
GDPR is almost upon us, and the prospect of strict new regulations governing how personal data can be gathered, held and used has inspired fear and confusion within many marketing departments, with doom-laden predictions that digital and email marketing will be effectively crippled.
One of the biggest challenges for marketers is that organisations must have a legal basis for processing customers’ data. This can come in the form of opt-in consent from a customer to use their data for a specific purpose, like sending them a newsletter, and customers can withdraw this consent at any time. Alternative lawful reasons include collecting their data to comply with a contraxt or legal obligation, or if processing the data is essential to preventing things like fraud.
The most common basis for marketers will probably be consent, which must be an active, affirmative action by the customer – rather than a pre-ticked box they must untick if they don’t want their data collected. Changing their processes to adhere to these new opt-in consent forms is a wide-ranging challenge for marketers, as is getting that consent from existing customers.
All is not lost, however; we spoke to Skip Fidura, Dotmailer client service director and non-executive director at the Digital Marketing Association, to get his top tips on how email marketers can not only survive but thrive under GDPR.
1) Don’t panic!
The biggest thing that digital marketers need to remember, Fidura says, is that GDPR is not the apocalyptic cataclysm that many are making it out to be. If marketers have been doing their jobs properly, he argues, the new laws should have a minimal impact on how marketers do business.
“There’s really nothing in the GDPR that email marketers haven’t been talking about and doing as best practice for years. Being open, honest and transparent when it comes to getting consent – you can use the GDPR language, but it all boils down to being open, honest and transparent.”
2) Don’t re-permission your lists, refine them
A common response to GDPR from many marketing departments has been to try and re-obtain consent from their entire marketing list for life-long messaging, but according to Fidura, this is an unnecessary effort. “The myth when GDPR first came out,” he said, “was that consent is the only way we can market and therefore, because I don’t have GDPR-level consent, I have to go get GDPR-level consent.”
In reality, he continues, what brands have done is to take a step back and examine their data, working out how much of their lists they can continue to market to under GDPR’s ‘legitimate interests’ provisos, which customers they need to approach to ask for new permissions, and which customers should be culled from their lists entirely.
3) Follow best practice
This dovetails neatly with another of Fidura’s top tips, which is to make a point of following best practice – i.e. reducing email lists when some recipients haven’t engaged for a defined period of time – no matter how unpalatable it may seem.
“[Marketers] know they should be culling people off lists, but when you go to the finance people and say ‘I’ve just cut 25% off our email list’, the finance people go ‘what are you, crazy?’,” he says. “So actually, I think in some cases, marketers have been able to use GDPR to do what they know they should have been doing all along.”
4) Audit your data regularly
Of course, you can’t cut dead weight from your email lists if you don’t know that it’s there. Fidura advises that companies conduct regular audits of their data stores to ensure that they know exactly what state their lists are in.
“The problem with data is data has a shelf-life, and just like a piece of fish that’s gone off, if you let it sit too long, it’s gonna stink,” he states. Companies need to be aware of how long data is going to be relevant for when they collect it, and should regularly audit it based on the inflow of data and how many people are accessing and modifying it.
5) Don’t forget about ongoing compliance
In the mad scramble to meet the requirements of GDPR, all eyes are on the May 25 deadline when the rules officially come into force. However, as Fidura points out, GDPR is far from a one-time deal. While initially complying with the regulations is important, ensuring that you continue to uphold those standards is actually more critical in the long run. “My big concern now is that on that date, everybody’s going to be popping champagne bottles, and come 10 June, they’re going to buy some new system and forget that they’ve got to now plug that into their GDPR compliance.”
“What they need to think about going forwards is, they need to remember the steps they went through to get to their GDPR compliance; the data audit that they did. Every time they bring a new channel, tool or system online, they need to think about what the potential impact of that is to the consumer. If necessary, they need to do a privacy impact assessment and they need to document all that stuff, because the 25 May is not the end; it’s the end of beginning. GDPR doesn’t go away.”
6) Build customer trust
GDPR might be scary for marketers, but in reality it offers companies an opportunity to build a deeper, more trusting relationship with their customers. According to research by the Digital Marketing Association, 62% of consumers are more willing to share their data if they have GDPR explained to them, and more than 85% want greater control and transparency regarding how their data is used and collected.
“We know that consumers get to be more comfortable about giving up data when they know how the data’s going to be used; that’s just human nature,” Fidura says. “I think the opportunity for all marketers is to start talking about GDPR, start telling people about what’s in the GDPR, what their rights are, how the business is implementing that, so that they start to rebuild trust. And then, of course, they have to live up to that.”
7) Be honest about what data you need
It’s not just customers that marketers need to be honest with around GDPR; according to Fidura, they also have to be honest with themselves. As part of the data audits mentioned above, marketing professionals need to take a step back and examine what data they absolutely need to have, and what data they’re gathering for the sake of it.
“The example I always use is this: we have DotMailer-branded socks. In theory, to know how many socks to buy, we should ask people their shoe size. As an email marketing company, do we really have a need for their shoe size? No – because we’re probably going to buy a bunch of large, a bunch of mediums and a bunch of smalls anyway.”
8) Be accountable
One of the fundamental tenets of GDPR is making companies accountable to the people whose data they hold, but Fidura says that this is a standard which companies should be holding themselves to regardless, in the service of rebuilding customer trust.
“Whatever you do, if something goes wrong and you violate that trust, be accountable for it. Hold up your hand and say ‘you know what, we screwed up’,” he says. “Too often, corporations don’t want to say anything until they know all the facts, but by then, they’ve lost the story.”
9) Don’t let lawyers write your privacy policies
For marketers, GDPR isn’t simply about getting customers to check a box indicating that they’re happy to receive your emails; one of the stipulations is that you must give them a specific set of details about how you’re using that information. Similar to the oft-ignored terms and conditions agreements for software, this is often represented by a wall of dense legal text, but it doesn’t have to be.
Thanks for reading. Share if you enjoyed.