Any business that sends email marketing campaigns should be preparing to comply with the General Data Protection Regulations (GDPR), specifically when it comes to having the right consent to continue marketing to customers or subscribers.
Quick background
GDPR is the new golden standard in data privacy legislation that will come into effect on the 25th of May 2018. The regulation forces businesses to be transparent and careful while processing personal information when providing services in the EU, regardless of where it is processed or whether the data subject is a citizen. The type of information protected under this legislation is broad: identity, contact, banking, medical, employment, education. The definition of processing is also broad – anything from collecting, storing, using and sharing of the aforementioned information.
How do you know if the GDPR’s consent requirements apply to your business?
This can easily be determined by answering two questions:
1. Does your business send messages that do not fall under one of the legal reasons allowed under GDPR?
It’s important to note that businesses can have a legal or contractual reason to communicate with an individual. The regulations recognize various reasons which negate the need for consent; such as communicating to fulfil a contract, or as required by law, or in the interests of the individual’s safety. However, if none of these legal reasons exist, then the business must obtain consent to communicate directly with the individual.
2. Does your business send these messages in the course of providing services in the EU?
In practice, the answer to this question is not as straightforward as yes or no. Many businesses cannot say with certainty that there are no EU residents on their marketing database. Regardless, the physical location of the individual is only part of the issue, GDPR applies if a service is provided inside the EU.
From whom do you need consent?
You do need consent from:
People who have subscribed to receive marketing information from you, but otherwise have no legal relationship with your business.
You do not need consent from:
Customers with whom you have to communicate as part of the service you provide – this would include essential operational documents like statements, invoices and policy updates, which your customer needs.
What should email marketers do?
Unless you can be sure that your marketing emails will not result in a service being delivered inside the EU, the best approach is to prepare for GDPR as if it does apply.
With the deadline looming, if you don’t have a plan to prepare your marketing base, you better start now.
1. Starting point
Do you have explicit consent from all individuals on record? This means showing when and how they agreed to receive marketing communication from you. You must have on record that it was an explicit agreement (opt in, not opt out) and be able to show when and how they agreed to receive communications, as well as what they specifically agreed to receive.
2. Opt in vs opt out
It is in your best interest to get the user to re-subscribe rather than to un-subscribe. Remember, if you are planning a consent campaign, sending a message that asks the recipient to ‘switch something off’ is not allowed. A subscriber has to actively ‘switch on’ by saying “Yes” or “Confirm” or “Subscribe”, in order for the consent to comply with GDPR.
3. Be careful
Have a good, in-depth look into the database that you have on hand. If you have no record of how a person got onto your marketing base, it is illegal to email them asking for consent, even before the GDPR comes into effect.
There are a number of cases of organizations being fined for doing this: Flybe and Honda to name a couple.
If any of these points strike a chord, you need a plan. Either you have to get explicit consent on record before the deadline, or you have to clean up your marketing database, which means removing anyone for whom you do not have the right consent.
What can you expect from a consent campaign?
Unfortunately, you can expect a massive decline in your subscriber base, especially if you have been building it up over many years through a myriad of subscriber campaigns. It’s very possible that 99% of your current base will not respond to your consent campaign. Ouch!
This can be for a number of reasons:
- Human nature – people are lazy and will most likely do nothing (until they start wondering why they are no longer hearing from you)
- Too much noise – it’s hard to stand out in inboxes, when people are being bombarded with consent emails asking them to re-subscribe
- No longer interested – they were not opening or reading your emails anyway, because the content is no longer relevant to them
- Delivery issues – the recipient is not given a chance to respond, because your consent emails are going to junk/promotional/social folders due to bad practices
My advice?
Better to take the hit now and start actively building a legitimate subscriber base obtained through a legally compliant consent process. This is a chance to purge your marketing base, so that what is left are quality leads, not quantity. This means your open and click rates will look better and your take up ratio should also improve.
The alternatives are somewhat unattractive – in serious cases, organizations can be fined up to 4% of annual global turnover or €20 Million (whichever is the larger) for breaching the regulations in the GDPR.
Here is what we’re saying for the consent process that we are running:
You can give your consent by clicking the subscribe button below and providing us with your information