Tag Archive for: GDPR

GDPR one year on – what has it meant for email marketing?

One year ago, we were all frantically “re-permissioning” our own email lists and receiving hundreds of mails asking us to confirm our consent to hear from the companies we shop with.  12 months on, I thought I’d take a look on the impact of the General Data Protection Regulations, from the marketer’s perspective and how it has influenced our relationship with the consumers we communicate with.

What did GDPR mean for marketers?

Perhaps the greatest impact of GDPR from a marketing perspective, was that most businesses had to severely cut down the number of people on their email lists.  If we could not prove that someone on our list had actively consented to be on it, or somehow that being on the list was in their “legitimate interest”, we had to remove them.  This led to many companies sending out “re-permissioning” emails to gain that explicit consent. Many found that very few of their original list signed up again.  Even well-trusted brands suffered.  The Economist magazine lost 80% of its email list due to recipients’ failure to re-consent. Marketers initially predicted doom and gloom. In fact, surveys taken this year show that email is still very much alive as a marketing platform.

How have consumer views changed since GDPR came in?

A report from Smart Insights shows that 59% of consumers still prefer to hear from brands via email, before and after they buy,  and that email remains the “digital passport” across the wide range of marketing channels.  Even for Customer Service, 48% of customers still prefer to use email over phone, text or social media messaging.

Further research indicates that more of us are now confident that, if a company has our email address, it is because we have given it to them. A report by the Chartered Institute of Marketing (CIM) shows that 41% of consumers think GDPR has improved how companies use their data.  (CIM, November 2018). This in turn makes us less suspicious of marketing communications that come in via email. In addition, customers are starting to see the benefit of providing data. 31% now say they are happy to provide data, if it means the messages they receive from a brand are more personalised and likely to be relevant. This trust is highest amongst younger consumers. There is of course a flipside to this. If you are collecting data and NOT personalising your marketing, you do risk alienating the people you contact.  Another interesting fact is that these personalised messages do not need to include discounts and freebies.  What consumers really care about is that the communications they receive should be useful and relevant to them.

What has been the impact of GDPR for businesses?  

There is no doubt that GDPR was costly for businesses, however small.  Time, marketing support, privacy consultancy, updating technology and running advertising campaigns to rebuild email lists, quickly built up into a substantial investment.

The good news is that most businesses report that getting it right has not had a major impact on actual trade.  Despite losing so much of its email list, The Economist only had 3% fewer subscriptions in the months following GDPR.

Businesses have had to make more effort to segment and personalise their email communications, and this has led to more sales stemming from fewer emails, and improved email sign-up rates.

Many have also widened their marketing activity to make the most of social media, paid advertising and other channels, which, in many cases, have been more successful for them than the untargeted mass emails they sent before.

Despite the initial doom and gloom, according to a survey by the DMA reported in Marketing Week, more than half of marketers feel positive about the impact GDPR has had on their email campaigns and 91% still consider email an important channel.   The results support this.  74% of marketers report an improvement in email open rates in the past year and 75% have seen an increase in click-through rates from emails.  There has also been a big reduction in the proportion of email recipients unsubscribing or reporting mails as spam.

What’s next for data protection?

GDPR, alongside other news stories around privacy such as the Cambridge Analytica scandal, has clearly moved us all into a new phase of how we interact with our customers, and how we expect businesses to interact with us as a consumer. Customers are far more clued up on how much data businesses have, and should have, about them and expect their messages to be tailored in response.  Whilst this means that marketers need to work smarter, making sure our emails are well targeted, relevant and useful, it also means our activities are more likely to drive conversions.

So, put simply, carry on respecting GDPR, and making good use of the data your customers have given you, and you are in a very good position to also be running effective marketing campaigns using it.

What about the e privacy regulation changes?

One more thing, and yes it could be a biggie for marketers.  Originally scheduled for 2019, it now looks as if changes to the European e-privacy regulations could be ready in summer 2020.  This will replace the current PECR (Privacy and Electronic Communications Regulations) and is likely to have a big impact on how consumers opt-in to other data collection tools, such as cookies, location data and similar tracking technologies. It may also have implications for how communications tools such as WhatsApp, Facebook Messenger and Skype guarantee confidentiality.   This could well change how we work with tools such as Facebook’s “lookalike” audiences and Google Remarketing ads – but the exact impact is still unclear.  Maybe, as with GDPR, consumers will accept that data sharing is a positive route to receiving more relevant and interesting marketing content, a win-win for both sides.

Watch this space for more information as soon as it becomes available.

/by

GDPR and Email Marketing – What You Need to Do

Introduction to GDPR

Under the new GDPR legislation, which comes in on 25th May 2018, the rules on how you collect, store and use people’s personal information, such as names, emails, financial information, and any other personal information are changing significantly. Although this is initially a piece of EU legislation, it will also be brought into British Law so will still apply after Brexit. GDPR has implications across all aspects of business including staff and HR info as well as customer info. Here we focus on marketing and specifically, email lists.

 

Marketing Justifications for Collecting, Storing and Using Personal Data

From a marketing point of view,  you need to make sure that you can justify collecting and keeping anyone’s data on your lists, and sending them communications. The two main justifications you can use are:

  1. Legitimate Interest

    If it is in the person’s legitimate interest for you to have their data. E.g. you are in the middle of doing a deal with them and need to be able to contact them, or you have sold them products in the past and might need to contact them, perhaps in the event of a product recall. It is OK to have and use the personal data of your customers, for the purposes of communicating with them about their purchase. This could also apply to storing someone’s IP address for a short period if they are using your website, for the purposes of making it easier for them to navigate your content.

  2. Consent

    If you can clearly show that the person made a positive choice to sign up to hear from you. e.g. they actively ticked a box to sign up (this should not be a pre-ticked box) for marketing communications, and you have a system in place that records how that happened, exactly what they signed up to and when. At the time of sign up, they should also have been able to see your Privacy Notice that explains how you will handle their data. (Most email contact systems such as MailChimp, Campaign Monitor and Act! will have such a system in place). If they sign up over the phone, or after a face-to-face discussion, you’ll need a written record of that conversation with the date and time. If you collect sign-ups at a trade event, it would be a good idea to do that via a laptop or tablet, or at least a written form so you have a good record.

Not many businesses have been organised enough to have kept a record of exactly how people signed up, when and what they saw in terms of a privacy policy at the time, so most companies are currently going through a process of having to “re-consent” their email marketing lists. If this is done before 25 May 2018, and you have collected the contact data through the current “soft opt-in” guidelines, it is OK to contact people to ask them to sign up again. After that date, it may no longer be legal to contact your lists even for that, so be organised and do it soon.

 How to get consent for GDPR before 25 May?

If you don’t have a record of how and when people on your marketing lists signed up, and you want to keep them on your lists, then you will need to contact them again and invite them to sign up in a way that is compliant with GDPR.

The process for doing so could look something like this:

  1. Make sure your Privacy Policy is up to date and easily available on your website. Your Privacy Policy should include information on:
    a. Who You Are – company details, name of data controller within the company, are you registered with the ICO as a data controller? (If collecting personal data, storing it and using you it you probably should be – check if you need to and register at www.ico.org.uk – easy to do, currently costs £35)
    b. What you need and what you do with it – e.g. We collect email addresses and names to stay in touch with you about product/services that might interest you
    c. Who we share your data with – if you do, ideally you don’t
    d. International data transfers and security – if any international sharing of data happens
    e. How long we hold your information
    f. Automated decision making – if the data someone supplies then results in automatic preferences being set e.g. receiving email contacts relevant to their location, web content based on their previous browsing history through remarketing
    g. Your rights – e.g. unsubscribe or update your data at any time
    h. What happens if you don’t provide your information – are there any implications for clients if they do not give you all the data you request?
    i. Concerns or complaints – who to talk to, initially at your company and then at the ICO (www.ico.gov.uk)
    j. Where we got your information – you signed up, you’ve been a customer etc.If you’re feeling creative, you could do this in ways other than a long piece of written text. It could be a video, some “just in time” pop up info on the form or via a list with icons that explain how each element is used for, for example. Whatever you choose to do, give it a Version Number and Date as you will likely need to adjust it over time and will need to know which version anyone signed up against. Have a look at our Privacy Policy as an example.
  2. Get your current email list into a format that is easy for you to view and edit e.g. an Excel file
  3. Clean up your current list. Remove duplicates. If you or any of your team actually know some of the people on your list, run a “sense check”, reading through the list and deleting or updating anyone you aware is no longer in the post they were, no longer interested or, worst case scenario (it happens!), no longer with us…
  4. Upload this new, cleaned list to your email software with a name such as “Re-consenting list”
  5. Set up a blank new list – called something like “Contacts 2018” or if you keep multiple lists for different segments of customers (which you probably should), set up several new blank lists e.g. Local Customers (2018), National Customers (2018), Overseas Customers (2018). For these lists, ideally require “double opt-in” so that the process involves two stages and in MailChimp, use the new GDPR compliant sign-up form. This usually means that the person signing up 1) ticks a box on your website and 2) receives an email and clicks again to verify that they want to sign up. Somewhere in this process they should be able to see your Privacy Policy– either by clicking on the link next to the sign-up box, or through a link in the verification email. If you are using a third party tool, such as MailChimp, the sign-up form needs to explain that data sharing, and show the providers Privacy Policy too. MailChimp’s new GDPR compliant form includes that info.
  6. Design and write an email to these contacts inviting them to sign up again, in a GDPR compliant way. Direct this email to the sign-up link for the list you would like to add them to. In the email, use language such as“As you may have heard, from May 2018 the rules on Data Protection are changing. Your email is currently on our marketing lists because you’ve shown an interest in our products in the past.
    We want to make sure we stay legally compliant, but more importantly, we want to make sure we are only contacting people who are happy to hear from us.
    If you would like to stay on our lists, and hear from us occasionally about our wonderful products/services/offers (whatever your emails do) then please follow this link (e.g. www.mysite.com/websignuplocalcustomers ) to let us know you are still happy to hear from us. Our Privacy Policy explains how we store and use your data, you can read it here – www.website.com/privacypolicy. You’ll be able to unsubscribe or change your contact preferences at any time.
    If you do not sign up again, we will not be able to send you our information emails after 25 May, so please do so if you’d like to stay in touch. If you’d rather not hear from us after 25 May, then you don’t need to do anything and we thank you for your interest in the past.
    We look forward to keeping in touch. Many thanks.”Make sure the title of the email is something that stands out as an email they should open e.g. “Important information about staying in touch with XXX”
  7. Keep an eye on the open rates and sign ups you gather from this email. If these are looking low, consider re-sending the mail after a couple of weeks with a different heading and amendments to the text to highlight the urgency. Make sure you delete anyone who has already signed up for the list before sending. Do NOT send again after 24 May 2018.
  8. After the second sending, or earlier if you prefer, contact any clients you know you definitely want to stay in touch with who have not re-consented and invite them personally to sign up again. Maybe do this with a phone call to draw their attention to the email.
  9. Add the link to the new sign up form to your email footer, so it goes out as a reminder to anyone you are emailing about other matters.
  10. Add a GDPR compliant email sign up box to your website so that future sign ups are all recorded correctly, use double opt-in and make sure they have a chance to see your Privacy Policy before final sign up.
  11. After 25 May, only send out marketing communications to people for whom you have a GDPR compliant record of how they signed up. Delete any personal data you have for anyone you do not have consent from, if they no longer could be deemed to have a legitimate interest in hearing from you.
  12. Make sure your data storage and handling of personal data is compliant with GDPR. Basically, you will need to make sure you are registered with ICO, that all data is held securely, only people who really need to have access to it do so and that you keep it up to date.
  13. Have processes in place so that anyone who wants to can have access to the data you hold on them at any time, update it, ask for it to be deleted, or ask to be unsubscribed. This could be done through your email marketing software, which may well include a Dashboard or Preferences Manager your clients can use to update their details and preferences.
  14. Carry on using your email marketing creatively and thoughtfully to promote your business. Do so confident that although your list numbers may be smaller, your messages are going to be people who are genuinely interested in hearing from you.

For more information, the best place to look is the ICO website which has the full lowdown on GDPR, including the new rules for marketing

If you think we’ve missed anything, need a hand with your email marketing, or would like to share your own experiences or good practice, do get in touch sam@samampsmarketing.com

Disclaimer

I am not a lawyer, merely a marketer with some specialist training (from Chartered Institute of Marketing) on how GDPR impacts on marketing and so this is not intended to constitute legal advice.

*edited 22 April 2018 to include new info from MailChimp

/1 Comment/by