Yes, the way you market must change.

Changing your strategy

The implementation of the GPDR framework has a significant effect on your business’ email marketing strategies in terms of justifying legitimate interests and ensuring correct consent collection and management, and it’s an effect that can’t be ignored. The GDPR has added a layer of complexity over an already complex PECR framework.  Claiming ignorance, or even pretending to, could lead to complaints, investigations by the authorities and significant fines. If your email marketing strategy, data sets, tools, and implementation are not yet GDPR (and PECR) compliant, the time to act is now, and not after you’ve sent your next newsletter. Ultimately, the GDPR framework has changed the way your company can obtain consent for marketing communications, and the eprivacy directive from the EU oversees the implementation of controls over unsolicited communications. Changing regulations and legislative processes now compel your company to ensure consent is obtained from your target market, and that’s a good thing: you’ll be marketing smarter! 

Your marketing landscape

A kind reminder too: it’s not just your email marketing strategy that must be (and remain) GDPR compliant. The GDPR framework covers all aspects and approaches of personal data collection, storage, processing, and usage, so don’t forget that every marketing strategy and tool you use will need to be compliant. If you’re currently using a marketing or sales platform, and are not sure about its GDPR compliance, it’s time to call up your suppliers and start the vendor assessment process. Again here: ignorance isn’t bliss. Choose and work with GDPR compliant service providers only, as this is an integral part of your business remaining GDPR compliant. 

A matter of consent

When using email marketing strategies, the first point of call for creating your marketing database always begins with gathering (yes, gathering is processing) email addresses. It’s not, however, just email addresses your company collects. You may be collecting demographic information, location-related data, or any number of varying data points that relate to your data subject – the person you want to market to. Consent is key unless there is another legal basis for your business to collect this data. We always recommend consent as an essential, however, even if you have a previously established relationship with the person you’re looking to market to. That said, the approach of continually seeking to obtain consent from your target market, and then always ensuring that they have an easy way to opt-out, builds a foundation for a good relationship between your company and a potential client. The process of obtaining consent builds trust between you and your target market. 

The right to no longer be marketed to

Opt-out is not fresh news, but we’ll say it again, under the GDPR, if a customer or potential customer of your business requests to no longer receive marketing-related emails from you, you need to abide by that request immediately. Moreover, should someone who forms part of your marketing target audience request that you delete their personal data, or fully inform them about how, when, and why your company collected, stored and used their data, you’ll need to provide that information, pronto. That’s why your company’s Data Protection Officer plays a key role in helping your business remain GDPR compliant. 

Permission-based marketing

Yes, we live in the era of permission-based marketing now. What a relief for those of us who have overflowing spam folders and a list of over-eager telesales agents who’ve been blocked from calling their mobile phone. It’s as simple as this when it comes to your email marketing strategy: if you’re in any way unsure about whether or not you have consent from your email marketing database, ask them. Whether you use a marketing platform to do this or use it as a consumer education exercise, ask for their consent. You’ll need to record this process closely starting with documenting your legal basis for processing to request the consent and abide by every single response, to ensure your business is indeed GDPR compliant. And here’s a free marketing tip for you: this is a great way to not only educate your clients, but also clean up your marketing database, update old records, improve your domain reputation score, and grow your relationship with your target market. 

Automated emails

The GDPR framework also covers the use of automated emails as part of your marketing strategy. Again, it comes down to a matter of verifiable consent: your company cannot send automated emails to anyone without their permission, or opt-in, with affirmative action or approval. 

The unsubscribe list

And, of course, when people no longer want to hear from you, it’s time to accept it. Under the GDPR framework, you need to make it super-simple for users to simply unsubscribe, no questions asked. No, you can’t send a follow-up email asking them why or one of those sad goodbye emails. Let them go! 

For more information on how your company can move through its data compliance journey, contact ProPrivacy for assistance. We’ll help you stay on the right side of regulation.

Philipa Jane Farley

Written By Philipa Jane Farley

Philipa is the lead consultant and auditor at ProPrivacy.  With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide.  Philipa’s passion is manageable data compliance for SMEs.

Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.

Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.

ProPrivacy | GDPR Privacy Cyber Security in Cork, Ireland