GDPR seems like and is a huge task to tackle. As inbound marketers, we can argue that it’s actually not all bad news as it reinforces that you should only market to people who are interested in hearing from you.
Of course, we can’t simplify it to just that statement but much of privacy law in Europe actually comes down to balancing your legitimate interest and the privacy rights and freedoms of your data subjects, or the people in your database. Funnily enough though, after following the basic rules set out in the regulation, you can come up with an answer to many cases by asking yourself ‘Does it feel right?’. Say you used to run a business, you have a list of contacts you feel match your buyer persona. Does it feel right to send marketing email to people who’ve opted into receiving marketing from your previous business? I would guess that the answer is no, and indeed according to the GDPR, even though people shared their contact details with you, they definitely did not consent to receive marketing messages from your new business. What you can do, of course, is send a personal sales email to individuals asking them if they are interested in hearing about your new venture. So here are a few things to look into.
Preparing for GDPR as a marketer: |
This one is pretty straightforward. You need to record an opt-in through a clear, affirmative act from everyone that you intend to send marketing emails to. You can’t use a pre-ticked box, the opt-in has to be specific and people need to have the option to easily opt out of messages from you.
There are a few cases where you can send marketing email without an opt-in. You can do so if this person is paying customer of yours. Money actually has to exchange hands before you use this option. When you do so, you have to make sure that opting out is easy and you actually adhere to these requests. You can only send marketing email if you promote a product or service that is closely related to the product or service the customer has already purchased. If you have two completely separate business streams and you would like to send marketing messages across your entire database, you’ll want to review whether or not the products are closely (enough) related.
As always, you need to think about your reason for sending these messages, legitimate interest, balances against the right to privacy of your data subjects.
Finally, you have to consider what you do with the data of a customer whose contract has ended. You might not be in a place to keep sending them marketing messages and therefore it’s recommended to always focus on creating new content to use in opt-in campaigns, making sure that people are actively telling you that they are happy to keep receiving your emails.
We already touched upon the issue that you cannot hold on to people’s data indefinitely. The same goes for opt-ins. The GDPR states that the opt-in is relevant for the time being. So what do you do with the data in your systems? As a baseline, don’t keep data longer than you need it for the original reason of processing.
First of all, make a call on how long you store data in your systems and communicate this clearly to your audience in a well written, GDPR compliant privacy notice. You can decide on how long you keep customer data by looking at how long your customers might expect service from you. On average, they stay with you for 3 years and if they come back they do so within 2 years? This should allow you to keep the data for 5 years by default.
How about the marketing emails? Well, monitor engagement. Are your contacts opening your email, engaging with you on social media or returning to your website? That is an indication that they are still interested in what you have to say and you may argue that the opt-in is still relevant. On the other hand, when you see that engagement is dropping off, it might be time to actively focus on running an engagement campaign. Create a list of people who haven’t engaged with you in a while and reach out to them, possibly with a break-up email to let them know that you would like to hear from them. It’s a bit more work, but if you deal with high-value contacts, I like to send a personal email where I share an asset which gives me the chance to record engagement or an opt-in again.
If you’d like to know more about the GDPR and how to prepare for this as a marketer,
have a look at our online course built for marketers.