The one about GDPR…
Gah! I’ve been asked by a couple of my clients to write a blog about GDPR. And I’ve been resisting it. Because I’m no way near an expert on the subject. Even the people writing about it on various social networks are not expert enough for my liking. It’s only when you come across the real experts you realise what a complex subject it is.
Anyway, what my clients were really asking me is - what does GDPR mean for my email marketing and do I really have to delete all my contacts and start again? Or, as in my friend Simon Jones’ case, do I have to delete all my photos and start again? Have a look at his lighthearted video blog - but only if you're not a photographer, because it will just serve to stress you out...
So, for what it’s worth, here are my thoughts. And note this is NOT legal or even expert advice, just the musings of a marketer!
GDPR means you can only carry out unsolicited electronic marketing if the person you’re targeting has given their permission.
So this is precisely why big businesses are very busy sending out emails right now, checking that you want to continue to hear from them. (Oh and by the way – they should be asking you to opt IN, not OUT, and with none of that pre-ticked box malarkey. Cheeky devils. They’ve no doubt had GDPR training. #justsayin' ...)
But! There is an exception. It’s known as the ‘soft opt-in', which applies if you’ve met the following conditions:
- You’ve obtained the details of your ‘subscriber’ through the course of a sale or negotiation for a sale of a product of service
- The marketing message you are sending your ‘subscriber’ is for similar products or services (i.e. not something entirely different)
- You give your ‘subscriber’ the chance to refuse marketing contact when their details are collected, and if they don’t refuse, you continue to give them the chance to do so in any future communication.
Woo-hoo I hear! That’s great – I’m all GDPR-ready!
Not quite, there are many other (GDPR) things you need to be thinking about. But luckily these are all things you might well already have been doing as a matter of good practice:
When you are collecting data, you need to be clear what the data is going to be used for and by whom. (This is probably one of the most abused 'rules' at the moment. You sign up by email for a specific freebie or offer, and then you end up on a generic mailing list. And if you're really unlucky, then your data is sold to a completely unrelated company and you get even more junk email.)
You can only collect data which is relevant (and this might mean just the email address, no lifestyle questions required, no age, shoe size, how many children/cats/dogs/hamsters do you have, etc etc, thank you very much).
You can only use data for the intended purpose for which it was collected (so if you are collecting emails via social media to send folk a free fact sheet, then send them a free fact sheet and don’t add them on to your generic mailing list).
If you did plan to transfer or share the data, you need consent from the contact who supplied it. (Good luck with that.)
Oh, and you need to keep records of EVERYTHING… the GDPR line is ‘consent must be documented, clear and traceable’.. how you do this is a minefield to me, but I’ve seen suggestions that you screengrab every consent (seriously!), only take consents in a paper format or print them out – I’d love to hear a practical solution if you have one!
And then there is the subject of data security and storage (Facebook, a-hem, take note) and for which I would refer you to a professional. But you do need to be taking active measures to guard against unauthorised processing, accidental loss, disclosure, destruction or alteration.
Plus if your subscriber asks you to correct or update their data, you have a requirement to do so. If the relationship with your subscriber ends, you need a policy in place to outline and justify how long you will retain that data. If your subscriber wishes to be deleted, you need to comply.
And finally, any data collected before GDPR still needs to be compliant. So you need to be asking anyone on your mailing lists who doesn’t fit the ‘soft opt-in' criteria to opt IN (remember not OUT) to communication. And the best way to do this is not just by asking them to verify their details, instead make sure you detail the benefits of opting in (or what they might miss by not opting IN).
So all in all, this is GREAT news for the consumer, but undoubtedly more work for the marketer or small business. In the short run, yes, you are going to end up with much shorter lists of subscribers, but we all know that a long email list does not always equal more engagement. Those that choose to opt in to your lists will inevitably be more engaged. And that’s what we like.
Anyhow, there is the blog I didn’t want to write. Let me know if it answered some of your questions!