In May this year the data protection regulations are set to change and we all need to be prepared. If you haven’t heard about GDPR yet, it’s time to get clued up. The enforcement date is fast approaching and will almost certainly mean some changes to your business and the way you hold and handle data.
One of the big talking points of the General Data Protection Regulation (GDPR) is the implication on the marketing landscape and in particular email marketing. The whole transcript is pretty hefty. Put a decent amount of time aside and read it in full on the ICO website here. In the meantime, here’s an overview of how GDPR will affect you in terms of direct marketing.
What is GDPR?
GDPR stands for General Data Protection Regulation and this will replace the 1998 UK Data Protection Act. The transcript was published in back in May 2016, but the actual enforcement date is 25th May this year (2018).
It’s is all about protecting personal data. This could be anything that identifies an individual - their email address, their IP address, cookie data, postal address stored digitally. Not just written data either – think CCTV images and all those phone calls that are ‘recorded for training purposes’.
The EU’s new privacy data protection regulations are designed to create constancy in the way personal data is handled across the whole EU. Currently the rules in place can be interpreted differently by each country, so the introduction of GDPR means tighter, but more consistent rules.
Will GDPR affect my business?
Almost certainly yes. GDPR applies to all businesses and organisations established in the EU, or that offer goods/services to those in the EU.
You’ll need to look at how you collect and store all forms of personal data going forward, but also address your existing databases to ensure they meets the new regulations.
What if I don’t stick to the rules?
GDPR rules are legal regulations (not guidelines) this means they are enforceable by law and there are some pretty savage fines in the pipeline for those who don’t adhere!
Historic data breaches have resulted in costly fines. Honda was fined £13,000 by ICO for sending emails clarifying whether customers wanted to receive marketing, while supermarket Morrisons was fined £10,500 for sending 131,000 emails to people who had already opted-out.
These fines pale in comparison to the potential bill for GDPR non-compliance. You’d be looking at a fine of up to 20 Million Euros, or 4% of your brands total global annual turnover (whichever is higher). Ouch!
How will GDPR affect email marketing?
In terms of email marketing, contacts on your list must have given permission for you to hold their information. In addition you must be able to provide sufficient proof of this consent, or you won’t be able to email them anymore.
So, you’ll need to look at your existing database and also how you collect data going forward. The key factor is consent and email marketing lists will be strictly opt-in only.
The ICO published a draft article for guidance. There are seven main changes in the article that marketers need to consider in regards to data:
Unbundled: asking for consent should be separate from other terms and conditions so individuals are clear what they consenting to. Consent should not be a pre-condition of signing up to a service unless it is necessary for that service.
Active opt-in: the GDPR makes it clear in the recitals that pre-ticked boxes are not a valid form of consent. Clear opt-in boxes should be used.
Granular: where there are various different types of data processing that may occur, allow for separate consent as much as possible. The ICO want organisations to be as granular as possible which means giving consumers more control over what they're consenting to.
Named: always tell individuals who your organisation is and name any third parties that the data will be shared with. The draft ICO guidance states that terms like 'we will only share your data with other men's clothing retailers' are not specific enough. The individual organisations the data will be shared with need to be named.
Documented: maintain records of the consents you have. Record the following information: what the individual has consented to; what they were told at the time; and the method of consent.
Easy to withdraw: individuals should be easily able to withdraw their consent. Organisations must put in place simple and fast methods for withdrawing consent. Tell individuals about their right to withdraw consent.
No imbalance in the relationship: This point is less relevant for marketing but consent should be freely given and where this is a power imbalance between an organisation and an individual this will be hard to achieve. For example, the relationship between an employer and employee is an obvious power imbalance.
You can read the full draft article here.
Interestingly, GDPR applies to personal data, so technically if your database contains generic based email addresses, such as info@ or webmaster@ then you will still be able to contact freely. If the email address makes in individual personally identifiable, such as victoria@ or justin.credible@ then rules will apply.
How will GDPR affect postal marketing?
The implications of GDPR on postal marketing are somewhat less complicated. While you will need to act responsibly and check the Mail Preference Service (MPS) to ensure an individual has not opted-out of marketing material by post, you CAN send direct marketing by post to people on your database, unless they have specified they do not wish for you to do so.
How will this affect marketing trends?
There has already been a recent surge in postal Direct Mail marketing and it is thought that this is in anticipation of the forthcoming GDPR regulations. Business gurus are predicting a decrease in email marketing in favour of postal marketing as a result of these regulations.
Last year pub chain Wetherspoon made an epic decision to delete their entire email database of almost 700,000 subscribers. An email was sent to customers (copy below) in which they stated “Many companies use e-mail to promote themselves, but we don’t want to take this approach” “Our database of customers’ e-mail addresses, including yours, will be securely deleted”.
In reference to this move a spokesperson for the chain told “following our data breach in December 2015 we have been reviewing all the data we hold and looking to minimise.”
“We felt, on balance, that we would rather not hold even email addresses for customers. The less customer information we have, which now is almost none, then the less risk associated with data.”
Although not directly referenced, forthcoming GDPR regulations are almost certain to have had influence.
Could it be that they felt potential fall-out of getting email marketing wrong under GDPR would outweigh the benefits? Or perhaps just easier to delete and start from scratch than to clean up existing data?
It is thought that other major brands will follow in the footsteps of Weatherspoon, but don’t panic - email marketing will remain relevant. Be wise and clean your email marketing lists, ensure information adheres to the regulations and yes you’ll end up with a smaller list, but certainly a highly engaged (and highly converting) one – fantastic!
It’s going to be much trickier to expand your marketing list though, so to gain new business it does make sense to look at postal marketing as an option.
Any tips for Direct Mail?
We’ve been championing direct mail for many years now. The envelope is the first thing a customer sees and we’re pretty clued up about envelopes.
Here are a few top tips & facts that can help you get the most out of a direct mail campaign:
- A coloured envelope far more likely to be opened than a white one
- In split testing, we found that YELLOW ENVELOPES give the highest open rates
- A handwritten address and actual stamp (rather than a franked one) will improve open rates even further
For more direct mail tips? Be sure to follow us on Twitter
Want to try coloured envelopes for your direct marketing campaign? Click here to browse, or call 01273 486026 for some advice.