Navigating through GDPR & what it really means for email marketing

Published 20 th May 2020

Navigating through GDPR & what it really means for email marketing

LinkedIn was a fairly terrible place to be in the months leading up to May 25th 2018. Every other post was written and shared by newly found and self-certified GDPR experts, and most of it was mis-leading at best.

We finish this series of blogs on conventional wisdom gone wrong in email marketing with this because its perhaps the most classic case out of conventional wisdom being developed that was plain wrong.

So, what was said relevant to email marketers?

The 2 key topics that caused most pain:

1) Opt-in’s – Death of the pre-ticked box

Advice was given by Mr GDPR Expert that no longer can you have a box pre-ticked saying ‘Sign me up to emails’. The perceived impact of this would be opt-in rate of customers when ordering falling from maybe 75% to 25%. If you did not comply then the Information Commissioner was going to come in and slap a fine worth 4% of turnover on you.

But to understand why that was wrong we need to go back a few steps and understand GDPR.

GDPR is not just about marketing permissions but broadly how businesses should deal with personal data – namely the processing of personal data.

There are various justifications within GDPR for processing an individual’s personal data. One of which is their consent. And it’s true when using consent as your legal justification for processing the data you can’t write misleading statements or trick people into giving consent. The consent must be affirmative – E.G. They must take positive action so a tick box or similar they had to tick would be required.

But consent isn’t the only justification for processing data. Another would be the ‘Legitimate interests’ of the brand. And some of the examples given within the GDPR guidance for what this could fall under this included Direct Marketing.

Consent for electronic marketing is covered by a difference piece of legislation in the UK – The Privacy and Electronic Communications Regulations (PECR).

This is not new and has been around for a long time. (Equivalent legislation exists for each EU Member State such as in Germany there is an Unfair Competition Act that covers this)

PECR states that a soft opt-in is acceptable for customers whose details you captured during a sale (or the course of negotiations for a sale). A soft opt-in is where you give customers the ability to opt-out – For example, a pre-ticked box!

So, nothing had really changed. You use legitimate interests as the justification for processing/storing the customer data for GDPR, yet some poor souls reworked their entire checkout to change the soft opt-in to one where a tick was required. Others seemed badly advised when their newsletter signup forms which are clearly titled ‘Sign-up to our newsletter’ had a tick box added that had to be ticked after entering the email address. Clearly this is stupid as affirmative consent is being given when you fill in a form with one purpose to register for emails.

Oh and the 4% fines? Yes, they may well happen but not for this sort of breach. The 4% fine is aimed more at certain serious and serial offenders such as those who have suffered numerous data breaches and handled them badly. Yahoo and TalkTalk being 2 examples, Facebook might well be another in the future where the fines were so limited at the time of the offences they could be seen as an acceptable cost for bad data privacy practices.

Re-permission Campaigns

The other big story was that email database you have built up over the last 10 years could not be used after May 25th. Well not unless you asked each individual customer whether you can have their permission again.

The idea behind this was you could not keep data that was captured using permission that did not comply with the new rules.

But as we have examined in nearly all cases that simply has not changed.

There was also the idea that unless you had precise records of time and date, IP address and screenshots of the consent you could not use it. Again, I refer to under GDPR it’s legitimate interests, not consent you need to worry about. PECR handles consent.

Why so many marketers got it wrong comes from the fact that so many respected professions also got it wrong. ESP’s were giving advice that would not only cut your list size but also their revenues as their clients had less emails to send. Corporate lawyers gave (expensive and incorrect) advice that you were doomed unless you obey – and lawyers they know the law right? If they don’t who does?

So, it’s no surprise clients reacted in the way they did. And this proves my point about conventional wisdom across all aspects of email marketing.

You should not rely on others to make judgements for you unless you want the risk of doing the wrong thing. It is our job to do our own deep thinking to challenge ideas, find your own solutions to problems. Challenging conventional wisdom leads to greater innovation, better understanding of your problems and become better marketers.

shares