What did GDPR ever do for me?

If you work anywhere near email marketing in 2018, you’ll no doubt be familiar with these dreaded four-letters: GDPR.

Maybe you’ve heard them being whispered behind the office pot plant, head-scratched about in meetings, or even plain sobbed over into your lunch time meal deal.

But what actually is GDPR? And more importantly, why is everyone so stressed out about it?

What is GDPR?

GDPR stands for ‘EU General Data Protection Regulation’, and is a new piece of EU legislation that comes into force this May. The new regulation exists to give consumers more protection and, crucially, control over how their personal data is used.

As a marketer, GDPR means that you must start using consumers’ data differently, or your company could face fines of up to 4 percent of annual turnover (or 20 million euros, whichever figure is higher).

Think we might have just figured out why everyone is so stressed about GDPR?

But, truthfully, GDPR isn’t something to be scared of. As marketers, all we need to do to comply is understand how, and how not, to use consumers’ personal data when it comes to our campaigns.

And we really only need to worry about one thing above anything else: consent.

GDPR and Consent

GDPR’s legal mumbo-jumbo describes consent like this:

“Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

In short, in order to use someone’s data to market to them digitally, you need freely given, specific, informed and unambiguous consent by that someone to do so.

But it’s not as simple as just asking, there are a number of criteria that need to be filled in order for GDPR to be satisfied that this level of consent has been given.

So, how can you ensure that you are complying with GDPR’s definition of consent?

Luckily, the work has already been done for you. In order to ensure that your audience have given true consent, that consent must be:

• Active - users must actively choose to opt-in to communications, and not be automatically opted-in by default. Pre-ticked opt-in boxes are right out.

• Clear - say what you mean. Confusing double negatives and vagueness when asking for opt-ins are not allowed. E.g. Do not not tick here if you do not want to not receive emails…

• Documented - keep a record, guys. Of what each individual has consented to, what they were told, when they consented, how they consented. You get the picture.

• Easy to withdraw - It should be as easy to withdraw consent as it was to give it. Better make that unsubscribe option clear to see.

• Granular - how many platforms are you going to use to do your marketing? You need consent for each different one. Email? Text? Post? Each option needs to be consented to specifically.

• Named - Which third parties will be using this data? Every party must be explicitly named, to ensure that the user specifically consents to each one. Nobody likes signing up to one email list and unwittingly giving away their empty inbox for life.

• Unbundled - your requests for consent must be separate from your other terms and conditions, and consent can’t be a precondition of signing up for a service, unless of course it is strictly necessary.

If you’re not already fulfilling these criteria (or you’re using historic data that wasn’t obtained under these criteria), you’re going to be looking at running a re-permission campaign to make sure that your mailing lists comply with GDPR. Here’s why that’s a good thing.

What can GDPR do for me?

Look, mailing your whole database and asking them to re-opt-in to your communications under GDPR’s criteria is almost certain to reduce the size of your mailing list. A lot. In fact, some sources claim that up to 75% of marketing data could be made obsolete this May.

But don’t despair, this needn’t mean the end of your email marketing strategy.

Think about it, the best open rates in the biz still struggle to break 50%. Even in the best cases, at least half of your list won’t be opening your communications. A big list does not automatically equate to high engagement.

Sure, you may lose an amount of consumer data from your list after your re-permission campaign, but the people who stay and actively opt-in are shouting from the rooftops that they are highly engaged.

And what do highly engaged subscribers do? Open emails, click-through from emails, engage with you, and ultimately, spend money with you.

Providing you run a half-decent re-permission campaign, post-GDPR you can look forward to a much more engaged and responsive audience, simply because these are the people who want to hear from you! Think of it this way, and GDPR doesn’t have to be a headache, and you can stop crying into your meal deal.

Oh, and beyond all this - this change in the way we use consumers’ personal data is a chance to be a more responsible marketer. Because let’s face it, we all hate receiving emails we don’t want or need, and this is a chance for all of us to contribute to a friendlier, more ethical way of marketing. And that can only be a good thing.