Editor's Note: The following is a guest from Sarah Taylor, CMO at SmartFocus, the provider of Message Cloud.
The clock is ticking loudly as marketers count down to May 25 — the introduction of the General Data Protection Regulation, or GDPR. For companies that operate in European markets or that have actual or potential customers within those countries — even if physical operations take place in the U.S. — strict compliance with GDPR is mandatory. That's because this legislation has teeth, with steep penalties for failing to meet compliance standards, including losing 4% of global annual revenue or up to €20 million (nearly $24.7 million), depending on which figure is higher.
GDPR is the EU's attempt to give consumers back control of their online data and compel businesses to keep that data safe. One of the most important aspects of GDPR is a radical revision of what constitutes personal data and how to obtain consent for its use. Under GDPR, organizations must obtain verifiable consent that is explicit, informed and freely given.
What does this mean for marketers? Lazily blasting out messages to all will be officially over. Under GDPR, every marketer will need to justify why they are holding each piece of personal information and the legal basis on which it's being used for marketing. Thankfully, that means some marketing practices will develop and thrive with the blessing of the recipient and some will perish.
Here are six email marketing tactics that will die off or radically transform under GDPR.
1.) End of a (third) party
GDPR has huge implications for lead-generation and third-party lists providers. Any organization working with a third party to gather contact details for future communications is going to have to make sure such lists are GDPR compliant. Buying personal data of any kind is going to become far more risky to a company's brand image because it relies on that third-party list provider, rather than the organization itself, to ensure lists are fully compliant.
As a result, expect there to be a shake up in the third-party data provider market. And, if you're using third-party lists, take a good, thorough look to confirm they comply. Check to see what certifications they have now and evaluate their roadmap for the future. Since compliance means being able to retrieve, pseudonymize and delete user data, make sure they provide you with the tools to do so. Lastly, when it comes to existing lists, if you can't show someone has given consent to be contacted, it's imperative that you 'repermission' that list now.
2.) Just unsubscribe me already!
Everyone has experienced sites and email newsletters that go through the motions offering an unsubscribe button that does everything but actually give control over an unwanted subscription. Invitations to log-ins follow an attempt to part ways, even though you can never remember signing up. Sometimes the communications you are trying to stop have come through mission creep as sister companies have shared lists but not a common unsubscribe feature.
This comes to an end under GDPR. Customers must be provided with a simple and clearly-stated means of declining consent they may have previously given, and any attempt to sign up a new customer must be specific about partners their information will be shared with.
3.) Leave the legal gobbledygook at the door
GDPR is very clear on two things around permissions: No more slipping in a sneaky assumed consent line in the middle of a 10-page privacy notice which the brand knows nobody is going to read; and, when you're asking for something, it's got to spelled out clearly in plain language.
Consent notices need to be distinct and offer an easy-to-understand description of who the brand is and what it wants to collect, what it wants to use the collected data for and with whom it may share it. The "I have read the terms and conditions" boxes won't go anywhere; they will still be ticked by people who should have read them but didn't. However, hiding a bunch of assumed marketing privileges will go away. Brands will need to be out in the open, providing unticked boxes that ask for a range of clearly stated permissions in simple language.
4.) Pre-ticked boxes banished
Nobody will hold a minute's silence for the death of the pre-ticked consent box. Consumers have always been wise to the trick and marketing organizations have advised against their use. However, in the new age of GDPR, pre-ticked consent boxes are no more.
Responsible marketers and consumers will be glad for it. They will also take pleasure in waving goodbye to those terrible paragraphs which change assumptions and use double negatives so people have to think long to realize a tick is "yes" in one question but a "no" in another.
5.) Farewell, conference goldfish bowls for prize drawings
This tactic has been the mainstay of conference tradeshow booths for decades. Drop a business card into the bowl for a chance to win a prize. While most people accept the fact that dropping their card in the bowl will likely result in a follow-up call or series of emails from a sales or marketing contact, this doesn't qualify as consent under GDPR.
For consent to be considered valid, it must be a freely given, specific, informed and unambiguous indication of the data subject's wishes. In other words, it cannot be induced or assumed and if you run a drawing, the prize has to be available to all.
A more direct and thorough approach for conference prize drawings makes more sense, such as requesting recipients register information and grant consent via digital collection on a mobile device or kiosk at the booth. An unticked box demanding positive action to opt in, along with a reassuring message about personal data privacy and an easy link to the competition T&Cs will become best practice. Goldfish bowls and upturned bowler hats collecting business cards for loosely defined prize drawings will be consigned to history.
6.) Assumed opt-in will be gone forever
Speaking of conferences and events, everyone has had that moment where their badge gets "zapped" by a scanner pen while approaching a booth to pick up a mint or branded memory stick. In fact, many may well have been summoned to the stall through an email revealing a brand is already aware of their attendance and would love to have a chat at "Booth X."
Conference organizers often, quite reasonably, ''zap" a badge to keep a tab on numbers and to message attendees for feedback on the quality of the speakers and the relevance of the subject matter. However, these organizers are now going to have to secure explicit consent from attendees to allow their data to be shared with sponsors and speakers.
Assumed opt-in will be a thing of the past. The people emerging from the shadows to scan a badge at a conference booth will either have to gain explicit consent for further contact or rely on it having already been obtained by the organizer.
GDPR's silver lining
No industry is ever going to instantly respond favorably to a new set of regulations, especially those as significant as something like GDPR. It's natural that the laws will be at first viewed as an extra compliance hurdle; however, there is a positive side. Improved regulation that offers more control to customers over who can contact them and for what purpose can only lead to better relationships.
GDPR is an opportunity to reset these relationships based on freely-given, informed consent that will eventually result in improved trust between a marketing department and its prospects and customers. From a brand standpoint, this is a valuable exercise. Lists will be more accurate and qualified, enabling marketers to tailor campaigns based on highly defined segments to engage the right customers, with the right message, at the right time. Doing so will develop trust, influence purchases and ultimately drive revenue for businesses.