By 2018 businesses will be required to adhere to the new General Data Protection Regulation (GDPR) privacy rules. This means that both you and your supply partners need to understand the changes. You can expect to see enhanced rights for consumers, such as the right to be forgotten, and this means your procedures and processes for data management may have to adapt.
Luckily we’re here to help you identify the most important changes and give expert tips for your business to ensure full compliance.
The main shift is on the legal basis for businesses acquiring personal data. Businesses are no longer allowed to assume consent and instead must now obtain explicit permission from consumers. This means that data must be obtained with consent that can be proven and, more interestingly, is recent rather than a generic, one-off opt-in from a long time ago. Furthermore, your customers now have the ‘right to be forgotten’, meaning that data cannot be stored indefinitely without explicit agreement.
So these changes require businesses to;
In addition to this, businesses can now only market to consumers on the specific subject or activity that has been opted in to. This means that any messaging you send must directly relate to the area of interest the consumer has explicitly agreed to. If a business wishes to promote other solutions, products or activities it will be necessary to obtain further explicit permission from the consumer.
The new opt-in feature means that consumers can only choose one specific area of interest, so if your customers require permissions for a range of different business sections, you will require subsequent opt-ins for the relevant areas.
The opt-out processes must function within a tighter timeframe and across every aspect of your business, suppliers and partners.
You can no longer follow up confirmation emails to consumers with assumed email marketing. Any subscribers must have opted into specific campaigns, making preference centres a vital part of the new data collection process. This means future marketing campaigns can be increasingly personalised, and subscribers will have more freedom and choice to what marketing they receive.
Your existing lists may need amending, as only those who expressly opt-in can be marketed to
In this case, you will need to ask your current subscribers to opt-in. Telling your subscribers exactly what they are signing up for is important. This ‘provable’ and ‘recent’ consent is the significant change driven by the GDPR, so asking your existing list to opt-in ahead of everyone else will give you a better chance of success.
Adapting your existing website to attract more subscribers to opt-in lists, and update any post-purchase ‘Thank You’ pages or email automation messages is the easiest place to start. Preference centres will also play a crucial role in obtaining contact consent, which will help ensure the correct opt-in process and the longevity of your data.
A positive aspect of the coming changes is that data will be more personalised, more recent and therefore make consumers more engaged. With click-through rates in email marketing often at a low level, perhaps this coming shift in the privacy law balance will inject some creativity into content and subject lines.
We believe in simplicity. It’s proven to be beneficial. Especially in a complex world where new ideas need to be explained. That doesn’t mean we won’t work with clients who have complex offerings. We love the challenge of unpacking layers of complexity in order to communicate your offering in a memorable way. Like all these things, it starts with a conversation. So let’s talk.