With the GDPR compliance deadline less than 2 months away, many email marketers have more questions than answers about this loaded topic. That’s why we’re giving EiQ attendees the chance to learn and directly ask questions about GDPR.
During lunch at EiQ, we’ll have several tables with different email topics on them. Attendees can join informal discussions about the topics that pique their interest.
Leading the GDPR table is Jodi Daniels, an online data strategy and privacy expert with more than 19 years experience in privacy, marketing, strategy, and finance roles. Jodi is the Founder of Red Clover Advisors, where she assists companies at all stages of privacy maturity with GDPR compliance, operationalizing privacy, digital governance and online data strategy.
We’re changing up this week’s EiQ spotlight with a dedicated GDPR Q+A featuring Jodi. Read on to get the lowdown on what it is, why it will affect almost all email marketers and more.
What is GDPR?
GDPR, or the European General Data Protection Regulation, is a privacy regulation that sets a new high bar for how EU customers will expect their data to be treated by companies. This regulation goes into effect May 25, 2018.
Why should marketers in the United States care about this new regulation?
While you may think that GDPR doesn’t apply to you as a marketer in the United States, a common misconception is that this only applies to companies located in the EU.
GDPR is applicable to all businesses that hold and process data collected in the EU, regardless if the company is located outside the EU. The regulation also applies to data already collected. Case in point: If data collected does not meet the GDPR requirements, it cannot be processed.
When it comes to email marketing, companies need to comply with both the ePrivacy Directive (also known as Privacy Electronic Communication Regulation) and GDPR. GDPR covers the processing of data. ePrivacy Directive talks about what is required to send electronic marketing messages. You have to meet the GDPR lawful basis to be able to send the marketing messages. Finally it is important to know that there are differences whether you are engaging in B2B or B2C email marketing.
What Data Can Companies Use?
GDPR allows companies to store and process personal data under six conditions with legitimate interest (like fulfilling a contract or service), or individual consent, the former of which is the most common that companies will rely upon.
Many companies will want to rely on legitimate interests to send B2B emails. There is a balancing test that needs to take place to ensure that the material being sent will be valuable to the end user and proportionate to the type of data being used. This means some cold prospect emails may be qualified to send while others may not.
GDPR will also require companies to scrub lists often to ensure that the recipients are still interested in your content.
What are the consent requirements?
To market to consumers, you will most likely rely on consent. There are some exceptions if the consumer is an existing customer. If relying on consent, there are specific requirements that need to be met. These requirements must also be tracked as evidence.
They include: an explicit opt-in without a pre-ticked box that is not a condition of signing up for the service and is separate from the terms; an accurate privacy notice; and an easy-to-understand description of the specific use case broken down by type (such as advertising/analytics cookies or receiving marketing emails about your company’s latest products).
For all marketing messages received, the user needs to be able to easily withdraw consent at any time.
How will GDPR affect users’ individual rights?
Under GDPR, users (B2B and B2C) have a number of individual rights such as they can request that their information be deleted from a system. This is not just opt-out. This means the user must be be deleted from the CRM, email systems, excel sheets and any information shared with a vendor. Companies need to know where all their data is to be able to meet this request.
How Can Marketers Prepare for GDPR?
There’s no doubt about it: GDPR will affect marketing practices, website and product design, and even how data privacy and security is handled within a company.
To get started, use these 5 simple questions to get started on your GDPR email marketing preparations for your company:
1. Do you send B2B or B2C emails?
2. Do you send emails to existing customers or to prospects?
3. What lawful basis can you rely on and do you have evidence to support it?
a. Consent (opting in) – do you meet all the requirements today? Review all landing pages with these opt-ins.
b.Legitimate Basis – can you meet the balancing test?
4. How often do you scrub your customer lists?
5. Do you have the proper opt-outs in all emails and can you delete a user from the CRM, email systems and all vendors if requested?
Many companies are gearing up for a re-permissioning campaign. You will want to ensure that you have all opt-outs scrubbed before sending out such a campaign and that the campaign meets the new GDPR requirements.
Have some specific GDPR questions? Or just want chat with other digital marketers about it? Stop by Jodi’s table at EiQ for an informal conversation over some yummy Georgia lunch. You can also visit www.redcloveradvisors.com and look out for our upcoming webinar on GDPR with Jodi next month.