In our previous article, we took an in-depth look at the implications of the new data protection laws in relation to eCommerce and web-based businesses that collect, store, and utilise personal data. In the following article, we aim to address some of the potential issues that may be specific to bulk/email marketing, text loops, and online list subscriptions.
From text loops and email lists to bulk mailing and online subscriptions, automated sending methods continue to play a leading role in digital marketing. With the compliance date for the new European General Data Protection regulations looming closer, businesses that use any of the above need to ensure that they have done everything necessary to comply with them.
The aim of the following article is to examine how such marketing strategies operate, and how they will be able to adapt to the new regulations that come in to force on May 25th, 2018. From how data is collected and held to what your business does with it, every aspect of your email or text campaign is likely to be affected.
When the internet started taking off a few decades back, internet marketers thought that they had died and gone to digital heaven. Through the introduction of some often dubious email harvesting software programs, bought lists, and bulk mailing platforms, a bulk email marketing was born. Within a few short years, no email inbox was safe from the ever-increasing proliferation of digital junk mail. Now, our mobile devices are filling up with helpful text messages advising us of bargains, offers, and the best brands to buy.
In no time at all the anti-spam laws came into force and despite the few digital outlaws that still choose to operate under the radar, filters and software have virtually done away with the electronic epidemic. Alongside a variety of country-specific anti-spam laws, the EU has had its own spam rules in place for all member states for some years now. The new European General Data Protection Regulations (GDPR), however, provide greater levels of protection for the individual and places increased responsibility on the email marketers and text senders.
From simple list building and web-based subscriptions to third-party clients, bulk emailing, and texts, many businesses use email or texts as a major component in their marketing campaigns. If your business uses or intends to use any of the above-mentioned methods of marketing, you need to be aware of exactly how the new rules will affect your operations.
Business owners will be held fully responsible for ensuring that anyone who subscribes to one of their marketing campaigns or subscriber lists do so in the full knowledge of what they are opting into. A tick in a box or simple email verification may no longer be sufficient. In the event of a data breach or alleged non-compliance, it will be the business owners responsibility to prove beyond any reasonable doubt that the data subject (the client) was fully informed.
Part of this opt-in verification process must include clear documented proof that the person opted in with a full understanding of what they were signing up to.
Another area that focuses strongly on the rights of the individual is that of data collection and how data subjects are to be informed concerning the uses that their collected data will be put to. Once an individual (data subject)has consented to how data is used it cannot be put to another use without gaining further consent.
Along with these clearly marked responsibilities comes the requirement for businesses to ensure that those subscribing are, in fact, “adequately informed” concerning the use of their data. It doesn’t end there either. From May 25th, 2018, data subjects will be able to request removals, access their data, and report any alleged data privacy breaches.
For businesses that use email or phone number lists and carry out bulk marketing, there are further responsibilities in the area of record keeping. These relate in the main to recording those all-important consents that email marketers must gain from their clients. The bottom line is that if your business is unable to provide such records it may find itself in a position of non-compliance with the new regulations.
The upshot of these new recordkeeping requirements is that email marketers and list builders will need to store consent forms. One solution to this issue would be the use of software that takes needed data of the opt-in form and stores it.
One thing is certain, however, and that is that email and texting marketers will need to evolve with the new regulations and that is likely to include updating or even replacing some existing systems. Another certainty that is well worth bearing in mind is that there will be no allowances for the data your system captured before the new GDPR comes into effect. This means that any existing clients or subscribers will need to be brought up to date in terms of opt-in and advisement concerning the use of their data.
Despite the new European Data Protection laws being among the toughest in the world, it is unlikely that email marketers would consider blocking EU traffic or indeed opt out altogether. The European market has a huge potential value to such businesses even though compliance may present some challenges. Therefore, jettisoning what could potentially be a large number of subscribers doesn’t look like an option at all for any astute business owner.
Though it may take some time and effort to upgrade, migrate, or totally replace your emailing or text list building system, full GPDR compliance is, in most cases, the way to go. The really good news is that thanks to the new European regulations being the strictest in the world, complying with them is likely to mean that you automatically comply with the rest of the worlds too.
A quick internet search for “email programs that comply with GDPR” will render a plethora of ads for emailing systems at a range of prices. Due diligence and a cautionary “look before the leap” would be advised unless they come with good authority. The really positive news is that the foundations that you lay in your email marketing campaigns now will go on paying dividends for a long time into the future. The new regulations aren’t going away anytime soon and that means business have to adapt if they want to stay in the game.
While there may be incalculable costs in terms of the man hours some business will need to spend in upgrading their systems and purchasing new software, the alternative could be potentially far more costly. With figures in the region of 4 million Euros or 4% of an annual turnover (whichever is the greater) being banded around, none conformity penalties don’t really bear thinking about. As with any business decision, owners will need to do the math before deciding whether email marketing will remain viable for them after complying with the GDPR.
While many reputable third-party mailing services will be anxious to comply with the new regulations, business operators and list owners will ultimately remain responsible for their own lists. Logic would, therefore, suggest that any actions that may result from data breaches or a failure to acquire fully documented opt-in consent, would most likely fall into the lap of the business owner. Bearing this in mind, email marketers and other businesses that use automated third-party systems would do well to check the small print on their agreements.
Ultimately, the buck stops with the business owner and that means that it is their responsibility to ensure that they are fully compliant even if operating through a third-party emailing client. The email marketing and text list building aspects of internet marketing have survived more than their fair share of shakedowns over the years and they still continue to thrive. They also look set to surmount the challenges that the new GDPR presents and there is optimism that it will emerge from them with increased kudos in the eyes of those who receive marketing emails.
If your business uses email or text list building as a part of its marketing strategy, then at least some of the topics discussed in this article may be of practical use. Our express aim is that you may be able to take at least something away and disregard the parts that are not applicable to your specific business operations.
This is our third article in a series of 5 covering different aspects of the new GDPR and how they might affect your business. In our next article, we will take a look at how the new regulations are likely to affect businesses that work with third-party websites.
We will also discuss where the differing data responsibilities lie and discuss some solutions for solving any issues that are likely to arise through data sharing with such third party clients.