Antony Humphreys, key account manager, email marketing services specialist, Adestra, discusses how the UK leaving the EU will affect data regulations.
How will the UK leaving the EU affect the marketing teams in the UK?
I asked this specifically at a recent DMA event, and the answer is that because the EU GDPR is for anyone using data with Europe, we all need to comply with it whether we’re in or out. What plagues consumers is the amount of spam, and how they have no control over it. It’s difficult to prevent African scammers offering you too-good-to-be-true investment opportunities, or even phishing emails pretending to be your bank – and where these originate outside of Europe, we have no control. However, the GDPR has provision for dealing with companies outside of the EU – and can even pursue them through international courts. So if the UK wants to continue to trade with the EU then UK data protection would have to be effectively the same as EU data protection framework.
With Brexit we have to negotiate to stay in the trading bloc. One reason we have got GDPR is that there were different rules within different member states. GDPR controls data privacy and consumers’ right to privacy, protecting against the use of data and profiling unless they have given express permission to do so.
GDPR also defines consent. In the past, we assumed if a visitor to your event stand dropped a card in a goldfish bowl to enter a prize draw, it’s ok to contact them. But have marketers been given express permission to contact them? New rules say not.
If we want to continue to trade with the rest of the EU we must meet all the regulations of the GDPR. Don’t forget, the UK had a lot of input into setting up GDPR – let’s not complain about it! It’s a good ethical process that ultimately helps consumers and marketers alike.
What will marketers need to do in order to adapt?
The key consideration here is around consent. The new rules mean consumers need to give consent for their ‘personal data’ (ie a record identifying a legitimate living person) to be used by marketing teams to email their offers/products/services. So this will change how marketers communicate. It’s not such a big change for B2C marketers, although they will need permission to profile their consumer data, such as cookie data and user behaviour. They are under pressure to be more targeted, but need permission before they can do so, so it’s a catch 22. The challenge is getting the right permission from the right people. Consumers giving permission to email them is very different from them giving permission to send targeted content.
With B2B lists, things are tightening up around consent and proof of consent. The official GDPR definition of consent is complex: “any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed”. This means that, using the event stand analogy again, the sales guy that takes your business card to send you more information needs to prove permission is given. So he needs to keep your business card/or scan it for future reference. In future, you will see companies using a sign-up process on a stand to get the right consent there and then – using an iPad with clear opt-in options. They will create a CRM event to show the leads captured with clear records to enable an audit trail. They can then use this to prove to ICO, if they need to, a clear comms trail down to the contact level. E.g. This person filled in a form at this event, then signed up to this, clicked this submit button, which triggered an email confirmation, and he clicked here to confirm (this double opt-in method is recommended best practice).
Another challenge for B2B marketers is re-permissioning lists. Where you have contacts downloading whitepapers have they given consent to contact them? No, not explicitly. Just because they didn’t say stop, this is not the same as (or as good as) saying continue emailing me. Over the next few years, before the regs come into law in 2018, we will see lots of re-permissioning type campaigns to establish clear consent. These could be dressed up as a personalised email asking if you want to continue receiving information on various topics, which will also improve relevancy for future communications.
Companies need to work this into their budget this year or next year – especially as it impacts CRM systems in how they gather permissions. Don’t leave it until it’s too late – 2018 is the final date – but do plan and start putting it into action now.
What is your top tip for marketers now that the UK will be leaving the EU?
Keep calm and carry on. If you are already compliant with the Data Protection Act 1998, you haven’t got a lot to worry about. To help prepare for the GDPR, the ICO recently issued 12 steps to take now.
Email marketers – check permissions. Ask these key questions: What are the data sources? How have they been verified? Did you give us permission to email you? Can we prove it?
Lastly, just because email is cheap, don’t forget to follow the fundamental marketing rules – better targeting means improved relevancy and engagement. The best bet is to get back to ethical marketing, where consumers have given clear permission, and they get the content they want. Simple.