Canada’s Anti-Spam Legislation (CASL) and Australia’s Anti-Spam Act have already been enacted in those countries, but the biggest change is yet to come. In 2018, the European Union’s General Data Protection Regulation (GDPR) will have wide-ranging implications for all marketers, but will especially affect email marketers.
Navigating this new environment means email marketers need to reevaluate their existing data standards and adopt new ones.
Best Practices To GDPR Compliance
For companies still coming to grips with GDPR, Jon Russo, founder of B2B Fusion, recommends the following best practices:
Appoint a ‘data czar’ who owns all aspects of data but isn’t the one doing the hands-on, day-to-day work.
Conduct or have a third-party conduct a “data health check” on governance and data quality. “This will help illuminate all issues related to data and improve sales/marketing productivity,” Russo said.
Talk to partners that have configured complex preference centers, double opt-in email policies and set up segmented lists to avoid improperly emailing segments that would be covered by GDPR.
The GDPR has similar restrictions about email messages as well, but the law affects many more people — 750 million versus about 60 million for the combined populations of Canada and Australia. Neither soft opt-in or soft opt-out options are allowed. These restrictions are much more stringent that those set forth by the U.S.’s 2003 CAN-SPAM Act, which does not require that emailers permission before they send their emails.
For multinationals, a major hitch is that if a company already has a customer’s data, it will have to dump it unless it can show a “permission chain.” Peter Milla, a privacy/data protection consultant who works with Cint, said that some companies may have to dispose of as much as two-thirds of their CRM data.
The consequences of running afoul of GDPR are considerable and top out at 4% of global annual turnover for the previous year or €20 million (about US$23 million), whichever comes first.
Preparing For Compliance
While GDPR isset to take effect in May 2018, many companies are still in the process of formulating a GDPR response. A survey released in June found 61% of companies hadn’t started GDPR implementation, despite the fact that another survey from PwC found that such compliance was a top priority for 92% of companies.
David Fowler, Chief Privacy and Delivery Officer for Act-On Software, said he started GDPR compliance efforts 18 months ago. Still, he’s not sure the company will be completely compliant in April 2018. “It’s a really big ask,” he said. “There are 99 articles in the GDPR and 177 recitals based on the articles themselves. I couldn’t sit here and say we’re 100% compliant because we’re probably not.” Fowler said that GDPR has sparked a conversation in the industry about how to “do the right thing in the digital marketplace.” He said one of the chief difficulties of complying with GDPR is getting accurate information about what companies need to do. The problem is there’s too much information, rather than too little, he said.
For instance, Fowler said it’s unclear how the GDPR’s “Right to Be Forgotten” is going to work in practice. That ruling, set forth by the European Court of Justice in 2015, gives citizens the right to petition search engines to take down old internet posts that are defamatory or inaccurate and the search engines have to comply. “How do you erase data across multiple entities across organizations?” Fowler asked. “I think a lot of companies are figuring out how that’s going to work.”
Some are further along than others. Peter Bell, Senior Director of Product Marketing at Marketo, said that his company will be compliant when GDPR goes into effect “and Marketo’s services already include the functionality necessary for our customers to comply with the GDPR’s consent requirement.”
Different Regions, Different Strategies
GDPR affects all the EU and supersedes previous directives that just affected specific countries, like the German Data Protection Act.
That said, Fowler noted that the EU isn’t a monolithic body and each of the EU’s 28 countries are handling GDPR compliance outreach differently. “We’ve been paying close attention to the information commissioner’s office for the UK [for example] and they’ve done a tremendous amount of outreach,” he said.
But such outreach varies by country. Cint’s Milla, for instance, said that he would expect Germany to be much more rigorous about enforcement than, say, Italy. “In Southern European style, they don’t go looking for trouble,” he said.
Lacking a country-specific strategy, one approach is to adopt a template for Europe as a whole. Nate Skinner, VP of Marketing for Salesforce Pardot, said GDPR will prompt marketers to be more strategic about their communications and earn their right to keep communicating with customers. For instance, he recommends delivering emails with personalized headlines that will deliver offers that meet users’ interests.
“This will have the dual effect of letting users know it’s an ad, while also giving them dynamic offers based on their interests,” said Skinner. Another tactic is to give users the opportunity to opt out of specific offers but still receive ones that they’re interested in. “Be creative and helpful to users so that they have a positive experience with your brand,” he said.
Skinner said that rather than showing opt-in language and checkboxes on every form globally, email marketers should deliver the opt-in messaging dynamically based on the user’s location. “This creates a more streamlined experience for the user and keeps your forms as short as possible,” he said.
To be on the safe side, some, like MailJet, a Paris-based email service provider, suggest using a double opt-in (in which the recipient confirms her email address) as a default.
The enormity of GDPR can make starting a compliance effort difficult. Milla said that the first thing that companies need to do is familiarize themselves with the facts of the regulation. The most salient fact is that it applies to anyone operating in the EU. Looking at GDPR in broad strokes, the biggest change is that consumers have more control over their personal data and the onus is on businesses to get consent before carrying out an email-based conversation with them.
“They need to update their privacy policies and be aware of the fines,” Milla said. “For the ad agency I work with, a €20 million [US$24 million] fine would have a dramatic impact on their business. For some, it would mean closing down.”
As the deadline looms, another option is to use ready-made solutions from tech and service providers. Automated Intelligence, for instance, recently raised £1.5 million (US$2 million) on the promise that its software will automatically enforce GDPR compliance. IBM has also introduced an anti-data breach feature, Pervasive Encryption, that will help organizations comply with GDPR. OneTrust and TrustArc also market compliance tools.
Milla said such solutions are good for large companies (those with 500 or more employees), but won’t make your problem automatically go away. “The issue with tools is if you’re going to make the investment, they aren’t cheap and they still require you to the build the knowledge,” said Milla. “Anyone who tells you, ‘Use this tool, it’s everything’ — that’s disingenuous.”
Join us here at Practice Builder Publishing and become a part of the community, whether you become a contributing author, a peer recruiter, or merely a raving devotee of the Practice Builder Publishing resources, I'll work with you personally so you can reach the goals you set.
Best to you and yours,
P.S. Think I'm full of B.S.? Maybe you ought to let me know what you think. Plop your comments in the section down below the related articles and let me know what you think.!
P.P.S. Got questions about products and services I talk about, the terms of service, privacy nd all that stuff related to Practice Builder Publishing? Click Here to read the fine print.
Share your experiences, and pick our brains.
Get GREAT Results - Fast!
I would love to see you become a part of the Practice Builder Publishing, and work with you personally to reach maximum profit potential this year! Nothing I teach or help you with damage your credibility. It will simply get you more clients and help you make more money.
If you stop searching for the next magic trick, the perfect software, the "shiny object" that's going to do all the work for you (note: it doesn't exist)- and just focus on building & serving your market - you'll actually start seeing GREAT results. FAST.
On the Practice Builder Publishing site, I teach everything I have learned over the years, and how you can use it effectively and efficiently. One of the coursesI teach is the "Absolute Beginners Guide To Starting And Building Your Own Accounting Practice When You Are Flat Broke" training course, and it's only $27.
To get started building your practice, and building it FAST, all you have to do is click this link below. Click the button below and order now!