In May 2018, the Data Protection Act will be replaced with a new EU law. Known as the general data protection regulation (GDPR), this legislation represents the most significant overhaul of data laws for more than 25 years.
All types of organisations will be affected by the change because it brings in new requirements for how personal data is processed and used. However, most notable are the implications of GDPR for businesses who rely on data to reach prospects and customers with their marketing messages. That’s all of us b2b marketers then!
With about 12 months until the legislation comes into effect, we’ve put together this brief guide to answer key questions around GDPR and to help you get ready for the changes.
What exactly is GDPR?
GDPR is basically an attempt to standardise data privacy laws across the EU. The 28 member states are currently permitted to apply different regulations in this area because they’re free to translate the EU’s overall goals at country level. GDPR will bring an end to this. It’s been a long time in the making – the European Commission took about four years to decide on the final wording, so data experts have been waiting with bated breath.
OK, so it’s nothing to do with PR?
No. But an easy mistake to make!
What about Brexit?
Even though GDPR is an EU law, the UK’s forthcoming withdrawal from the union will not mean that British companies can ignore the legislation. Given the lengthy Brexit negotiations that everyone is expecting, GDPR will come in long before the country actually leaves the EU and the Information Commissioner has already confirmed that the changes will apply anyway.
What’s all the fuss about GDPR and email marketing?
All marketers understand the power of good email marketing, but even we get frustrated when this medium is abused. An inbox full of unwanted and irrelevant messages is nobody’s idea of fun. GDPR will attempt to tackle the spam email epidemic by placing stricter rules on how email marketers seek, collect and record consent.
This is why email marketing experts have been out in force to speak about GDPR. It’s generally accepted that while businesses may have to revise their policies to ensure compliance, the legislation should also help marketers to build better quality lists that contain a higher proportion of genuine prospects. In the short-term, though, marketers may have to concede that growing their database at the same speed as previous years will be more challenging. But if you already follow email marketing best practice to the letter, as Superintendent Ted Hastings would say, then you shouldn’t need to change much at all.
What’s going to change with consent for emails?
Two particularly important parts of the legislation relate to collecting consent and opt-ins.
Firstly, the GDPR goes into detail about how organisations should go about receiving a person’s consent before they start sending them emails. To comply with the legislation, companies will need permission to contact a person that is “freely given, specific, informed and unambiguous”. As dotmailer’s James Koons told Litmus, this means that “silence, pre-ticked boxes and inactivity” will not be adequate indicators of consent under the new law.
The second change concerns being totally transparent with people about how you intend to use their data. GDPR states that a subscriber must be informed about your intentions and actively give you permission to use their email address in that way. If you obtain an email address via a white paper download, for example, you will need to be clear that you plan to use it for further marketing messages – and get consent in advance of follow-on communications.
Tim Roe, deliverability and compliance director at RedEye, explains a bit more: “GDPR demands that the recipient is provided with adequate information on how their data will be used. For example, if you intend to profile someone’s data to determine what offers they receive, you must now tell your customer that is how you intend to use the data and give them the opportunity to object.”
It’s worth mentioning that the penalties for falling foul of the new regulations are pretty tough as well. If you email someone without getting prior consent, you could be fined as much as €20 million or 4% of annual global turnover. So there’s when planning your marketing data strategy.
Does GDPR apply to b2b marketing?
There were some suggestions that GDPR would only apply to consumer data and therefore b2b marketers (contacting people with company email addresses) could be exempt. However, as the smart people over at Smart Insights have pointed out, this now seems unlikely.
It’s quite long and complicated, but basically another existing piece of legislation called the Privacy and Electronics Communications Regulations (PECR) had made it clear that b2b email marketers could use the ‘soft opt-out approach’ for subscribers i.e. they did not have to go to the same lengths to gain prior consent. However, it now looks like PECR is being reviewed by the EU and these regulations are highly likely to be brought in line with GDPR. So we b2b marketers are going to have to get our data houses in order too.
With 12 months to go until the changes come into force, there’s still plenty of time to prepare for GDPR. A thorough review of your existing email marketing procedures is a good place to start. If you need any help from the email experts at Upp B2B, just get in touch.