Recently, we completed a contract to deliver a series of Technology for Business Growth workshops for Superfast Business Cornwall. Previously, the elements on Data Protection would be relatively short and simple. However, with the new General Data Protection Regulation (GDPR) coming into force on 25th May 2018, the impact of these new rules caused a degree of concern amongst the attendees.
Data protection regulations have always focused on the security and storage of customer data and the demands have become more stringent. It is hard to argue against the rules on using and storing data, as ultimately, they are designed to protect the consumer and deter spam and abusers of the ease of mass communication through digital channels. The Information Commissioners Office (IPO) have used the law to prosecute businesses in breach of the previous regulations, albeit almost exclusively against large corporate businesses, rather than the small business.
However, the GDPR will impact on every business as the penalties for direct marketing, which usually means email marketing, are severe. We have read many summaries of the new regulations and they are complex and as expected are written with an amount of legal speak. In this blog, we will highlight in plain language what the two high impact implications you need to consider ahead of the May 2018 enforcement, if you send emails to customers.
1 – No consent? No email.
The new regulations state that opt-in consent must be “freely given, specific, informed and unambiguous” to be compliant. The need for consent has always been best practice and assumed to be adopted by businesses. However, in our experience, many businesses interpret consent loosely and either purchase data lists or communicate freely via MailChimp (or other packages) with their contacts. In most cases there is no evidence of specific consent. Of course, very few people complain or unsubscribe from email communication in reality. But the new regulations have moved from assumptive positions on consent to unambiguous evidence-based permission.
2 – No purpose? No email.
In addition, there is now no room for ambiguity when it comes to explaining to customers how their data will be used. During the sign-up process you must be clear which business will be using the data and provide adequate information on how their data will be used. In broad terms these requirements seem little different to the best practice adopted by most email marketing businesses. However, the general view is that the regulations are making deeper demands, requiring contacts to consent to specific usage rather than general communication. Your future subscribers will be consenting to contact about particular products or services, not general business communication.
Those two requirements will have a seismic impact on the email marketing industry. The GDPR does not excuse data collected prior to May 2018, it is retrospective. This means that your email lists must now be reassessed and if without consent/specific purpose, could possibly need to be deleted. As with all new regulations, it is unclear exactly what the tolerance of enforcement will be and we are certainly not suggesting that you immediately delete your marketing lists, which will have almost certainly been created with no small amount of effort and expense.
However, in our view, you should at least seek advice at a specialist workshop, delivered by a legal professional. This subject is heating up now and there is no shortage of such seminars available, often free to attend. If you must cleanse your existing data, that is going to take time as you will need to take steps to ensure compliance.
The penalties of failing to do so are severe, with fines of up to 4% of annual turnover or 20 million Euros. It is our view that the Information Commissioners Office (IPO) will still focus on the largest abusers of email marketing. However, in terms of best practice and compliance, this cannot be ignored by any business, regardless of size. Besides, there is an upside to this process. Creating a smaller more relevant list of target contacts, who want to hear from you, will create higher conversion rates and happier customers.
In terms of the wider impact, organisations like MailChimp must surely suffer as we would expect their list sizes to fall significantly. It would not surprise us to see a change to their pricing structure.
If you would like further information, please call Business Think on 01288 354228 or email us.