The PactSafe Blog: Making business happen faster

In our GDPR series, we’ve broken down how May’s GDPR will affect marketers, identifying how the use of chatbots will change, as well as why double opt-in isn’t the end-all-be-all for compliance. When the GDPR comes into effect on May 25, 2018, marketers will need to be prepared to prove consent for capturing and using user data across all of their marketing channels. Not only that, but businesses will be required to provide the option for users to revoke consent (and track it, too.)

There are tools built for this purpose, solving marketers’ dilemma of capturing and managing consent. It sounds like a daunting task to figure out how to manage every single data point in a user’s journey, especially from CRM activities like nurture campaigns and newsletters. Email marketing strategies must be altered to be GDPR compliant, but it doesn’t have to be a burden.

Here’s how the GDPR will affect email marketing and what marketers must do to remain compliant.

Don’t Toss Your Subscribers Under Every List—Unless You Have Explicit Consent

The main thing marketers need to know about GDPR is consent. If a business has several different email newsletters on a wide array of topics, it must have consent for each email list they add a subscriber to.

What you need to do: Create a form or portal that lets users manage exactly what they want to subscribe to and update frequently. We’ve discussed how Twitter provides this for its users, but lacks the option for users to revoke consent, which is another major compliance the GDPR will require.

Gaining Consent is Stricter: You Must Specifically State What Users Are Opting Into

When gaining consent through an opt-in form, chatbot, etc., it must be clear what users are providing their information for. For example, if a business’ pop-up form states, “subscribe for email updates on new products!”, with fields for a user to put their name and email, that’s not following the full GDPR guidelines.

Best practices to follow for capturing consent for your email marketing efforts under GDPR include providing:

• No pre-ticked boxes: Those little check boxes that are on forms stating that users want to receive email updates on new products, special deals, partnerships, etc.—they shouldn’t be pre-checked. Provide users the option to choose themselves, carefully reading and agreeing to what information they want to receive.
• No more fields than you actually need: Consider what information you truly need. Is a field in your opt-in form for "company size" necessary? Maybe so, but consider all the information you’re wanting and needing to capture for your specific email marketing campaign.

You’ll Need to Prove Email Subscribers' Consent if Challenged

A majority of email marketers have never tracked consent from subscribers (think how you would prove that Jane Doe subscribed to every newsletter or nurture campaign you have her in?) The new GDPR will require marketers to store and track users consent activity, as well as provide users the ability to revoke consent.

“This means that you will need to prove and show reasonable evidence that you have complied with the GDPR if you are challenged.” (Litmus)

Also note that seeing a subscriber filled out a form in your marketing automation platform is not enough to prove consent. We dive into where privacy consent is required under GDPR in an separate article that outlines this further, noting that consent cannot be mandatorily permanent, or a pre-ticked box, coerced, or more ambiguously—overbroad. Marketing automation tools help organize data that’s captured for different email marketing activities, but they do not help marketers manage how to track consent or track when it was revoked.

Before, there weren’t any tools that provided the ability to track and store consent across marketers’ several different marketing tech (martech) platforms: CRM, marketing automation tools, email tools, etc. Our Consent Management Tool released earlier this month serves the purpose for businesses to track and measure consent across all platforms, making it simple to prove tracked and revoked consent across all marketing activities.

No, You Don’t Need to Change Your Entire Email Program—You Just Need to be More Strategic

GDPR is scaring many marketers into thinking they need to bucket their opt-in methods into two separate strategies: one for EU users and one for non-EU. Here’s the reality: The GDPR guidelines are best practices for all types of data subjects (this is the fancy term used for your subscribers.) Not only do the required opt-in methods provide more security for your users, they allow your marketing efforts to become more strategic. Marketers want their email efforts to be as targeted and relevant as possible, driving the highest open, click, and conversion rates. By giving users full control over what type of information they receive, marketers become more relevant and personalized to their audience.