Book a no obligation demo with one of our email experts. Discover how e-shot™ can help you:
One of our team will call you for a brief chat so we can cater the demo to your specific requirements and show you the relevant tools and features that will deliver you the best results.
21 Mar 2018 by Sadie Burgess
Before you can arrive at the conclusion that you need to repermission your list, to comply with GDPR, you have to conduct an audit of all the personal data you have, reviewing where and how you collected it, and if the consent has been documented as necessary.
If you arrive at the conclusion that for the purposes of GDPR, consent is the lawful ground you wish to use to process personal data moving forward, then you have to check and review what processes you currently have in place, and determine if they comply with the new regulations.
Next, you have to check all your files and audit trails to see if, when you collected the data originally were you compliant with the new stricter rules of GDPR.
This is when you now realise that you need to do some work to maintain your contact base.
Where existing permission doesn’t meet the GDPR’s high standards or are poorly documented, you will need to seek additional GDPR-compliant permission.
Alternatively, you may be able to identify a different lawful basis for your processing, or stop the processing completely and delete the data.
There is no “grandfather” clause in GDPR – which means that all data is subject to the new rules and there is no special priviledge for data you collected in the past.
So, now you have to document consent from the people that have previously given you permission to contact them.
There have already been news stories about companies that have taken the wrong route, Flybe and Honda being the most noteworthy.
So what can be learnt from these examples and what other risks should be considered as you embark on this journey of repermissioning?
Firstly, you can’t re-permission people that didn’t give you permission in the first place or have subsequently opted out from receiving your communications. In the B2C world, sending a repermission email to an individual who has opted out (or once subscribed but has since opted out) is already a breach of existing rules.
Under current laws you can approach B2B customers and prospects for consent as long as:
a) They have not previously opted out.
b) They are not a sole trader, or partners in a partnership whose email needs to be treated under B2C rules.
Consider using language appropriate for your target audience.
The Manchester United Stay United re-permissioning campaign was an excellent example of a compelling message, explaining to fans exactly what they get from the emails which they sign-up to receive.
Another thing to consider would be instead of sending an email asking people to opt-in or confirm consent, a softer approach would be an email campaign asking customers to verify their contact details and preferences.
As part of the forms which allow your customers to verify and update their details, allow them to update their marketing and communication preferences too.
If you want to take it a step further, you could also setup an industry level survey, that is sent, after the initial details are confirmed, to re-engage your audience, and learn more about what matters to them, with respect to topics/categories they wish to learn more about.
This can help you both segment your list further, as well as identify content that would add value to your audience.
Make sure that your marketing permission is not bundled up with other terms and conditions.
The marketing permission needs to be clear for your contacts to choose the appropriate action.
The consent also needs to be granular, so again consider using a preference centre to give contacts real choice in how they want to be contacted.
You will also need to ensure that you refresh your data collection methods as it will be a legal requirement to provide it if asked, so ensure you have records to prove how you gained consent for future marketing.
Once you’ve refreshed your lists you should keep your marketing permissions and preferences up to date, so schedule in some time every 6 months to review them, and make sure you're on top of it.
Don’t just use email.
When people log onto websites, place orders, call into a high-street branch or phone you, and also, when sending information in the post, use all these opportunities to try and get your customers to verify and update their details, as well as provide permission for the marketing you wish to send them.
It may seem like there is a lot to think about, and that the deadline is not far away.
But by taking some simple steps you can ensure that you are ready in time.
If you are interested in reading more about GDPR, check out our series of posts and if you want help getting started on a repermissioning campaign simply talk to your account manager about our re-permissioning package, or give us a call on 020 3320 8777.