See our latest news articles
In this article, we’re going to bring you up to speed on making your digital marketing database compliant. If you’re not actually sure what GDPR is, you’ll find our general introductory blog a helpful starting place.
Under GDPR, not all databases are equal. The regulation accepts that you need a database of your existing clients, it also accepts that you may need to retain that information for a while after you cease to do business with, but you will need to give proper consideration to how much data you need to store and for how long.
However, marketing data comes under closer scrutiny. But there are distinctions, depending upon how you intend to use the database. We will deal with databases for direct mail separately; the tightest regulations are for digital marketing activities. This is what you need to know about these, so you don’t come a cropper.
Many companies’ databases contain contacts who didn’t give specific consent to receive marketing emails. For example, in networking circles there is often a tacit understanding that if you give your business card to someone, they can put you on their marketing list, as long as you have the option to unsubscribe.
That will no longer be acceptable with the new regulation; you will need consent from them before sending any marketing emails.
Another thorn in the side is that now you have to make sure your existing database have all opted in, even if they’ve been receiving emails from you for years and haven’t unsubscribed. This means you’re going to have to contact all of them, giving them a link to a web page where they can opt in to your marketing communications.
You will need to get these consents before May’s deadline. You’ll also need these consents to be very specific, detailing exactly how you will be using their data. Depending upon whether you intend to share the data with other organisations, you may need several consent boxes, for example:
Yes – I’d love to receive communications from Joe Bloggs Sprocketts about company news, industry insights and offers
Yes – I’d love to receive communications from Joe Bloggs Sprocketts about offers and news from their carefully selected partners: LIST OF NAMES OF ALL YOUR AFFILIATED ORGANISATIONS
Yes – I am happy for Joe Bloggs Sprocketts to pass my details to third parties for marketing purposes
Not only do you have to have consent from the people on your marketing database, you have to be able to demonstrate that consent; even if they opt in, if you can’t prove it, you could still be hit with some serious fines. In the networking example above, it’s not enough to ask the person if they are happy to receive marketing communications from you; you will need a written record of their consent. You will therefore need to email them with a link to your consents page and ask them to opt in.
All of this has implications for your CRM software; the database will need to record when contacts chose to opt-in. If you don’t have this facility, speak to your provider early to make sure they are on the case.
Another point to consider is that consents can’t be understood to be given forever. You will need to go back to your contacts regularly to check that they are still happy to receive your digital communications. What ‘regularly’ means has not yet been determined, but annually would be an intelligent guess at this stage.