Electronic marketing campaigns and data compliance

26th September 2017Women at table using a laptop.

Are you planning an email marketing campaign but not sure who you can and can’t communicate with? With the GDPR fast approaching (just 6 months to go!) here’s some guidance on hitting those targets and keeping within the data protection law, old and new.

Whilst it is true that, at present, the rules for direct marketing aren’t quite as tight if you are contacting organisations rather than directly marketing to individuals. Whether you are B2C or B2B, you’ll have to comply with a number of regulations, not just the GDPR. So, for best practice, we recommend following the B2C guidelines. For more information on the differences please see our blog – How will GDPR impact B2B marketing.

It is important that the data you hold is compliant not just with the new GDPR rules, but also with the Privacy and Electronic Communication Regulation (PECR). For instance, to comply with PECR, your marketing communications should be directed specifically at an individual, ideally with the relevant role in the company for your product or service.

Electronic marketing

The most important thing to remember when it comes to electronic marketing campaigns – email, SMS etc is permission.

In short, you must not send electronic marketing of any kind to an individual without seeking their permission first, unless they have opted in.

Soft ‘opt in’?

The term ‘soft opt-in’ is sometimes used to describe the rule about communicating with your existing customers. It’s based on logical assumptions. If you’ve met with or contacted an existing customer recently, and they give you their details either in person or by email, and did not opt out of marketing messages, then they are probably happy to receive marketing communications from you. But to stick within the law this communication must be about the same, or similar products or services you have already discussed with them. You can do this even if they haven’t specifically consented. However, when you do send any communications, you must give them a clear choice to opt out – in every message you send.

Full ‘opt in’?

The soft opt-in rule does not apply to new contacts (for example from bought-in lists). In order to contact new or potential customers you must seek full ‘opt in’ consent from them, and it must be clear exactly how you intend to use their information for your marketing purposes. Again, in every communication from there on, there must also be a clear route for them to ‘opt out’.

What about my existing database?

You need to audit your database and separate your contacts into the following categories.

  • Existing relationships
    Can you demonstrate, if requested, that you have an existing relationship with this customer? If so these come under ‘soft opt in’.
  • Subscribers with demonstrable ‘opt in’ consent
    If you can already demonstrate that a contact has opted in, they’re ‘GDPR proof’ and ready to go.
  • Active subscribers without ‘opt in’ consent
    If they are a current customer, the communication can be considered as part of their service from you (for example, ebulletin) and their engagement (open and click rate) is high, then this is classed as a demonstrable existing relationship and ‘soft opt in’ is all that is needed to keep communicating.
  • Lapsed customers and inactive email subscribers
    If you have contacts on your database that are no longer active customers or they aren’t opening and clicking your email communications then it’s time for a clean out. After the GDPR comes in to effect you will no longer be able to send marketing communications to these contacts without potentially facing fines.

 Data Protection – post campaign

You may find that some people ask to unsubscribe from marketing communications by replying directly to the email rather than clicking any links you provide, to stick within the law you should always make sure you follow this up as soon as they request it. You are also required by law to disclose to the customer, if they request it, exactly what information you hold on them. We strongly recommend having an assigned data protection officer if you regularly handle data. Having someone who knows the protocol for collecting, managing and deleting data as necessary and within the data protection regulation guidelines will prove invaluable.

If you would like some more information on Data Protection Officer Training please see our e-learning courses, or contact one of the team today on 01673 885533. We’re here to help.


Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.