Here’s What Digital Marketers Need to Do Now to Comply with GDPR, the EU’s New Data Protection Law

Back to blog

Client Advisory -- On May 25, 2018, the European General Data Protection Regulation (GDPR) will go into effect. Below, we’ve outlined what this means for your marketing efforts and steps you can take now to ensure your company remains compliant with the new law.


What is the GDPR?

The GDPR is the new EU law replacing the Data Protection Directive that was established over 20 years ago. A directive is an established set of guidelines and practices that member states are encouraged to use, but can be interpreted and enforced how each member state chooses. With the new regulation, all EU member states are required to enforce the laws established within that regulation. While this sounds like it could be a bad thing, this is actually positive for marketers. Since the guidelines are no longer up for interpretation, we have a strict set of regulations and standards to adhere too, which means we can create processes that apply to the EU as a whole and no longer need to be aware of how each country implements the Data Protection Directive.

There's one additional major change: the GDPR is now enforceable outside of the EU. Previously, only businesses located within the EU were monitored. Now, businesses located outside of the EU that do business within the EU are also required to comply with the GDPR. This means that if your company collects personal data, such as email addresses, from citizens of the EU, then you must comply with the GDPR.

What does the GDPR mean for email marketing?

The GDPR details much stricter regulations for the ways you collect email addresses and how you use them once they are collected.

Collecting emails

While opt-in email marketing has always been required, there were ways in which marketers could make the marketing consent hidden during the collection process. Pre-checked opt-in boxes or small blurbs at the bottom of a product checkout indicating that you were going to be emailed were common ways companies would gain consent. Through the new regulations, marketers are not allowed to use pre-checked boxes and companies must clearly present an option to opt-out of email communications. Additionally, information about what their email is going to be used for must be included in the opt-in process. An example, as stated in the GDPR, would be informing a customer that you intend to use their data to profile and send them offers that best fits their behaviors, and then give them a chance to object.

Inbound marketers often collect emails through downloadable content, such as white papers and ebooks. Once the email address is captured, marketers will often drop that email into a nurture track or other email campaign. Under the new regulations, you must state on the download form that you intend to use their information for additional marketing communications, and give them a chance to opt-out. If you do not do this, you cannot use them on your mailing lists.

Recording consent

If at any time you are challenged by the enforcing authorities regarding consent to contact, you have to be able to show reasonable evidence that contacts on your mailing lists have provided consent. To do this, you will want to keep a thorough record of every form you have that collects information and highlight where the opt-in options are located. You then will need to show how your email lists are created based on how those forms are completed to show that you are not illegally sending to users who did not opt-in. Using a marketing automation platform like Hubspot, Pardot, or Marketo allows you to keep these detailed records so you can prove your opt-in process at any time.

What do I do with my current data?

The GDPR applies to all existing data, meaning any information you collected prior to its implementation is not “grandfathered in” under any circumstance. Even if your business adhered to the standards set by the GDPR, if you cannot provide reasonable proof,p; then your list is not legal.

While this solution may not seem simple, the easiest way to bring all your mailing lists up to these new standards is to run re-permissioning campaigns beginning in 2018. (HubSpot users can follow this simple step-by-step permission workflow process. And if you want to give them a fun look and feel, get some inspiration for your re-engagement emails on Pinterest.)

When running through the re-permissioning campaigns, brands that operate internationally have a few options on how they set up their mailing lists moving forward. If you only want to apply these new changes to your European customers, then separate lists will need to be created that house EU customers and meet the GDPR. This could get a bit messy, depending on the size of your database. The other option is to bring all lists up to GDPR standards. While not required, the GDPR has the strictest privacy laws internationally, so if your lists are up to GDPR standards, then they will meet any additional international standards as well.

While monitoring the GDPR is largely based on consumers reporting illegal use of their information, the risk that you could potentially get caught if you do not comply is very high. Non-compliance with the GDPR could result in fines of €20 Million or 4% of a brand’s total global annual turnover (whichever is higher). It’s really not a risk worth taking.

The GDPR is Awesome for Marketers

As you’re reading through this, you may be thinking that the GDPR is going to negatively impact your marketing efforts moving forward. Actually, it’s just the opposite. The GDPR is extremely positive and will only help marketing efforts in the years to come.

Why is that?

You only want to talk to people who like you

While we all work very hard to grow our emails lists, not everyone is engaged with our campaigns. In fact, the majority typically are not. This goes back to the ways in which we add consumers to our email lists. Take the white paper, for example. If someone is added to an email list after a content download, they may not be ready to start receiving email communications from your company yet. This results in unopened emails and lower performing campaigns. But, if you are only sending those emails to people who explicitly stated they want to hear from you, your campaigns will have much higher engagement. Sending to smaller, targeted lists will lead to better engagement and a higher ROI than a sending to large lists with lower engagement, according to a recent DMA report. Just because they are on the list doesn’t mean you are going to sell to them.

People will trust you more

Especially today, no one likes a Sneaky Pete when it comes to marketing. While it may be scary to say, “I’m going to be emailing you,” it can actually be refreshing to consumers when they see that they are not going to receive any surprises from your brand. Odds are, they will still opt-in for email communications. They know exactly what to expect, and feel safe when providing personal information to your company. Brands that are transparent with their customers have high trust, creating brand-loyal consumers that can turn into brand ambassadors.

Your sender status will improve

After you go through your re-permissioning campaigns and implement all the new opt-in functionality, you may see your list growth slow more than you like. But that’s OK. The people that do sign up want to hear from you, and people who want to hear from you open your emails. When people open your emails, your email performance goes up, which gives you a high sender rating. High sender ratings help you evade spam filters and bounces and ensure your messaging is being delivered.

You will have a better understanding of your customer

Inbound marketing is all about reporting, analyzing, and optimizing. The new opt-in regulations from the GDPR will be beneficial in understanding consumer behavior and optimizing our digital campaigns. Let’s go back to our favorite example, the white paper download. If you have a white paper with a high conversion rate, but people continuously opt-out of receiving additional marketing communications, then you realize that consumers who are looking for answers to the solution your white paper solves are in the beginning phases of the buyer’s journey. They are not yet ready to start exploring companies that provide a solution. But say you have another white paper that has a high opt-in rate. That white paper is efficient to consumers perusing the bottom of the sales funnel, and those leads can be flagged as ‘hot’ when coming into your database. This heightened understanding will prove to be very valuable as campaigns are continuously optimized.

While the initial impact of the GDPR seemed daunting, rest assured that these new regulations will positively impact marketing efforts moving forward. If you invest the time to make sure all your data is up-to-date and you can provide reasonable proof of consent, then the GDPR will not be a worry to your company.

Need help ensuring your email and automation programs are up to the task?

Beacon Digital Marketing specialists can help you set up re-engagement campaigns and workflows that will help you comply with GDPR, CASL, and CAN-SPAM laws. Learn more about our email marketing automation services, or contact us for more details.
Whitney Mitchell

Whitney Mitchell

Whitney is a natural leader with a knack for creating something out of nothing. She’s helped dozens of brands gain greater recognition for their causes and products in the digital world. Whitney’s experience doing literally every job Beacon offers, from graphic designer to operations to web developer means she’s not afraid to roll up her sleeves and dig in when it comes to helping Beacon’s clients build the future of business.