For the GDPR deadline of 25 May 2018, many organizations have sent emails asking for consent for the future processing of personal data for direct marketing activities. The purpose of these requests was usually to still establish consent according to the requirements of the GDPR. In this context, it is important to know that the way in which organizations can use 'direct marketing' is laid down in legislation other than the GDPR; namely, national legislation that derives from the European ePrivacy directive. In the UK, for example, this is laid down in the Privacy and Electronic Communications Regulations (PECR), and in the Netherlands, in the Telecommunications Act (anti-spam laws).
Moreover, practice has shown that the way in which many of these emails were sent has not been very effective, partly because the request for permission was related to too generic information (for example, being allowed to continue sending newsletters), and did not address the specific needs and preferences of the recipient. Many organizations have been unable to make the relevance of their consent requests sufficiently clear. In our view, 'relevance' is the commercial leverage of the direct marketing challenge.
Roughly speaking, you can make a distinction in direct marketing between the front office and back office activities. In the back office you will find activities such as business analysis, segmentation, profiling and re- targeting. The front office maintains the relationship with the customer or prospect.
This article focuses on front office, direct marketing, meaning targeted marketing activities and communication channels through which contact is made with both prospects and customers with the aim of establishing and maintaining commercial relations. Examples include newsletters, email campaigns, targeted website advertisements, telemarketing (e.g., call centers), but also customer contact at trade fairs and customer visits.
Front Office – ePrivacy is leading
In the front office, we first have to deal with ePrivacy legislation (anti-spam laws) when information is sent unsolicited to individuals through digital means (e.g., newsletters, email campaigns, offers).
Active consent (opt-in) is required to be able to send these messages. In some cases there may be a 'soft opt-in', for example, in the case of offering or providing information about similar products or services. There is a fine line; if messages are insufficiently related to previously obtained products or services, then active consent is again required.
Current ePrivacy legislation refers to the GDPR for the definition of 'consent.' However, enforcement is still covered by anti-spam laws, which means that, for the time being, the financial risk of fines is still lower than under the GDPR. But, be aware, this is going to change. For violation of anti-spam laws, 'GDPR-like' fines will be introduced in the future. 1
(1: A new, harmonized European ePrivacy regulation is in the pipeline that aligns the penalties with the GDPR. It is expected that this regulation
will be adopted by the end of 2019.)
The accountability of the GDPR
Based on the GDPR, the accountability principle applies to organizations. An important element of accountability is determining the preconditions for continuing to communicate with prospects and customers in a manner compliant within the GDPR. A solution that we offer is the 'opt-in challenge.' We explain which steps can be taken to achieve this in the rest of the article.
Under the GDPR, organizations must take their accountability for the processing of personal data. This also applies for all direct marketing activities (as a general rule, personal data will be processed). A crucial aspect in that respect is the 'lawfulness' of the processing, i.e., determining the legal grounds for the processing.
One of the legal grounds is 'consent,' subject to stringent requirements. The request for consent must be formulated, specific and unambiguous, and be in understandable and accessible language. Consent must be freely given by the data subject and can be withdrawn at any time. In addition, organizations must at all times be able to demonstrate that consent has been obtained under these conditions.
The requirements of consent have been tightened under the GDPR and also apply to consent requests (opt-ins) from the front office. The accountability obligations fall under the stricter supervisory regime of the GDPR..
Gain insight into personal preferences through relevance
What is a suitable approach for coming into contact (with prospects) and remaining in contact (with customers) in commercial relationships through direct marketing?
The GDPR emphasizes that the protection of privacy is a fundamental right. Everyone has the right to the protection of his/her personal privacy. However, the right to protection of personal data must be considered in relation to its function in society, which also includes the business sector.
To be commercially successful, companies have to engage with their customers. There are several ways to engage with customers; certainly, relevance is an essential aspect from the customer perspective.
In a recent article 2 , the relationship between consent and direct marketing is discussed in greater detail. The article mentions, among other things, that if you ask for consent to communicate, this will increase the relevance of your company, strengthen your brand and reduce the risk of spam. (2: Capabilities of your organization Lyfemarketing (https://www.lyfemarketing.com/blog/permission-based-email-marketing/)
Seth Godin also states in his book, Permission Marketing: Turning Strangers Into Friends, And Friends Into Customers, that direct marketing with consent is a very effective technique for building strong relationships. Relevance arises where the message or offer of a company and the perceived value of an interested party
overlap. The image below illustrates what happens next.
What is the relation between relevance and opt-in or opt-out?
Relevance in direct marketing means that the recipient attaches 'value' to the content of the received message. If value is perceived, the recipient is likely to be interested in receiving further messages on the same or similar topics. In essence, it is very plausible that the recipient gives his/her consent on communication about these specific topics and preferences.
In short, when it comes to relevance, the recipient will be more willing to opt-in to continue to receive specific messages. Where the needs and capabilities meet, arises a so called “sweetspot”.
The company then obtains insights into the preferences of the recipient and can respond to this through various communication channels specific. This creates a powerful customer relationship.
An opt-out also offers the organization relevant insights. An opt-out can be a clear signal that the need of the recipient does not match the company's offer. At that moment, it is not recommended that the company keeps approaching this person in the usual way. However, the company can try to reach this person through other, non-direct channels, such as through social media campaigns, advertising, or by telephone or mail.
As a company, how can you be relevant yet fulfill your 'accountability'?
Start the opt-in challenge for sustainably compliant and relevant direct marketing.
The following steps can be taken to mature your privacy standard and, after the new ePrivacy regulation comes into effect, keep communicating in a compliant way with prospects and customers.
The opt-in challenge concerns the use of direct marketing with the aim of obtaining and retaining opt-ins by being relevant, within the framework of the accountability obligation.
It is important to determine who is responsible within your organization for direct marketing activities and for monitoring compliance with the GDPR and the e-privacy directive. Direct marketing is a team effort; marketing, technology, the privacy officer, and possibly other functions, must work well together to implement the next steps.
Direct marketing roadmap: Creating commercial sweetspots
- Making the current 'consent mechanism' GDPR-proof - i.e.: notification language, pop-ups and their presentation (specific, unambiguous, freely given, easily accessible, clear and simple language, etc.) and traceability of the consent process. Determine where and by whom you want to have it recorded and what evidence is required. Ensure that the evidence of a nopt-in remains up-to-date.
- Making the 'back office' GDPR-proof - i.e.: comply with all the principles of the GDPR, including ensuring the lawfulness of the processing of personal data for back office activities such as business analysis, segmentation, profiling, re- targeting, etc.
- Develop a consent policy and risk profile of the policy frameworks and requirements that the organization defines for consent ('opt-in' and 'soft opt-in'), in accordance with the GDPR, ePrivacy requirements and the business strategy.
- Qualify the current customer and prospect database based on the designed consent policy. Determine for what customers and prospects the organization has obtained a lawful opt-in or soft opt-in, and which individuals didn't provide valid consent and what target group you want an opt-in.
- Develop a 'consent strategy' to increase the sweetspot area - it is all about relevance and accountability. You make use of communication channels that are (partly) not in scope of the ePrivacy regime to collect consent; for example social media campaigns, telemarketing, but also physical customer contact at trade fairs and customer visits. But also webforms that can capture the consent. Define, based on your capabilities, preferences. Let prospects choose these preferences in combination with an opt-in.
- Roll out the 'consent strategy' to collect and retain more opt-ins. Centralize the implementation of the opt-in challenge in the organization in an automated way. Responsibility, relevance and decision-making should be implemented and managed in one place. Connect with your existing customer communication channels and systems.
- Evaluate & decide - based on the activities you perform to obtain consent and accountability, you build insights, for example, about the effectiveness of campaigns; the relevance of information on your website as the effectiveness of visits. Has your sweet area grown?
How does the 'Opt-in Challenge' work in practice?
Visit to find out: https://opt-insight.com/cases/
Want to know more about the 'Opt-in Challenge'?