GDPR vs Marketing

by Anne Taylor on 14th Mar 2018

GDPR vs Marketing

Has the new regulation really got it in for marketeers? This is our take on it.

You might have already seen some of the new regulations, and one of the biggies for marketeers is the change to how individuals give consent to be contacted, and what about. With GDPR consent must be a positive action, with clear guidance on what is being signed up to, and how the individuals details are being used.

The problem now is you might well already have an awesome marketing database but unless the data you collected in the past meets the new regulation for consent, you need to ask for consent again in the new way. That's a big shift in where the goal posts are. It's like changing the rules of football and stripping every player who ever won the World Cup of their medal because it's not valid anymore. GPDR 1, Marketeers 0.

Looking at the bigger, longer term picture and generally speaking, right now, we all receive too much email and other marketing we're not interested in, and that has an effect on how tolerant we are on things we receive that we might have been interested in. When I receive 50 sales emails every day I tend to use Select All/Delete, and yet one of those emails might have been something I was genuinely interested in. Do I want to go through that list of 50 to find that one? No. So, would it be a bad thing for the economy and world as a whole to have a little bit of a reset?

A few years ago I had a meeting with a company trying to move into online sales. They had a website which had been going about a year, and from some good marketing they were attracting a nice amount of traffic to the site - but they hadn't sold a single item from their online store. My over-simplistic argument at the time was that for their business, spam-964521_1920with high value items, having a website with one visitor that converted to a customer would be better than a million visitors not buying anything and costing them money. Ultimately that was the end of the conversation, they were wedded to their endless droves of visitors browsing the site (which for some businesses is the business model, but certainly not for this one).

The point of that little story is that, in our opinion, quality beats quantity and maybe we don't need to fear smaller scale, but better informed and targeted marketing.

A few questions we've been asked

Do I really need to ask for consent to continue sending marketing to my existing database?

Unfortunately, the chances are the answer is yes. If you rely of 'consent' as the basis for keeping the marketing database and those individuals on the list didn't opt-in (rather than opt-out), or you can't evidence when/how they opted-in, or you weren't clear on the opt-in exactly what they were signing up for... the list goes on. 

I only have work/company email addresses on my mailing list are they personal data?

Not necessarily, but some are. If the email address is linked to a person's name like john.smith@ that would certainly be personal data. So, what about info@ ? This is where it gets even more difficult to know, if the domain name is owned by an individual (even if it's a business and it's a sole trader) the chances are that could be personal info too. Generic email addresses at incorporated companies are unlikely to be personal data (for example Our advice is to treat all email addresses as if they were personal data, unless you plan to review them on a one by one basis.

I've bought a marketing database, is that okay to use now?

This is a tricky one - it might be; it might not. Be careful with things like this, you need to be really sure that whoever you're buying the database from has proper consent from any individuals contained within it. If you are buying a list make sure to carefully check any terms, privacy policies and contracts you have in place to make sure the supplier of the list is complying with the regulation.

I use an online CRM/system for managing my marketing and customer details, is that still okay?

This shouldn't be a problem, although there are a couple of key things to check - (1) Is the system hosted/data stored within the EU? If not, there might be some extra steps to go through to ensure compliance. (2) Check the security of the data - your supplier can probably give you the relevant information (see our GDPR and security blog).

Five top things 'to do'

  1. If you hold marketing databases, check you have a lawful basis to process that data - see our blog on that

  2. If people have consented to receive marketing from you, make sure you stay in the bounds of what they signed up to receive

  3. Think about all types of marketing, not just email, but other online channels, phone calls and direct mail

  4. Make sure that the consents you're collecting now comply with the new legislation

  5. Get help if you need it

If marketing isn't your thing, or it is but you're lost in a data minefield, get in touch with us on 01904 500500.