Enabler provide best practice advice for the importance of data protection within your email marketing, from a multi award-winning email agency.

Posts

One of the things we really strive to do in the Enabler team is keep our clients up to date with the latest goings on in the world of email. Sometimes this is a really fun job, and we get to send around well designed emails or provide updates on the latest coding techniques. Sometimes however, we need to make sure everything we and our clients are doing is in line with the current laws and regulations
– *cue sirens*.

In March 2018, the General Data Protection Regulation (GDPR) will come into effect, and I’m here to tell you what it is, why it affects you, and if there’s anything you need to be doing before GDPR comes into effect.

What is GDPR?

GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying the regulations within the EU.

When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995, and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.

When is it happening?

The regulation was adopted on 27 April 2016 and becomes enforceable from 25 May 2018 after a two-year transition period.

Who decided it should be a thing?

The European Parliament, the Council of the European Union and the European Commission.

Why does it affect you?

GDPR will affect every company that uses personal data from any citizen within the EU. If you are collecting email addresses and sending emails to subscribers in the EU, you’ll have to comply with GDPR—no matter where you’re based.

The UK, Germany, France, and other European countries represent valuable markets for many brands. But it’s not just the strategic importance of the market that makes GDPR important for all marketers, it’s also the large number of citizens that the new privacy law will protect.

Information on the specifics of GDPR

I’m going to be upfront with you here, a lot of what the GDPR states is pretty much identical to the current Data Protection Act (DPA).  Just like the DPA, GDPR refers to two types of data: ‘Personal Data’ and ‘Sensitive Personal Data’.  The main difference being that the GDPR’s definition is more detailed and makes it clear that information such as an online identifier, for example an IP address, can be personal data.  By expanding on this definition, it means that GDPR can identify a much wider range of personal identifiers that constitute as personal data.

The main reasoning for this change was that it reflects changes in technology and the way organisations collect information about people.
For most organisations who keep HR records, customer lists or contact details etc, the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

Unlike the DPA’s definition, the GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.  This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised, for example coded, can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

The main overall difference is that the GDPR requires that personal data should be:

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals;

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

It also requires that:

“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

What do I actually need to do from an Email Marketing perspective?

GDPR touches on several crucial aspects of email marketing, especially regarding how marketers seek, collect and record consent. So without further ado, here’s what you need to know:

Collecting consent will work differently

  • You will only be allowed to send emails to people who’ve opted-in to receive messages. While this has already been the case in most European countries under the EU Privacy Directive, GDPR takes this one step further and specifies the nature of consent that’s required for commercial communication. Starting in May 2018, brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR.

  • The signup process must inform subscribers about the brand that’s collecting the consent and provide information about the purposes of collecting personal data.

  • Some of the processes previously used to collect data will not be compliant anymore, for example if someone entered their email address to download a whitepaper or provided their contact information to enter a contest? If you didn’t tell them you’d use their personal data to send marketing messages, and if they didn’t actively agree that it is okay to use their data for that very reason, it won’t be legal to add those email addresses to your mailing list.

Recording consent will work differently

  • Under GDPR, you will need to prove and show reasonable evidence that you have complied with the GDPR if challenged. This means GDPR places the burden of proof around consent being given with the company itself.

  • This means you will need to be storing consent forms.

Existing Data

  • If your database includes subscribers whose permissions haven’t been collected according to the GDPR’s standards, or even if they have but you can’t provide sufficient proof of consent for any contacts, you might not be allowed to send email to those subscribers anymore.

  • If you can’t provide this, I would highly recommend running re-permissioning campaigns before March 2018.

Changing existing email programs

Sadly, unless you want to stop engaging with the European market (which we in no way recommend) then you will need to review some of your current email programs. Here are a few ways you can tackle the issue:

  • Set up separate signup processes for subscribers coming from different parts of the world. Customers coming from the EU would have to go through a GDPR-compliant sign-up process, while for United States citizens, everything could remain the same. This is a highly complex and costly solution but would definitely do the trick.

  • Bring your entire database up to GDPR standards and adapt all of your opt-in processes to match the EU requirements. (This is in bold because it’s what we recommend.)

Whether we like it or not, changes to opt-in processes and re-permission campaigns will likely slow down list growth in the short term, however they will help you to make sure that you are only sending emails to subscribers who really want to hear from them, which really will improve your overall list quality.

Umm…what about Brexit?

Yeah I thought you might want to know about that. Just incase you’ve been living under a rock recently, on 23 June 2016 the UK held a referendum to decide whether or not to remain in the EU and the majority voted to leave it.

After the negotiations around how exactly the UK will leave the EU have finished, we will (hopefully) be left with a clearer idea about the extent to which the UK continues to comply with and/or keep up with EU laws and requirements and remains within or outside the European Economic Area.

Either way, it’s most likely that the UK will still be in the EU by March 2018, however, there are some ways you can prepare from a Brexit standpoint:

  • Start to consider which parts of your business operations are established in the UK and may be affected by GDPR.

  • Identify any of the personal data flows from the European Economic Area to the UK. (If the UK also leaves the European Economic Area at the time of leaving the EU, the flow of personal data from the European Economic Area countries to the UK will become prohibited without new adequate safeguard measures being adopted).

  • Monitor the UK data protection authority’s statements on Brexit, GDPR and how to remain compliant – current ICO guidance is to continue to prepare for GDPR.

What if I just do…nothing?

In short, don’t do nothing… which I know is a double negative, but hopefully you get the idea. With the introduction of GDPR, also comes some hefty fines for not being compliant. Fines come in the form of up to €20 Million or 4% of a brand’s total global annual turnover (whichever is higher).

I mean sure, the authorities probably have more on their hands than going after every company who breaks the law, but they will rely on customers to report any breaches as well. Basically it’s best to comply and not put yourself and your company at risk.

Resources on GDPR:

Any legislation change can be daunting, but fear not, we’re here to help! If you need any help with sorting out email practices before March 2018, get in touch and we’ll get one of our email consultants to help you out.

Did you know that more than 70% of the world’s internet users are not native English speakers? Or that 85% of internet users don’t purchase products unless the descriptions are provided for them in their native language? With statistics like these, it’s incredibly important to make sure you’re not only segmenting your emails properly but also making sure your customers receive your emails in a way they can digest.

It can seem daunting to think about getting the same campaign right in English, Spanish, French, German, Italian, Turkish or Chinese, but it’s important to get your head around how to do this and how to do it effectively – especially as studies have shown that it can have a direct impact upon ROI. Luckily, we’re here to help!

Adapting your email campaigns to accommodate different languages is just another way of making your emails accessible to your customers. The time and effort you put into making sure that your emails are mobile responsive and your CTA’s are clearly visible should be no different to the time you spend making sure your customers can read your emails… and that they make sense. It’s not simply a case of having a translator translate the emails word for word. You also have to consider how that would read back to someone who not only uses a different language but comes from a different culture to you.

Here’s an example. In this campaign, Ralph Lauren had to adapt the copy ‘CHRISTMAS EXPERIENCE’ in the English version into several different languages, including Turkish. Here is the top banner of the Turkish version.

You’ll see that they have used the word ‘KIŞ’ which means ‘Winter’. This is because Turkey is not a Christian country. What Ralph Lauren have done here is not only translated their email into the relevant language for the country it’s being sent to, but have also made it culturally relevant to the customers receiving it.

A key thing that Ralph Lauren did here was ask the question you should all be asking when marketing to a new country: ‘will they get it’? You need to ask this question no matter what area of marketing you’re in. What should the people in your emails be wearing that’s culturally relevant? What sort of language should you be using? What events should you be promoting? Not only this, but you’ll have to do it all whilst promoting the same product. So how can you approach this?

The first thing to do is look at managing your data. If you’ve already segmented your subscribers by language or country – great job, you’re halfway there! If not, you’ll need to focus on campaigns which survey your customers (for example, by using a simple preference centre) before you start sending localised campaigns. Having said this, there are ways to send localised campaigns without having perfect data lists.

Check out this campaign from Global Eyes Production. They used a GIF as the hero image of their campaign which scrolls through the different language options. It’s a simple message with the call to action to click on their language preference. This subsequently took the customer to a form where they could update their language preference.

The next thing to think about is exactly what content you’re going to have in your emails – specifically the copy. When translating from English to many other language s, you’ll find the amount of characters required in languages such as Spanish far surpass the requirement for the English language. This means you’ll need to keep an eye on the length of your subject lines and pre-headers, as well as the overall design and content length of your emails.

This also applies to CTAs. A call to action like ‘find an outlet store’ is short enough in English but in Spanish this becomes ‘Buscar una tienda outlet.’ Of course, you can always go down the route of using different copy for different languages.
You may also find you run into problems with character encoding. If you try and put an e acute (é) into HTML, it will often throw an error at you. There are a number of ways to get around this. Firstly, make sure you’re using UTF-8 character encoding where possible, and also make sure you’re using the correct codes for special characters.

Time zones are also something to bear in mind when sending worldwide emails. Just as working days in China won’t be the same as working days in the UK for obvious reasons, even countries in the EU can be a problem. Consider the Spanish working day, there’s usually a siesta break in the afternoon, so it’s always useful to consider this sort of information. Asking a native usually helps!

It’s also important to understand the legal side of sending. Laws around data and when you can and can’t send to customers vary in different countries . For example, in the US there’s the CAN-SPAM Act which will provide you with guidelines on when you can and can’t send. In Canada there’s the CASL, which is more strict on opt-in consent than other countries. The EU deals primarily with only emailing subscribers with which you hold an existing business relationship. Australia has a Spam Act, and China is definitely one to watch as it’s incredibly strict – especially when it comes to subject lines. It’s definitely worth looking into the laws of anywhere you’re planning on sending to before you do.

Finally, if you’re going to attempt any sort of email marketing strategy involving localisation, I implore you to make sure it runs through the rest of your marketing. For example, there’s nothing more frustrating than receiving an email in your native language, then clicking through to find a landing page that’s only in English.

Overall, localising your emails can be of great value to both you and your customers. Even just taking steps towards localising your emails can help you build richer data on your customers. This is a win-win situation for everyone. Customers will receive more targeted and relevant emails and this should, in turn, boost your results. So, if you’re going to attempt localisation in your emails remember to be legal, content clever, have a great translator, and be really consistent with the overall customer journey. Ciao!