Enabler provide best practice advice around choosing GDPR compliant email marketing software for your B2B and B2C email marketing communications.

Posts

As a marketer, one of your top priorities is likely to be drumming up leads to pass on to the sales team, and you may feel under a lot of pressure to bring do this in large quantities. So we completely understand that buying an email data list might seem like a quick win – access to thousands of new contacts at the click of a “pay now” button sounds like a no-brainer, especially when the lists are advertised as targeted, verified, accurate, and opted-in.

Unfortunately though, the reality is less assured. A purchased data list is very unlikely to provide you with high quality data that enables you to promote your business effectively, and can cause you a whole host of problems which will impact your ability to email legitimate leads in the future.

Here’s Six Reasons to Remember Why Buying Data Is Bad:

1. Quality Is Not Guaranteed

First and foremost, it’s pretty likely that a list you buy will be littered with old or incorrect email addresses, incomplete names, and other problems affecting the deliverability of your email.

2. Bad Delivery Rates = Bounces

The deliverability issues caused by these incorrect / old email addresses could cause your emails to have a very high bounce rate, which will in turn damage your sender reputation by potentially marking your IP address as that of a spammer, further impacting the deliverability of your emails. Read our blog post on spam filters to help avoid getting caught in this vicious circle.

3. Nobody Knows You

It’s likely that the contacts on your list have never heard of your company before, which immediately lowers the chances of them opening your email. You should be sending to people who are already interested in what you’re sending them, such as existing customers who have engaged with your brand and those who have specifically opted in to receive messages from you.

4. Less Engaged Recipients

recent analysis of a company’s email marketing activity found that business areas emailing to opt-in lists achieved open rates 82% higher than the areas emailing to purchased lists. That’s a significant difference! It’s basically not worth your time emailing people who are unlikely to engage; channel your energy into people who want to hear from you.

5. Shared List = Fed-Up Contacts

It may well be the case that other companies have bought the same list as you, meaning that the recipients are already annoyed by all the emails they’re receiving before yours has hit their inbox. You don’t want to join a crowd of ignored competitors.

6. You May Fall Foul Of The Law

Your communications need to be in line with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (UK) or CAN-SPAM Act (USA), or you could face hefty fines. Unfortunately your email itself may follow the legislation to the letter, but if the email addresses were harvested illegally in the first place, you’ll still be breaking the law. Additionally, from 25th May 2018, the General Data Protection Regulation (GDPR) will come into force, meaning that the way companies are allowed to store and process personal data will change. Here’s our GDPR guide to help you get to grips with the new regulations.

 

Okay, – so what should you do?

Now we’ve talked you out of buying a list, let’s discuss the six best ways to source your data instead…

1. Attract An Audience With Engaging Content

Produce content that you know people are going to want to read, and make sure that when it goes live it’s been optimised for SEO so that your audience can easily find it (get in touch if you’d like help with this) . The content itself may be blog articles, white papers, a series of top tips, opinion/advice pieces, reviews, templates, or anything else you think would be engaging.

2. Include a Gated Asset

If it’s not enough for people to be reading your content and hopefully contacting you as a result, you can set up a data capture / sign up form that people have to complete before they can view your content. This gives your content a feeling of exclusivity, and also allows you to grow your leads

3. Create a Lead Magnet

Following on from the above, you could also create a lead magnet – this means an irresistible incentive for the customer to give you their contact information, and often comes in the form of a discount code.

4. Use a Reputable Email Service Provider

Doing so will help to protect your sender reputation, and ensure that you’re adhering to spam legislation by providing the tools needed to offer an unsubscribe and process it within 10 days. An email service provider like Enabler is also able to offer comprehensive reporting and testing facilities, allowing you to optimise your emails, and keeps your database up-to-date by logging unsubscribes and bounces and removing them automatically from your mailing lists.

5. Encourage Sign-Ups

Include a sign-up box on every page of your website to offer people maximum opportunity to subscribe to your emails. Keep it simple and quick to complete – all you really need is an email address, but if you must you can also include fields for first and last name.

6. Cross-Channel Promotion

Make the most of your other marketing channels, such as social media and your website, to promote the content of your emails and why people should sign up for them. For example, if you were soon to send an email featuring “Five top tips for x!” you could tweet something along the lines of “Sign up to our emails to discover five top tips for x!” ahead of time.

 

Most of these techniques are targeted towards acquiring new leads, but remember that it’s also super important to retain your existing customers. Firstly (and obviously) your existing customers are likely to repurchase if you look after them, and may also create new customers for you through word-of-mouth and recommendation. You could tap into this by rolling out a refer-a-friend campaign, with a form to capture friends’ details and offer incentives to both your customer and their buddies. There are loads of other ways to build your email lists explored in our Email List Building blog post.

Hopefully you can see that it simply isn’t a worthwhile investment to buy a data list for your emails. There are too many pitfalls and too few chances of success. Instead you should focus on growing your database organically, and maintaining a positive sender reputation. If you’d like help in your email endeavours, give our Enabler team a call on 0207 099 6370, or drop an email to enablermail@pancentric.com.

One of the things we really strive to do in the Enabler team is keep our clients up to date with the latest goings on in the world of email. Sometimes this is a really fun job, and we get to send around well designed emails or provide updates on the latest coding techniques. Sometimes however, we need to make sure everything we and our clients are doing is in line with the current laws and regulations
– *cue sirens*.

In March 2018, the General Data Protection Regulation (GDPR) will come into effect, and I’m here to tell you what it is, why it affects you, and if there’s anything you need to be doing before GDPR comes into effect.

What is GDPR?

GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying the regulations within the EU.

When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995, and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.

When is it happening?

The regulation was adopted on 27 April 2016 and becomes enforceable from 25 May 2018 after a two-year transition period.

Who decided it should be a thing?

The European Parliament, the Council of the European Union and the European Commission.

Why does it affect you?

GDPR will affect every company that uses personal data from any citizen within the EU. If you are collecting email addresses and sending emails to subscribers in the EU, you’ll have to comply with GDPR—no matter where you’re based.

The UK, Germany, France, and other European countries represent valuable markets for many brands. But it’s not just the strategic importance of the market that makes GDPR important for all marketers, it’s also the large number of citizens that the new privacy law will protect.

Information on the specifics of GDPR

I’m going to be upfront with you here, a lot of what the GDPR states is pretty much identical to the current Data Protection Act (DPA).  Just like the DPA, GDPR refers to two types of data: ‘Personal Data’ and ‘Sensitive Personal Data’.  The main difference being that the GDPR’s definition is more detailed and makes it clear that information such as an online identifier, for example an IP address, can be personal data.  By expanding on this definition, it means that GDPR can identify a much wider range of personal identifiers that constitute as personal data.

The main reasoning for this change was that it reflects changes in technology and the way organisations collect information about people.
For most organisations who keep HR records, customer lists or contact details etc, the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

Unlike the DPA’s definition, the GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.  This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised, for example coded, can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

The main overall difference is that the GDPR requires that personal data should be:

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals;

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

It also requires that:

“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

What do I actually need to do from an Email Marketing perspective?

GDPR touches on several crucial aspects of email marketing, especially regarding how marketers seek, collect and record consent. So without further ado, here’s what you need to know:

Collecting consent will work differently

  • You will only be allowed to send emails to people who’ve opted-in to receive messages. While this has already been the case in most European countries under the EU Privacy Directive, GDPR takes this one step further and specifies the nature of consent that’s required for commercial communication. Starting in May 2018, brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR.

  • The signup process must inform subscribers about the brand that’s collecting the consent and provide information about the purposes of collecting personal data.

  • Some of the processes previously used to collect data will not be compliant anymore, for example if someone entered their email address to download a whitepaper or provided their contact information to enter a contest? If you didn’t tell them you’d use their personal data to send marketing messages, and if they didn’t actively agree that it is okay to use their data for that very reason, it won’t be legal to add those email addresses to your mailing list.

Recording consent will work differently

  • Under GDPR, you will need to prove and show reasonable evidence that you have complied with the GDPR if challenged. This means GDPR places the burden of proof around consent being given with the company itself.

  • This means you will need to be storing consent forms.

Existing Data

  • If your database includes subscribers whose permissions haven’t been collected according to the GDPR’s standards, or even if they have but you can’t provide sufficient proof of consent for any contacts, you might not be allowed to send email to those subscribers anymore.

  • If you can’t provide this, I would highly recommend running re-permissioning campaigns before March 2018.

Changing existing email programs

Sadly, unless you want to stop engaging with the European market (which we in no way recommend) then you will need to review some of your current email programs. Here are a few ways you can tackle the issue:

  • Set up separate signup processes for subscribers coming from different parts of the world. Customers coming from the EU would have to go through a GDPR-compliant sign-up process, while for United States citizens, everything could remain the same. This is a highly complex and costly solution but would definitely do the trick.

  • Bring your entire database up to GDPR standards and adapt all of your opt-in processes to match the EU requirements. (This is in bold because it’s what we recommend.)

Whether we like it or not, changes to opt-in processes and re-permission campaigns will likely slow down list growth in the short term, however they will help you to make sure that you are only sending emails to subscribers who really want to hear from them, which really will improve your overall list quality.

Umm…what about Brexit?

Yeah I thought you might want to know about that. Just incase you’ve been living under a rock recently, on 23 June 2016 the UK held a referendum to decide whether or not to remain in the EU and the majority voted to leave it.

After the negotiations around how exactly the UK will leave the EU have finished, we will (hopefully) be left with a clearer idea about the extent to which the UK continues to comply with and/or keep up with EU laws and requirements and remains within or outside the European Economic Area.

Either way, it’s most likely that the UK will still be in the EU by March 2018, however, there are some ways you can prepare from a Brexit standpoint:

  • Start to consider which parts of your business operations are established in the UK and may be affected by GDPR.

  • Identify any of the personal data flows from the European Economic Area to the UK. (If the UK also leaves the European Economic Area at the time of leaving the EU, the flow of personal data from the European Economic Area countries to the UK will become prohibited without new adequate safeguard measures being adopted).

  • Monitor the UK data protection authority’s statements on Brexit, GDPR and how to remain compliant – current ICO guidance is to continue to prepare for GDPR.

What if I just do…nothing?

In short, don’t do nothing… which I know is a double negative, but hopefully you get the idea. With the introduction of GDPR, also comes some hefty fines for not being compliant. Fines come in the form of up to €20 Million or 4% of a brand’s total global annual turnover (whichever is higher).

I mean sure, the authorities probably have more on their hands than going after every company who breaks the law, but they will rely on customers to report any breaches as well. Basically it’s best to comply and not put yourself and your company at risk.

Resources on GDPR:

Any legislation change can be daunting, but fear not, we’re here to help! If you need any help with sorting out email practices before March 2018, get in touch and we’ll get one of our email consultants to help you out.