GDPR Compliance Means Rebuilding Lost Email Lists
A little more than a month into General Data Protection Regulation enforcement and brands are already reporting up to 80% losses of their email marketing lists. Even the fortunate, proactive marketers who audited their email lists are reluctant to boast of their GDPR compliance. But there are ways to rebuild lost marketing lists and ways to ensure healthy lists remain GDPR compliant.
To that end, Target Marketing published a GDPR compliance checklist before the May 25 GDPR effective date that marketers can still access here. But marketers who lost significant portions of their email lists in order to avoid GDPR fines can also benefit from the GDPR compliance checklist, as well as the tips below on how to recover their lost email lists.
Keith Sibson, VP of product and marketing at PostUp, tells Target Marketing that a month into GDPR:
“The essence of GDPR with respect to email is that to legally use PII for E.U. citizens, you must disclose how you use that data and get explicit consent to do so. The email address itself is considered PII, so in order to email someone, you must have their explicit agreement on GDPR-ready privacy disclosures. In most cases, the privacy policies that brands already had in place when email opt-in was initially provided were not GDPR compliant, and so brands had to update those terms and again obtain explicit consent.
Target Marketing reported on June 18 that only 15% to 30% of privacy update email recipients were even opening the messages — let alone clicking on their contents. But among customers who did click on the emails, 23% only did so to unsubscribe from marketers’ lists.
“So with the GDPR deadline passed, brands have lost the right to email (and market to) their list. There are examples of brands losing up to 80% of their marketable list in this way, and they will now have to rebuild. For many brands — U.S. brands with small E.U. audiences, in particular — this was a self-inflicted wound. With geo-location and a more thoughtful approach to requiring an opt-in, they could have retained more of their marketable list.”
GDPR Compliance Means Checking for and Auditing the EU Citizen Data
Are your customers Americans? Do you know? Because as Sibson points out, many of the marketers who shot themselves in foot with their email lists did so by not reviewing even the basics — about whether their customers were E.U. citizens. They didn’t even ask themselves the question, “Are these customers to whom the law applies?” If they’re Americans, the answer is “no.”
But it may soon be a different story for some U.S. marketers, so it’s time to audit all of your customer data.
The New York Times notes that California just passed a digital privacy law giving consumers more control over their personal data. The GDPR-like law, which is set to go in effect in January 2020, regulates the data collection processes of tech companies. The Times says the privacy measure is “one of the most comprehensive in the United States, since most existing laws — and there are not many — do little to limit what companies can do with consumer information.”
So GDPR compliance requires companies marketing to E.U. citizens to have opt ins from their customers in order to use their personal data for marketing purposes, as well as how they can use it. It gives customers who are E.U. citizens the right to have their data removed from marketing lists. And it means brands sending emails to E.U. citizens who aren’t on their lists in a GDPR-compliant way may be doing so illegally if they’re sending the messages after the GDPR effective date.
To Be GDPR Compliant, Use Reliable First-Party Data
Marketers who ask consumers to opt in know that’s reliable first-party data. If they don’t know where they got the data or how, it’s time to acquire new customers. Many marketers who wiped their email lists clean of E.U. citizen data but would like to regain that market share can do so in many ways, beginning with asking consumers to opt in.
Another choice is to ask brands or vendors who already have relationships with those consumers to ask those consumers to opt into first-party lists. For example, publishers who host webinars needs sponsors, and those sponsors can ask consumers one-to-one if they’d like to opt into the brand’s email list for marketing purposes. The brand sponsoring the webinar then has new customers for email marketing purposes.
Abinash Tripathy, Helpshift co-founder and chief strategy officer, tells Target Marketing on June 21 that he sees a few marketers already who may want to audit their email lists:
“It is too early to see the impact on brands but in general GDPR will affect verticals that rely heavily on email marketing to grow their business like Insurance, credit cards and online retail.”
To Remain GDPR Compliant, Keep the Data in One Place
Marketing erased the data. But, whoops, sales didn’t. Scary but implausible scenario? Not, says Ian Gotts, founder and CEO of Elements.cloud.
On May 24 he wrote in Medium:
“Where are you storing those permissions when you get them? Hint: In Salesforce alongside the permissions you are getting from sales, support and legal. So, you have a complete picture of the permissions for each person in leads and contacts. Without this you run the risk of a person unsubscribing from marketing, but sales still contacting them.
“This is a big change, as marketing lists are now driven from permissions in Salesforce. Marketing is still in charge of the rules, but the master data lives in Salesforce, not your marketing lists.”
He tells Target Marketing on June 21 that the Medium article contains explanations of three basic mistakes marketers are making about E.U. citizens’ data privacy. Regarding email lists, he tells Target Marketing:
“I expect that most people's email lists (leads) have been decimated as non-one has accepted their pleas to consent.”
To Keep Customers on Email Lists Engaged, Personalize
Jennifer Horner, senior relationship marketing strategist at DEG, told Target Marketing on June 21 of email marketing in the wake of GDPR:
“Brands need to use this as an opportunity to take the consent that they have from their customers to leverage the data they do have to drive more relevant communications. With the increased focus on data privacy and data storage that we’ve seen in 2018, customers are now more aware of what brands can do, and I think customers are going to expect to receive more relevant, personalized communications. If they aren’t seeing it, they aren’t going to hesitate to unsubscribe.”
E-commerce marketers, especially, need to be transparent about how responsible and trustworthy they are with customer data, says Mike Austin, CEO of Fresh Relevance.
He tells Target Marketing:
“While brands can still send certain types of emails, e.g. cart and browse abandonment messages, as ‘legitimate interest,’ they are only able to send blanket emails, such as newsletters, to shoppers who gave consent that’s in-line with the regulation. This has undoubtedly put a hefty dent in marketers’ email lists across the board.
“Lists have been thinned, but that doesn’t necessarily bode disaster for marketers. Rather, there is opportunity to look fresh at the shoppers who explicitly opted in and better serve engaging communications to that dedicated and loyal customer base. As they are no longer able to send re-permission emails to E.U. shoppers, retail marketers should lean on additional marketing channels to ask for opt-ins and give reasons to subscribe to marketing emails. Website popups and personalized ‘permission pass’ campaigns online, transactional emails and social media are all highly effective techniques. This way, they’re compliantly re-opting in lapsed email recipients, while effectively attracting new subscribers.”
What do you think, marketers?
Please respond in the comments section below.