GDPR consent is a bit like getting married; having said “I do”, you then need to record the event and provide witness, explains Helen Armour

Despite the volumes that have been published on GDPR (the 

General Data Protection Regulation

 coming into force in May 2018), one of the most common themes has been around the lack of readiness for the change. There’s a suggestion that many businesses are still coming to terms with the legislation and that others are failing to understand how it affects them.

Indeed, it’s the biggest thing to affect business practice for a long time and the clock is ticking. For marketers, GDPR means a complete change to how we work and, it’s safe to say, things will never be the same again. If you have just got up to speed with relationship marketing and using content to leverage new leads, you’ll be dismayed that it’s already time to move on and embrace a new era.

At first glance, the implications of GDPR appear ruinous. Yet any marketer who seriously monitors their campaigns will know the indiscriminate collection of data does not equate to quality leads. Adopting a smarter strategy that connects with fewer, genuine prospects is, undoubtedly, a healthier approach. Think of it like internet dating, there’s increased success if the audience is actively engaged.

The legislation means a cultural change for marketers in recognising the data we hold in our mailing lists is not ‘our data’. It belongs to the individuals and, in an age where so much of our lives is carried out online, GDPR gives us all the right to say how our data is used and stored. From socialising to banking, holidays to medical appointments, we all rely on the internet in our daily lives and this new legislation gives control back to the individual. While GDPR is a disruption to current marketing practices, embracing it will make us more effective in the long run.

Will there be a distinction between B2B and B2C?

Less coverage has been given to the forthcoming e-privacy legislation that will be enacted at the same time as GDPR. The new ePrivacy regulation replaces the existing ePrivacy directive and is designed to offer clarity for electronic communications, i.e. emails and SMS messages. It’s a regulation and not a directive, which means that while GDPR will automatically become law across the EC, each member state will have to enact legislation to enable ePrivacy. This gives each country some latitude as to the exact wording and so could draw a distinction between B2B and B2C. However, the details of the ePrivacy Regulation are still some way from the final version and it is unlikely to be ready to be brought into law at the same time as GDPR.

Until then, GDPR draws no distinction between B2B and B2C communications. This means our B2B contacts will need to give ‘explicit consent’ if we want to send them marketing messages. Explicit consent means the contact has specifically and intentionally given you permission to mail them about your products or services. You can’t use pre-ticked acceptance boxes or text referring to your privacy policy; it has to be an unticked checkbox that describes what you are committing to if ticked.

You’ll also need some way of recording the consent – detailing who, what, when, and how. Ideally, when your prospects register online, they’ll be able to select which products they are interested in and your CRM will record this interaction. This will also safeguard you should, at a later stage, the consent be disputed. However, it’s unlikely any database or CRM system you are currently using has this feature at present, though a few vendors are making developments to include this functionality. It’s like a marriage certificate; you’ll need to record the event and provide witness.

Best practice for GDPR compliance is to use a double opt-in consent. Double opt-in is where a person completes a form on your website requesting to be on a mailing list, and you immediately send them an email asking them to confirm their subscription by clicking a link. This avoids the risk of somebody else entering their email and signing them up without permission.

Double opt-in

Before the 25 May 2018 deadline, you’ll need to gain consent from your existing database and the double opt-in email is likely to be the best option. You can mail your contacts before the GDPR deadline and encourage them to click through, confirming they wish to continue receiving your communication. Undoubtedly, you will lose quite a few prospects in the process but, on a positive note, those that do consent will be much more engaged with your product.

You should also be clear that the same does not apply to your actual customers, i.e. those with whom you already have a relationship due to a recent purchase or ongoing contract. You can contact your customers with relevant information to their purchase, though it’s a grey area if you wanted to promote any other products. Likewise, how long that relationship should continue is unclear and the same may apply to active prospects who you believe have a genuine interest in your products.

No doubt, further clarification will come to light in due course. In the meantime, there’s a skill in crafting imaginative opt-in emails with compelling reasons to give consent, giving opportunity for creative marketers to get ahead of the game.