GDPR is here! Heralding a new era of data protection and data security, the General Data Protection Regulation came into force on 25th May’18.

While citizens of EU countries have every rights to and are gloriously happy in their newly fortified rights of privacy; marketers around the world (who market to EU citizens, of course) are busy researching GDPR clauses, making calls and taking meetings with lawyers, scrapping their tried and tested marketing strategies, chalking up new plans and of course having panic attacks on regular intervals!

Well, Marketing in The Time of GDPR (huge fan of Marquez, could not resist the temptation) is definitely going to be a challenging task, especially for traditional marketers who depend heavily on purchased lists.

But, take heart, all is not lost!

I, for one, did some research on GDPR and all that the regulation entails (partially because we wanted to become GDPR compliant and partially because I’m incapable of passing up the opportunity of a good research). And yes, there is no denying the fact that GDPR is going to have a profound impact on marketing as we know it today!

But, that may not be a bad thing at all! Yes, there’ll be some initial hiccups, some relentless brainstorming and quite a few late nights; but GDPR might as well shake-up your marketing team and force them to implement strategies that works!

How? We’ll got to that in a bit.

First, let us see why GDPR has such profound impact on marketing strategies.

Data protection has always been a vague area when it comes to binding legal regulations and enforceable penalties. In fact, a lot of countries around the globe do not yet have any well-defined law or regulation concerning the collection and use of personal data. As a result, marketers today are very much used to the idea of collecting personal data (often without a second thought) and using it as they see fit. (Dear fellow marketers, trust me, I’m not trying to make you look bad. It’s just the way it is!)

Hence, I’m still receiving emails from that shady online shop that I bought a fake designer handbag from (which, by the way, didn’t even look like the original one) some five years ago. The list is endless; the not-so-good landing page builder that I took a trial for, but never purchased; the numerous websites from where I downloaded e-books, know-hows, checklists, tutorials, dog pictures, recipes and what not; they are all flooding my inbox till date! While there are a number of companies who actually asked for my consent for sending me marketing communications, or at least I remember giving then my e-mail id; for the majority of these emails, I have no clue what these companies are all about or how they got hold of my email id. Of course, many a time when I click on the customary ‘Unsubscribe’ button, it opens another long form that I have to fill for taking myself out of their list.

Without getting into the discussion about whether it is fair or not, this is how email marketing looks like to an average user.

And here comes GDPR, which is not a mere directive but an enforceable law, saying:

  • Businesses cannot collect personal data without consent.
  • Businesses cannot collect as much data as they want; they must have an expressed purpose for each piece of data they collect.
  • Businesses cannot store the collected data indefinitely.
  • Businesses must be able to retrieve the data and delete it completely if the data subject wants them to.
  • Businesses cannot send out marketing communication without consent from the person they are sending it to.
  • Businesses must disclose details such as why the data is being collected, how it is being stored, how secure it is, whom to contact in case of queries etc to the data subject.

Complying with these clauses are definitely hard. Especially, if you depend heavily on outbound marketing.

So, Did GDPR Just Kill Outbound Marketing?

Actually, No.

I know how it looks like! Essentially because outbound marketing is all about reaching out to the potential buyers. And, as per GDPR guidelines, you cannot do that without the consent of the ‘potential buyer’ in question. GDPR is definitely looking like a murderer here! Thankfully, it’s not the case.

Before you start writing a long and emotional obituary for outbound marketing, here are a few points that you need to keep in mind.

Consent is Crucial for Sending Marketing Messages

GDPR stresses on consent. For example, if you want to market your newly launched product to a list, you need to have clear consent from everyone on the list. The regulation does not stop you from marketing. It only makes sure that you don’t spam contacts with marketing messages they are least bothered to receive. How do you do it? Simple, ask for consent. And ask in a very clear language too. The Article 7 (Chapter 2) of GDPR clearly states that the consent from the data subjects must be asked in a clearly distinguishable manner, using clear and plain languages.

Using a clear opt-in in all your web forms can be a great way here. Here’s how we’ve implemented the opt-in for GoldenLion.

Double Opt-in

As you can see in the above screen-shot, once a visitor fills-up the form in the GoldenLion website, she need to check two boxes to indicate that she have read and agrees to our privacy policy and she is giving us her consent to contact her with news and updates from the company. Here, the first check box for the Privacy Policy is a mandatory field (meaning, the visitor cannot submit the form without checking it), the second one asking for consent is not.

Why? Whether the visitor is a qualified lead for you or not, she is providing you with her data the moment she presses the send button. This is why, as a data subject, she has full rights to know why we are collecting this data, how we are storing it, how she can contact us regarding this data, how she can request us to delete the data and so on. All these information is specified in the Privacy Policy, and till the time she reads and agrees to it, we simply cannot process her data, even if to provide her with the solutions she is looking for.

However, when it comes to consenting for receiving news and updates from GoldenLion, the data subject has a choice to opt-in or not. As per GDPR regulations, this consent must be freely given, which means it must come no string attached. So, even if the data subject does not want to receive future updates and news from GoldenLion, the company may process her data and contact her regarding her specified requirements.

This is the simplest way of collecting consent from your potential customers as you build your list.

One of the greatest benefits of using such clear opt-ins is improved list quality. When a contact gives you consent for sending her news and updates from your business, she is definitely interested in your products. Marketing to a list with high interest level might as well improve your conversion!

Look Closely Before Engaging Third-Party for Lead Generation

Let’s face it; no matter how out-dated it may seem, many businesses swear by lists generated by market research companies. Although you are not very sure about the quality of these lists, the massive volume and ready availability have been the attraction factors for these. Does GDPR forbid you from using them? Not really!

GDPR simply makes sure that you are not using data that is collected without consent.

If you are purchasing a list from a market research company or a survey agency; you are the data controller here. Once you purchase the data, you decide what you want to do with the data. As a marketer you want to contact the people whose data you have just purchased. The simplest thing to do here is to see whether these data subjects have consented to that or not. As per the Article 28 of GDPR, you can definitely obtain and use data processed by another processor, given the fact that,

  • the processor have express authorization from the data subjects regarding processing their personal data, transferring the same to you and contacting them with marketing communications.
  • the processor takes appropriate data protection measures to keep the data safe and secure.
  • you give clear written instructions to the processor about what data you would like them to collect and what purpose the data would serve.

While GDPR does not prohibit you from engaging external agencies from collecting lists. The data protection regulation only ensures that data subjects have clear idea about what they are consenting to and data processors as well as controllers step up to ensure data security.

Way Forward…

As marketers you and I know, how difficult it would be to carry on outbound marketing while strictly following all GDPR rules. In this age of information overdose, sending out marketing communications in bulk is not much effective either. GDPR may have given you the much needed push to look at your marketing efforts in a whole new light.

Coming back to the original question, is outbound marketing dead? Not really; but it may be the right time to tweak it a bit and combine it with some inbound strategies in order to get better results. How? Stay tuned and we’ll lay it down in our next blog.