GDPR has got marketers around the country in a bit of a tizz. Should they go down the J D Wetherspoon route and delete their entire customer database, or hang on to their valuable assets and claim ‘legitimate interest’ if questioned about compliance?

The answer is of course none of these, or at least not yet. There’s still time to get consent from your marketing lists and in doing so improve those lists no end.

Privacy Policies

But first you need to ensure your Privacy Policy is up-to-date and reflects the new legislation. This needs to be a written statement that outlines exactly how you process personal data and ensure its security. For most companies, a convenient place to publish your Privacy Policy is on your website; you can then link to it from other areas of your website (such as a sign up form) and digital platforms like email.

The GDPR states that the information you provide to people about how you process their personal data must be:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, particularly if addressed to a child; and
  • free of charge.

This link to the Information Commissioner’s Office (ICO) website sets out what has to be included in your privacy policy.

How You Process Personal Data

The next thing you need to put in place is a written procedure for handling personal data. Consider different scenarios. What happens when a member of your marketing team meets a potential client at a networking event? How is personal data from a business card handled? What about enquiries from your website or on social media? How do you collate data, what data do you collect, where is it stored, who has access to it etc. etc.

Detail every eventuality and the processes used, and then communicate them clearly with your team. Employees need to understand what their responsibilities are under GDPR, how they should handle personal data and keep it safe. By making sure they’re on board, you can be confident that your department is compliant.

One central marketing database, properly protected with an appropriate level of security (based on the sensitivity of the data contained) and only accessible by the people in your team that need this data, is the best solution. Don’t allow team members to store data on different devices spread across your IT estate or give access to the database to everyone, regardless of their role.

This is a great opportunity to clean up your marketing lists, consolidate different records, delete duplications and remove contacts that are no longer relevant to your business.

Positive Consent

Your existing systems for processing data will probably need to be updated to ensure you get positive consent from individuals to use their data. That means having opt-in boxes for marketing communications on any relevant forms where personal data is requested. For example, if a customer buys a product from your e-commerce store they’re only providing their data for that purpose – to enable a transaction to take place and so that you can ship their goods. Unless they positively opt-in for marketing communications you cannot add them to your marketing lists.

Opt-in boxes cannot be pre-ticked and it must clear exactly what individuals are opting in for, so don’t confuse your marketing communications opt in process with terms and conditions and other policies.

GDPR, marketing, email marketing

Updating Your Existing Marketing Lists

Now that you have the right policies and procedures in place you can contact your existing marketing list to request consent. Ping them an email explaining why you need their consent, and give them a good reason to opt in for your marketing communications.

It can also be an opportunity to segment your marketing lists further. For example you could give contacts the option to opt in for marketing communications about specific products or services, and not for others. Or perhaps your contacts would prefer to receive insights and industry news (such as from your blog), but not receive any information about promotions and product information. Keep it simple. Don’t provide too many options as that can be confusing, and make sure that it is clear what people are opting in for.

Naturally, you will find that some contacts don’t opt in, it is estimated that GDPR could decimate many marketing lists. But those that do will be more engaged with your company and brand having positively decided that they do want to hear from you.

While there is still time before GDPR becomes law (25th May 18), you have a number of opportunities to request consent.

We recommend the following:

  • Make your opt in buttons big and bold. Traditionally, opt out and pre-ticked opt-in boxes are small and inconspicuous; marketers hope that customers will ignore them. With GDPR requiring positive consent we need to draw attention to opt-in boxes. Use all the visual tools at your disposal to get a positive action: large font, icons and arrows, bright colours etc.
  • Sell consent as beneficial. Use language to sell the opportunity to opt in for your marketing communications. Give contacts reasons to give consent such as receiving offers and discounts, previews and VIP access, valuable insights and exclusive market information.
  • Give people several opportunities to opt in. When emailing your existing database requesting that individuals provide consent, don’t just ask once. Keep reminding your list that they need to opt in (up to the 25th May) and give them reasons to do so. On websites when processing orders and data, provide more than one opportunity to opt in for a marketing list: i.e. when a customer gets to the checkout, when their order is processed, as they navigate away from your website etc.

Finally, don’t forget to nurture the contacts that do give consent. They’ve opted in for the moment, but if you fail to keep them engaged they could easily withdraw their consent. Deliver on your promises, provide them with interesting and engaging content, treat them with respect and you can build brand loyalty and increase sales with good quality marketing lists.

If you need help getting your marketing department GDPR ready, contact us at Hyped for more advice and support. Call 01252 717373 or email