In the immediate run-up to the GDPR deadline back in May, inboxes became flooded with emails from companies desperately seeking to re-engage customers in their existing marketing databases in a mad panic to achieve compliance in time.
In many cases, such re-engagement was triggered more by a desire to stay in the middle of the pack – to behave just like everyone else – rather than any actual understanding of the law. That same failure to understand the rules around personal data and marketing has led some companies to unnecessarily delete huge portions of their databases in the incorrect belief that this is required under the GDPR.
Now that we’re nearing the six month mark since the GDPR roll-out, is there a better understanding of the law?
What the law actually says
The GDPR is of course an important part of this conversation, but it is not in fact the primary piece of legislation that we are concerned with here.
The ePrivacy Directive was drafted specifically to address the requirements of new digital technologies and ease the advance of electronic communications services. It regulates a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. Interestingly, it was supposed to be replaced by a new EU regulation at the same time the GDPR came into force (May 25, 2018), but EU lawmakers still haven’t been able to finalize the new rules, so we’re stuck with the Directive for the time being.
Under the Directive, companies require prior consent to send marketing materials by email to individuals in their databases.
The reason the GDPR is relevant (and hence the reason for all the panic leading up to its deadline earlier this year) is because the GDPR raises the standard for consent, and this new standard must now be applied to other areas, such as the ePrivacy Directive. So (to the extent they thought about it at all), companies could use the implied, pre-ticked box, “soft” consent they previously relied on to send emails to individuals before GDPR was implemented to send re-engagement emails seeking the higher, explicit, non-pre-ticked box consent that is required under the GDPR for future marketing campaigns.
Crucially, however, neither the GDPR nor the ePrivacy Directive prohibit companies from having marketing databases per se, or from engaging in other forms of marketing without end-user consent, provided such activities are conducted in the right way.
The restriction is therefore on email marketing without consent but there are two areas marketers might consider placing a larger emphasis on to mitigate the challenges with email marketing:
– Non-email based marketing, such as direct mail, is still on the table, and we can expect such alternatives to become increasingly common, despite the fact that many of these approaches struggle with scalability and lack the personalized touch that is possible with email campaigns.
– Website personalization also offers a practical alternative to email marketing with many of the same advantages. Unlike an email campaign, this approach relies on the desired recipient proactively arriving on the website (rather than being sent an email), but many of the advantages of a traditional email campaign are retained; messages can be personalized, it has universal scalability, and so on.
There are huge opportunities for marketers who can think imaginatively around these issues and can create solutions that are both scalable and personalizable.
Website personalization as a means of driving re-engagement
As noted above, with the GDPR in place, it is no longer possible to rely on the lower standard of consent to send re-engagement campaigns to individuals in your database. However, with the right personalization tools, websites themselves can be used to continue re-engagement campaigns that began on email prior to the GDPR.
For example, personalization can allow companies to be alerted when a visitor in their database (but who has not opted-in to receive marketing emails) arrives on the site and deliver a personalized message accordingly. That may be a request for re-engagement to marketing or even the delivery of specific content that might otherwise have been the subject of an email campaign. The effect is that specific content can be targeted to individuals in the database, but without breaching the restrictions in the GDPR or ePrivacy Directive.
Marketing databases can take years (in some cases, decades!) to compile and are hugely valuable business resources. Brands can still retain this resource and continue generating value from it in our post-GDPR era.