With less than a year to go until the implementation of GDPR (in May 2018), ideally SMEs will already be well on their way to compliance. It is, however, important to understand that you not only need to know that you are compliant, you need to be able to prove that you are compliant.
Here are three tips on making that happen.
Now is the time to double-check all of your data-capture channels and ensure that, at the very least, you have eliminated any last traces of opt-out marketing, including any obscure forms buried deep in forgotten pages of your website.
You will also need to rework any strategies that rely on buying marketing lists or capturing emails by casual means such as leaving a jar for business cards at a trade show.
If you’re in the EU and using MailChimp as your mass-marketing tool, then double opt-in will be your default setting and you will actively need to change it if you so choose (though for most companies it is strongly recommended to leave it as the default). Other email marketing tools have their own settings and it is worth making sure that the one you use offers double opt-in and has it enabled for your account.
What this means in practice is that, after initially indicating that they wish to receive a communication by means of a sign-up form, the user then has to confirm this preference (and verify their address) by means of clicking a link.
While it’s understandable that some companies may see this extra step as going against the principle of making the customer journey as smooth as possible, the fact is that if someone isn’t interested enough in your communication to click a link, they’re probably no great loss to your mailing list in any case. In addition, this approach does catch genuine mistakes (typos) as well as keeping you on the right side of the regulators.
From a marketing perspective, social media sites are essentially intermediaries between users and brands. Companies that wish to advertise on social media essentially buy advertising space from the platform and the platform puts up the adverts on their behalf.
This means that it’s the platforms in the firing line as regards compliance with GDPR rather than the brands themselves.
While this may seem like an attractive approach to small companies that already feel like they have more red tape than they can handle, the convenience comes at a price, which is that you can never really own your customer database if you’re working purely through social media platforms. It leaves you entirely at the mercy of the platforms’ rules and their prices for advertising and indeed any other charges they may wish to levy. You’re also at the mercy of outages to their service.
For all these reasons, there is still a lot to be said for continuing to use email marketing to a database you control and accepting the need for GDPR compliance.