Just weeks after Facebook’s Cambridge Analytica crisis, the compliance deadline for the General Data Protection Regulation (GDPR) in the European Union (and really, all companies with international reach) cannot come at a better time for businesses and consumers alike. With the regulation coming into effect before we know it, retailers need to kick their plans into gear now, navigating these new rules to ensure the protection of consumers’ personal data.
Personal data is a broad term considering the depth of consumer information that retailers have, from shopping behaviors and preferences to credit card information and billing addresses. Therefore, it’s hard to identify everything it encompasses. This is why GDPR compliance is such a tall but important order.
With experts estimating that only 25 percent of customer data in marketing databases meets GDPR requirements, the key to a retailer's success in transitioning into the GDPR era is transparency and understanding their customers’ rights.
What Consumers’ Rights Mean to Retailers
The GDPR will be a step to levelling the playing field. Organizations can take a proactively ethical stance on consumer data protection and privacy, without the risk of losing out commercially to competitors that have fewer scruples. The regulation will also greatly prevent consumers’ personal information from being abused. Furthermore, abiding by these new policies will demonstrate to customers that global retailers are worthy of their trust as well as their communications.
Consumers want and need the protection of their personal data, and GDPR is designed to enable individuals to have more control over their personal information. Starting May 25, customers will have eight individual rights (the right to access, to be informed, to rectify, to erasure, to restrict processing, to object, as well as rights in relation to data portability, automated decision making, and profiling) that enable them to easily access their personal data and understand how it's used by retailers that they frequent.
Minimizing the Effect on Email Databases
Some retailers see the GDPR as a threat to their email revenue, considering that they'll only be able to email people in the EU if they have consent that's in line with the regulation. However, these new guidelines don’t have to mark the death of marketers carefully curated databases. A step towards a seamless transition is through a permission pass campaign. In short, this campaign requests anyone visiting the website who hasn't verified their opt-in status to confirm that they still want to receive emails from your brand. Smart campaigns only target those subscribers with multichannel opt-in messaging who haven’t given explicit permission to receive marketing emails yet, while showing different content to the rest of the customer base.
The dawn of the GDPR means that retailers need to learn what new consumer rights are worthy of a second look. If customers provide proof of their identity, they now have the right to erasure and to object. The right to erasure means that an individual can request that all of their data is deleted, while the right to object means permanently stopping any permission-based marketing for that customer. However, losing contacts doesn’t have to mean losing sales. If those who don’t engage can no longer be emailed after the GDPR comes into effect, it might just leave you with a cleaner, quality-over-quantity subscriber base.
What’s New in Newsletter Subscriptions
Though retailers can personalize offers and lead customers through their online shopping journey, permission is needed for any other direct communication. Per GDPR, retailers can no longer auto-subscribe customers to their newsletter after making a purchase or use pre-filled email opt-in checkboxes on forms.
Fret not; there are still lots of ways to grow your newsletter list. Marketers should use all available channels to ask customers to sign up to receive emails, including their website, transactional emails and the classic refer-a-friend campaign, although the shopper will need to do the sending. Offering clear value is good marketing practice and meets the GDPR requirement of using nontechnical language. Consider phrases like, “Would you like news of special offers and the latest products by email?” instead of “Do you want to sign up for our newsletter?”
While these are tips for navigating the murky waters of the post-GDPR world of e-commerce and online marketing, this isn't legal advice. For more information about GDPR compliance, talk to a lawyer and visit the ICO Guide to the GDPR here.
Mike Austin is CEO and co-founder of Fresh Relevance, a personalization platform for online retailers.
Related story: What Retailers Need to Know About GDPR