25th May 2018. Write this date in your diary and circle it in red pen! This is the date that EU GDPR will come into force and all marketers should be taking action to prepare now. The precise legalities of GDPR are complex and wide-reaching. However, there are some key principles that everyone should be aware of. Specifically, there are some points which you may feel unsure about or may not have realised so I've picked out 5 of the top 'gotchas' below which you should start thinking about now.
1. B2B and B2C data will now be treated the same. Currently, in the UK, management of B2B data is much less strict than B2C. However, from 25th May 2018, all of this data will need to be treated the same. For B2B marketers, this is a big change and will definitely require action to prepare.
2. Pre-ticked checkboxes are explicitly prohibited. No more sneaky 'untick this box if you do not want to receive emails' boxes. Consent must be explicit and affirmative. An optional checkbox on webforms is the best way to manage this consent.
3. 'Legitimate interest' may allow you to communicate with people who are not opted in. Although this is still a largely grey area, there is some allowance for marketing to a portion of your audience who haven't yet opted in but who have a 'legitimate interest' in your communications. This may include existing customers or prospects you are already speaking to.
4. Consent for marketing communications must be separate to other terms and conditions. You cannot bury marketing consent within your legal terms and conditions. It must be separate and optional. The best way to manage this is with a separate checkbox on your webforms.
5. 3rd party data is still legal, but will be very difficult to handle. Consent for 3rd party data must specify who will be using the data and what for. This means that generic statements such as 'your data may be passed to third parties' will no longer count as a valid opt-in. If you purchase data currently, speak to your providers to check what they are doing to comply with GDPR.
It is never too early to start thinking about GDPR and with the increase in potential fines (up to €20m or 4% of group revenue) for non-compliance, it's not worth 'winging it'.
At Nebula, we are already planning our opt-in campaigns for existing data and revamping our process to prepare. If you need any support with your own marketing data, please do get in touch or you can read our handy 'Managing a Confirmed Opt-in Process in Pardot' guidebook.
Confirmed opt-in (COI, also known as double opt-in) is a process that verifies that a prospect’s email address is legitimate and enables you to collect their explicit consent to receive marketing communication emails, which will help to ensure you are GDPR-compliant before the rules come into force in 2018.