In 2014, Canada’s Anti-Spam Legislation (CASL) rocked the world of email marketing. To better protect consumers’ privacy, CASL places restrictions on how and when brands can send shoppers unsolicited emails or spam.
Following the lead of countries like Canada, the European Union (EU) is set to release its own privacy regulations in early 2016, called the General Data Protection Regulation (GDPR).
These legislative shifts are being implemented by specific countries, but they will – and already do – impact email marketers globally.
As with CASL and Canada, the proposed European laws will affect anyone sending emails to European subscribers. This means that all marketers sending emails to anywhere in the EU have to ensure that they are complying with the policy’s data storage and technology mandates.
A final draft of the GDPR is expected to be made public as early as next month, and there will likely be a grace period after implementation before true enforcement starts. Before GDPR becomes a reality, email marketers should use their existing databases to prepare for pending changes to their campaign strategies.
Where to start with GDPR
Under the law, marketers cannot contact email users who do not wish to be contacted. Like CASL, GDPR echoes concerns about consumer privacy and data storage, and marketers will no longer be able to send emails to shoppers without the right permissions.
To start, marketers need to be aware of who is currently in their databases. Even if brands do not think that they are sending emails to someone within the EU, it’s better to double check existing email lists and avoid future penalties.
There are three ways marketers can audit their databases: manually look for European suffixes in subscriber profiles; work with an ESP to develop channel specific strategies that eliminate EU addresses; or create opt-in subscriber information based on physical location data.
Email marketers need to look critically at who and where their subscriber information is coming from. The EU is a large geographic area with 28 countries and over 500 million inhabitants, and brands cannot be nonchalant in assuming that their subscribers do not fall within in this range. Diligence here is particularly important for brands with broad email programs that have a higher chance of EU overlap.
Moving forward, marketers must avoid adopting the attitude of ‘I’m not doing business there, so GDPR doesn’t matter to me’. While brands do not anticipate GDPR to be quite as strict as CASL, just a single email sent to an unwilling EU consumer can leave brands in hot water.
As proven by legal cases spurred by CASL infractions, foreign legislatures are serious about enforcing new privacy guidelines. EU policy makers will reserve the right to prosecute offenders whether they are a part of the EU or not.
Beyond keeping subscription databases clean, the new GDPR bill will likely cover issues of consent. Email marketers need to focus on clearly communicating online consent policies with consumers and make sure that consent responses are easily amendable.
A major endeavor of GDPR will be to eliminate confusion about consent to receive communications. This is particularly true for users under the age of 13, who will need – as with many other types of consent – parental permission to receive emails from brands online.
Although consent has become somewhat of a grey area in the world of email marketing, brands need to step up and create a high standard for procuring it in the months to come. This applies to both current and future subscribers, and marketers should provide users with straightforward ways to opt in or out of email campaigns.
For example, this could be a simple call-to-action that allows consumers to ‘check yes’ and receive more emails in the future. No matter how consent is obtained, it has to come directly from consumers and brands need to be able to prove without a doubt that they have it.
In addition to consent, email marketers need to increase transparency for data collection and storage practices. Proper data collection starts with identification and keeping track of where subscribers’ information is coming from.
If brands are going to keep records on shoppers and generate databases about them, they have to keep their facts straight and data safe. Proper data management is just another layer of responsibility that brands owe their customers.
Email marketers must communicate what kinds of data they are storing, as well as where they are storing it. In light of recent data breaches, many shoppers are on high alert about trusting brands to adequately safeguard their information.
In order to absolve these fears, retailers can educate shoppers on how data is being treated and foster a sense of trust through increased transparency.
Subscribers’ data is important to making more effective and personalized email campaigns in the future, and it’s not something that brands can afford to lose due to a lack of confidence in their security measures.
Learning from CASL
While many marketers took steps to prepare for CASL, a large potion did not and the policy’s strict enforcement took them by surprise.
No brand should be in the same predicament when it comes to GDPR, and all still have ample time to ensure compliance with new regulations. The bottom line is email marketers have to take privacy legislation seriously.
Any resources marketers invest in now to meet global privacy standards will pay off in the long run. The trend of strengthening subscribers’ privacy and consent rights will only continue to grow, especially as policies like CASL and GDPR find their footing.
The same can be said about data collection and storage, as the field offers many exciting possibilities for brands to refine their relationships with shoppers.
In the future, even the U.S. could implement legislation regarding how brands can interact with subscribers via email. Although this is most likely a far-off future, email marketers should be forward-thinking in their efforts.
Sourced from Bob Sybydlo, Yesmail