Repermissioning Rules: What They Mean For Marketers

The U.K. has voted to leave the EU, but the union’s General Data Protection Regulation is still law. Brands must clean up their data sets by May 2018.

Repermissioning Rules: What They Mean For Marketers

Despite the U.K.’s Brexit vote on June 23, the EU’s General Data Protection Regulation (GDPR) is now law and, whatever trade deal the U.K. strikes with the European Union, it is likely to either remain the law or a de facto standard.

This means all use of EU customer data must be unambiguously and freely opted-in for, so it’s time for all marketers to repermission those lists or face hefty fines.

Without GDPR compliance, British marketers would not be able to market to EU citizens—putting them at a huge disadvantage—and would incur the cost of running separate databases.

So, in practice at least, nothing has changed in EU marketing since the Brexit vote—brands have two years to become GDPR compliant or risk fines of up to 4% of global annual turnover. That gives brands until May 2018 to clean up their data sets and make sure that contacts, email ones in particular, have given their free, unambiguous, and informed consent to be contacted.

For that to be provable, the next two years are going to see a mass of brands and agencies “repermissioning” contacts. Experts warn that CMOs should be under no illusion and that this is going to be an arduous task that is likely to see data sets shrink and make taking the shortcut of buying in third-party email lists potentially far more risky than today. Little surprise, then, that 42% of marketers expect the new law to extremely affect their company and one in three admit they are unprepared for the shake-up, according to the DMA.

For B2B marketers, used to opt-out arrangements in the U.K, it means no more assumptions somebody can be emailed just because they dropped a card in a hat to enter a competition or appeared on a conference list and has yet to get around to requesting you stop emailing them.

For B2C marketers, already used to opt-in, it means no more mission creep. If a brand wants its other brands to get in contact or wants to add that customer to another email list, it needs to first offer a tick list for an unambiguous opt-in or out of each use of their data.

Grey Area, Guidance Coming

As any observer may imagine, there are many grey areas currently being explored by experts such as Antony Humphreys. He is key account manager at email platform Adestra as well as the company’s in-house resource on GDPR. These areas of uncertainty will remain occluded, he predicts, for much of the rest of the year. When he contacted the Information Commissioner’s Office (ICO) for official guidance on a financial service company’s repermissioning strategy, the reply has been: “It will be coming over the next few months.”

Humphreys said: “The obvious grey area, particularly for B2B, is when people are on a list they haven’t asked to come off and they’ve downloaded white papers, but you can’t be sure they explicitly opted in.

“We think someone like that, where you can’t prove an explicit opt-in, would still need to be repermissioned through an email asking if they’re still interested in hearing from you. The huge problem with that, of course, is people may be OK with you emailing, but they can’t be bothered to click on a link and give permission, so your email lists get smaller and smaller.”

Creative Permission Requests

For repermissioning to work well, brands are likely going to need to be more imaginative than they were with the cookie acceptance box, which offered no choice and just got in the way. Many are expected to use the process more creatively, and so, instead of bluntly asking people if they want to receive more email, permissions will be presented as an opportunity to join a shopper club. Join a VIP list and customers will get the best offers first. That is certainly how online florist Appleyard expects the process will be positioned, according to its email marketing manager Tara Homayounbod.

“We’re looking for ways to develop our existing proposition,” she said. “One of the strategies is a VIP membership for top-spending customers and also to have an up-to-date preference system whereby the customer is in control of how often they receive direct marketing. The main thing that may be a hindrance is a specific timescale, although we have discussed getting this setup within the next six months.”

It is probably fair to say that a lot of brands are not working to such a short-term deadline, given that compliance is not backed up by huge fines until May 2018. Rob Wood, head of online at high street and online toy retailer The Entertainer, may well speak for many when he admits to taking a “watching brief” approach.

“I think we’re like a lot of people; we’re talking about it, but we’re also waiting to see what others do to get a steer on what we may want to ‘borrow’,” he said.

“We’re very clear with our lists already, when people sign up to, say, get alerts around a child’s birthday, so we have an informed sign-up. Where we may have to put in some extra work is permissions around the eReceipts we’ve started offering customers. We may need to make it much clearer what marketing information customers want to sign up for and what they don’t.”

Hence, although the best advice would be to repermission lists as soon as possible so May 2018 does not come as a sudden shock, it would appear that many brands are investigating options and waiting for official ICO guidance ahead of making concrete plans.

Sales Friction Dialled Up

When lists do start to be made compliant, there is one inevitable consequence, according to Nick Laird, COO of the Association of Professional Sales. A former marketer himself, he has been working with his sales organisation’s digital marketing agency, Brighter Directions, to get a sense of the day-to-day implications of GDPR for both the organisation and its members.

“The friction that’s always there between sales and marketing is going to get worse in the short term,” he said.

“GDPR repermissioning is going to shrink email lists, particularly in B2B, and buying in lists isn’t going to be as easy because those lists will shrink too and it’s going to be hard to know if they’re fully compliant. So smaller lists mean fewer leads and more friction, I’m afraid. In the long term, though, better lists will lead to better qualified leads but there’s going to be friction in the meantime.”

While brands keep an active watching brief on the issue, it would certainly make sense for marketers to build in unambiguous, informed consent in each type of use they intend to put new customers’ data to. In the longer run, though, there is little getting away from an uphill task that will likely increase friction with sales and reduce lists.

Any contacts, who you cannot prove in court were given a free choice and unambiguously signed up to receive the messages you are sending them, will have to be repermissioned. It’s going to be arduous but nowhere near as tough as paying up to 4% of global revenue in fines for non-compliance.