The General Data Protection Regulation (GDPR) means consent to marketing is no longer just preferable, it’s an imperative. Here’s our ten step plan to ensure we stay the right side of the law.
GDPR changes everything. Not just email marketing, but any channel that makes use of personal customer data: telemarketing, retargeted advertising, paid search campaigns and personalized web experiences. It’s kind of ironic that many brands are going to be inhibited from delivering just the kind of relevant, meaningful experiences most customers crave. But like the class that’s kept behind at the end of school, it feels like all the good kids are being punished for the behavior of the naughty few.
This is especially so in the B2B world, where so many of our clients can justly claim that marketing is in the legitimate interest of the buyer. We’re not selling sugary drinks to children – we’re changing the world. Creating new markets, transforming industries, making people more productive and successful. Hopefully this is recognized as further clarification emerges regarding business scenarios.
This article isn’t intended to tell you what GDPR is and how it applies to the B2B world. There are some great resources out there already that do that: for starters, the Direct Marketing Association website and this 40 page guide from B2B Marketing. Rather than tell you what you should be doing, we’re sharing our action plan to make MarketOne’s marketing GDPR compliant.
1. Form a Committee
What better way to start? We’ve assembled a crack squad to tackle GDPR on all fronts (it goes way beyond marketing). An executive sponsor from the top and representatives from our global IT function, Data and Technical Services practices and Marketing team – supplemented by an external consultant. We meet regularly and have a blast, scheming strategy and tailoring tactics.
2. Assess current state
We’ve aggregated data from our Eloqua automation platform, NetSuite CRM, and a multitude of regional data siloes and run a data audit. It’s not pretty. Like the cobbler’s children’s shoes: full of holes and overdue a good clean. If GDPR was to be applied tomorrow, our marketable database would be decimated. Literally.
3. Get ready to receive
We collect contact data in a number of disparate ways: website form submissions, from outbound calling, through conversations at events or on social media. We’ll be leaning on our data services team to structure the marketing database in a way that enables us to report on how and when contacts got in, and if they consented to marketing. Separately, our IT team is looking at how and where we store and handle all data – being ISO27001 certified helps enormously with this effort.
4. Prepare privacy policies
5. Forms and confirmations
We have four forms: contact us, email subscription, content gating and event registrations. We’ll edit the language used on each so submitters are given a clear and unambiguous option to receive future marketing emails. It’s good practice, so we’ll apply these changes globally – although we’ll probably stop short of requiring a double opt-in via email for markets that don’t explicitly require it. Confirmation messages and emails will also be updated to include a ‘receipt of consent’ and information about link tracking.
6. Build a preference center
Already done – phew. Go take a look (you’ll need to verify your email address first). We’ve kept it pretty simple for now, giving people the option to receive new articles, event invitations or new product/solution updates. Behind the scenes we’ll ensure our emails all map to those categories. Those wishing to unsubscribe will have the option to click the ‘snooze’ button and stop receiving emails for 6 months.
7. Proactively drive subscriptions
We need to give people more opportunity to subscribe to emails. We’re adding some new subscription modules site-wide, including this one in the footer.
We’re also going to experiment with some more interruptive formats on the pages that feature our thought leadership content. It makes some people internally a bit uneasy, but we have to have the confidence that if people are spending time with our content, they may welcome the opportunity to subscribe to more of it – as long as there’s no hard sell.
8. Prompt people to opt-in
Nine months to persuade our database to re-confirm their opt-in. Gulp. No easy task. There’s a program in the works: four automated emails to be sent over four weeks: one smart, one provocative, one funny, one desperate. Then maybe a ‘last chance’, followed by a ‘very last chance’. Then the difficult decision: to purge or not to purge? It’s like cleaning out drawers at home. Is it really worth keeping hold of random odd socks and an adapter for your old iPhone 4?
9. Laser-focused prospecting
We’ll still be using unsolicited email and outbound calling to prospect for new business from our key target accounts. There, we’ve said it. We won’t have consent, but we’ll do everything we can – using information freely available in the public domain – to ensure that each individual we attempt to reach could genuinely benefit from our services. In doing so, we would seek to establish that our use of their personal information is in the ‘legitimate interest’ of both parties.
10. Think beyond email and phone
Perhaps most importantly, we’ll be putting renewed effort into making ourselves findable by optimizing our site for search, and launching a first PPC campaign. We’ll be increasing our reach and reputation by publishing and promoting articles on LinkedIn and Medium, running webinars and events to build community among our customers, and ramping the co-marketing activity we undertake with partners.
Marketing is going to change. For the better. Managing the change is going to be distracting and more than a little painful, but then we’re all going to feel a whole lot better about what we do. No more cold calls. No more spam. Just meaningful interactions with people who actually welcome our marketing, rather than viewing it as an imposition. Nice.