You may remember that the European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR impacts how every business handles the personal data of EU citizens, even if the company does not have a physical presence in Europe.
Following in the footsteps of GDPR, California passed its own digital privacy law, called the California Consumer Privacy Act, set to go into effect January 1, 2020. The law will allow consumers to know what information companies are collecting about them, why they are collecting that data and who they are sharing it with.
When GDPR went into effect, many marketers weren’t sure how to react, and questioned how this would impact the future of data and privacy. Now that California has passed its own law, it seems that this trend towards privacy isn’t going anywhere.
It’s likely that other states will follow by passing laws to regulate how businesses use personal data. There is even some momentum for a federal law. Mark Benioff, Salesforce CEO, has called for a national privacy law. Tim Cook, CEO of Apple, believes the U.S. should pass its own version of GDPR.
The trend toward regulating how businesses use the personal data they collect from consumers has significant ramifications for industrial marketers. You need to devote resources to complying with the laws and change your marketing practices. Noncompliance can upset your customers and prospects—and draw unwanted attention from regulators. Fines for violations can be significant. Brand reputations can suffer.
Here are five actions you should take to help ensure your marketing tactics are aligned with privacy regulations:
1. Conduct a Comprehensive Reconsent Campaign
Thirty-five percent of marketers worldwide are asking everyone on their marketing lists to reconsent, while another 35 percent are taking a limited, country-by-country approach to reconsent. (eMarketer, subscription required).
Email is the most common way to execute a reconsent is a campaign. Reach out to everyone on your list and ask for their permission to continue to market to them. You may have already done this as part of GDPR compliance or as a list hygiene initiative. It’s a good idea to run a reconsent campaign every year.
As part of your reconsent campaign, ask people to confirm their opt-in decision. Give them clear and easy access to your data privacy policies, let them know how you will use their data, and remind them they can always opt-out.
Don’t just focus your reconsent messaging around compliance with privacy laws. Give your audience a business reason to reconsent. Remind them of the benefits of hearing from you, such as all of the great content and information they will have at their fingertips if they continue to opt-in to your marketing communications.
2. Create a Preferences Center
This action goes hand-in-hand with a reconsent campaign. A preferences center is a web page that allows your customers and prospects to select which channels they prefer for communication with you (email, text, etc.), what specific types of content they would like to receive, how often they want to hear from you, and other preferences.
3. Strengthen Options for Consumers
A typical scenario: you ask a prospect to fill out a form in order to download a white paper and your form includes an opt-in checkbox that’s already ticked, forcing the user to uncheck it. This is not only inconvenient for the visitor, it’s not in compliance with GDPR.
Also, make sure it’s easy and obvious for email recipients to access your polices and preferences center, and to unsubscribe from your communications. These links should be clearly labeled in every email you send. You can also put these links on your web pages headers and/or footers.
4. Keep Accurate Records
You should keep records of who consented, how they consented, when they consented, and what they consented to. When questions arise, the burden of proof for consent often rests with the company, not the consumer.
In addition, you should keep a “do not email list” of anyone who has unsubscribed or has not reconsented. Screen any new email addresses you get against this list to make sure you don’t add someone to your permission-based list who doesn’t belong there.
5. Vet Your Media Partners
Your media and marketing partners have to be as rigorous about compliance with privacy laws as you do. For example, before you sponsor or place an ad in a partner’s e-newsletter to their subscriber base, be sure to ask if they have conducted reconsent campaigns. Ask if their subscriber database is compliant with GDPR or other applicable data privacy laws.
If you are experiencing challenges understanding or complying with data privacy laws, consider working with a reputable partner that has an accurate, opt-in database comprised of engineering, technical and industrial professionals and has the marketing expertise to help you connect with this audience.