In the latest in our series of articles, designed to provide advice on data-driven marketing strategies, we look into email marketing in the post-GDPR era.
The Decision Marketing Data Clinic, in association with Sagacity, is open to all companies and organisations big and small. If you have a burning issue which you would like advice on please email us at info@decisionmarketing.co.uk
Email is a key marketing channel for brands, but under the UK GDPR, organisations can’t send marketing emails without active, specific consent. Here, we explore why email is tougher than other channel and explain everything you need to know in order to understand consent for marketing via email.
What has changed for email marketing since GDPR was introduced?
Post GDPR, the Privacy & Electronic Communications Regulations (PECR) rules use the UK GDPR standard of consent. This means that email is predominantly opt-in, unless you have strong provenance, or which you can prove using the ‘soft opt-in’ option. It is one of the biggest shifts in marketing communications and one that presents a significant challenge for brands and first-party data, one of the most valuable tools for email marketers.
However, when it comes to third-party data, things get even tougher and the instigator debate looms large. The instigator of the communication is the end client/brand as they are ‘initiating’ the communication to be sent.
Some data agencies are still selling electronic (email) data that has been gathered from various sources where a brand hasn’t specifically been named at point of capture. The lawful basis for processing user data to third parties is consent but given the way that most third-party data is gathered and sold, it seems highly unlikely that the correct level consent has been gathered.
Under the lawfulness of processing and consent, the brand processing the data should have been named at the capture point as they will be the instigator of the email communication.
Understanding consent: opt-in emails
This is clearly stated in PECR Regulation 22, ‘Use of electronic mail for direct marketing purposes’: “A person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender.”
Understanding consent: soft opt-in
The other option which brands can use is the ‘soft opt-in’ scenario. Again, this is stated in PECR Regulation 22 as follows: “A person may send or instigate the sending of electronic mail for the purposes of direct marketing where:
(a) That person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;
(b) the direct marketing is in respect of that person’s similar products and services only; and
(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.”
If using the ‘soft opt-in’ scenario as set out above then a reasonable expectation has been set, i.e., the individual would expect communication based on the interaction they have already had with a brand, so the communication cannot be classed as cold.
But, as a cautionary note, those organisations will need to ensure the appropriate accountability and safeguards are in place to protect individual rights, making sure there is a clear audit trail and the provenance exists to be able to process an individual’s data in this way, otherwise there would be larger volumes of unwanted communications.
We believe that only data gathered where the brand is explicitly mentioned and to which the consumer has opted in, i.e. given their consent, can be used. As such, it requires considerable foresight and planning to build a tool that will provide email marketers with lawfully gathered, fully consented, first-party data. At Sagacity, we work closely with brands to help facilitate this process.
What are the challenges that brands face?
As mentioned above, brands face challenges regarding email and consent in general – there are several lawfulness of processing options but remember that if you ask for consent and you do not receive this in the first instance you can’t then decide to choose another lawful basis.
What is key is the originating capture process and ensuring explicit consent is gained and the individuals understand what they are likely to receive – in other words, ensuring transparent wording is in place in both the data collection notice and corresponding privacy statement.
How can brands gather relevant first-party data?
Sagacity works closely with clients to understand their needs and help capture the core level of consent required. This is performed via collection techniques and brands can be named at point of capture, i.e., a data collection notice with clear links to the brand’s own privacy statement, ensuring individuals understand who their data will be processed by before giving consent and agreeing to receive email communications.
Staysure senior commercial marketing analyst Steve Hansard explains how this works in practice: “After detailed scoping exercises, data inputs and consent methodology for first- party data was agreed and is now collected and maintained in a coordinated, controlled and documented way from multiple disparate data sources for all our channels and brands. This ensures our email data is high quality, accurate and compliant at all times. This data is then fed into our email tools to send effective communication campaigns with feedback loops of any customer information changes being fed back and processed.”
One other area which should be approach with some caution is the difference between a service and marketing email. The soft opt-in scenario can be used to deliver a service message but that message should not contain any form of marketing. A number of high-profile brands have fallen foul of this by including a marketing message on an email regarding a service provided by the brand.
While the above might sound challenging, email is still a channel worth pursuing as long as you can prove consent for the use of first-party data. Because email volumes are low, response rates are good compared to other channels, so it’s worth putting in the time and effort to build your first-party data.
Andrew Bridges is data quality and governance manager at Sagacity