One of the key elements of the new GDPR legislation is that your users / consumers need to grant you explicit consent over how and what you market to them - this means also that you need their permission to store their personally identifiable details and exactly how those details are to be processed. It means you can no longer have a single tick-box for blanket coverage of any and all of your marketing messages.
In fact up until now, the pattern has been largely to have 2 tick-boxes, one granting permission to direct marketing from the site owner, and another granting permission to relevant and related ’select’ or ’preferred’ third party organisations. The latter has in fact been abused for years - in order to allow wholesale sell-on of an entire customer database, i.e. passing on a user’s private data for profit. GDPR resets the whole question of ownership - making the users / consumers the sole and actual proprietors of their data, and giving them full ownership and power over what can be done with that data. Anyone holding such data requires explicit permission from the consumer, they also need legitimate interest reasons to be holding that data - usually relating to delivery of services that the customer has actively signed up for.
When GDPR kicks in, it is unlikely that any customer will allow wholesale manipulation and distribution of their private details. I myself am very careful in what tick boxes and terms I personally sign up to. If I find the wording or any of the content of the sign-up suspect I will abort and make a note to avoid said site. With GDPR there are hefty fines and sanctions in place to deal with companies who seek to abuse the use of any such details - which essentially makes third party mailing lists illegal and obsolete.
GDPR means that you need a double opt-in here - i.e. user signs up and ticks relevant interest / activity tick-boxes, then receives confirmation email notification which they will need to double-confirm to legitimate those marketing activities. Companies are obliged to keep complete records / logfiles of their customers’ permissions.
This means that largely companies and organisations will need to change how they get their customers to sign up to their mailings / newsletters and notifications - those permissions tick boxes will need to be far more granular and precise. The two key reasons here are so that users don’t / can’t blanket opt out / ban you from ever mailing to them again, but instead sign up to genuine areas of interest which are directly related to their hobbies or profession. You may need to include some sort of brief overview each time of what interest topics are available, and which of those the customer is signed up to.
This involves an exercise where you break down your company’s or organisation’s business into distinct content and interest streams. Meaning that say you were a pet shop for instance, you would have separate interest threads for Amphibians, Birds, Cats, Dogs, Fish, Insects, Reptiles, Rodents etc. If you simply mailed out wholesale newsletters with all and any pet information / feed / accessories etc.- some or several of those customers would opt out of mailings for reasons of irrelevant content.
It means that personalisation is key here, and that you need to find the right terminology, and appropriate balance and degree of interest topics to suit your audience. Too few and you will have too much overlap and fallout for those reasons - if you have too many, you will struggle to provide content for each of those streams, moreover you will introduce option overload / option paralysis - meaning in turn that customers may struggle to complete their interest profile - and end up not signed-up to anything at all.
There are of course a variety of ways to divide up your offerings, and some companies may need some degree of experimentation and refinement before the onset of the 28th of May 2018 deadline. This will be a steep learning curve for all of us, and as with most things, few of us are likely to get things totally right the first time around. You now basically have less than 8 months to get all your ducks in a row!
You will need to contact and connect with all of your customer database in that time - find out what it is they really want from you, and their preferred means of acquiring that information. Also don’t be afraid to ask what your customers don’t want to see. With GDPR you only get a single chance to make a good impression - once a customer opts out of mailings, they are out for good - except in very particular circumstances.
Time is really of the essence now to get engaged with best practice, and start composing a detailed interest profile for your business / site - alongside an overview and rationale for what details you will store, and exactly how you will use them and why - and how you will properly justify that.
We may go into further details on a forthcoming ’Insights’ article on the same Explicit Consent topic. The next topic we will cover in more detail is the rather more complex but essential 3-stage process of ’Legitimate Interests Assessment’ - including ’Necessity Test’ and ’Balancing Test’ - or in fact the rationale and supporting arguments for why you need those particular customer details and processes to carry out your normal business.