With the General Data Protection Regulations (GDPR) coming into force in less than nine months’ time, you should be thinking about the changes you need make to your marketing strategy now!
Advertising and marketing through email is likely to be a large part of your business strategy especially if you are involved in e-commerce. Consent to direct marketing is one of the major changes the GDPR is bringing about and you will have to be much clearer about obtaining consent from your customers.
To meet new regulations, your requests for marketing consent need to be:
- On an opt-in basis – best practice is to have opt-ins that require a box to be ticked, rather than unticked. A pre-ticked box will not be considered enough to demonstrate consent. Mixing ticked and unticked boxes will also make it harder to prove consent was given.
- Specific to each activity – you will need to make sure you have separate consents for different marketing activities.
- Transparent, so that all third parties are mentioned specifically. If you are sharing personal data with another company, the customer has a right to know.
- Separate, so that consent for marketing is distinct from the acceptance of T&Cs.
You will also need to demonstrate a clear trail of the consent-gathering process, including storing the fact that consent has been given and also what the terms of that consent was.
Is GDPR the same as PECR?
No, the Privacy and Electronic Communication Regulations (PECR) are existing rules in place that govern electronic communications, including nuisance calls and messages, cookies and the provision of internet or telecoms services. Whenever you want to contact customers with marketing or advertising, the PECR should be on your mind.
However the PECR regime are currently under review and are set to be replaced by the ePrivacy Regulation (ePR) in May 2018. There are number of changes that are likely to be made by the new regulations including changes around how you gather consent online. Although the changes are still in proposal form, we expect there to be a tightening of the rules around electronic marketing and opt-in consent, which is consistent with the GDPR.
The new regulation is also likely to change how you use your cookies and other online tracking devices, including a shift from using website cookie banners to focusing more on users’ browser settings.
These changes brought about by the ePR seem to be moving towards greater accountability around online consent and a closer relationship with the GDPR.