A modern guide to help you grow your business with compliant marketing practices.
Marketing compliantly - there's no way around it these days.
There's more data regulation in place (and more on the horizon 🙄) and a growing awareness amongst us - both as individual consumers, and as professionals in a business - around how our data should be treated. And, we care about that. It's now a factor in our decision making when we choose new products or services.
More regulation ➕ more awareness means sooner or later you need to be doing things correctly - especially when you interact with prospects and nurture them into fully fledged customers. But, you know that - you're on this guide after all... Congrats on taking the first step 👏.
Without further ado, lets get into the nitty-gritty of creating a process for your marketing activities that's compliant ✅.
What you'll learn.
Why you should market compliantly.
Thankfully there are many more reasons to market compliantly than just "it's the law".
I'm going to open your mind 🧠 and shift your mindset from this is something "we have to do" , to "by doing this here's everything else we can leverage to our advantage".
- Brand reputation: One of the most important assets to your business. Painstakingly created and far too easily damaged or lost. Data protection is an arena you can use to exemplify this reputation - by being upfront and transparent with how you process data collected, offering plain english explanations, and complying with the regulations.
- Future proofing: By getting your marketing data compliance ducks in a row now, not later, you will save yourself from accruing more and more challenges the longer you wait to resolve it. For example, you might have rushed into collecting data from prospects via high effort marketing efforts, only to realise too late that you collected the wrong marketing consent and you can't use the data how you intended to... An expensive, avoidable situation to find yourself in 🤦.
- Competitive advantages: Data ethicacy and privacy awareness are relatively recent trends. Incumbants in nearly every industry are failing to adapt to these new pressures at the tempo the market demands. As a result, there is opportunity abound to further distinguish your business from the competition from a privacy and data trust perspective - something you'd need to walk the walk on in your own marketing efforts.
- (and) It's the law: There are two pieces of regulation that apply to your marketing efforts (in the UK / Europe): 1) The General Data Protection Regulation (GDPR), and 2) The Privacy and Electronic Communications Regulations (PECR). The PECR complements the GDPR and sets out more specific privacy rights on electronic communication (think email, text, fax!, automatic phone calls etc.). Just because you're not British Airways doesn't mean you can't be caught out by the Information Commissioners Office (ICO). Complaints raised to the ICO by an unhappy customer or prospect who reports a non-compliant practise you use may result in an investigation or a fine. In any case, you want to avoid their attention!
How to market compliantly.
This will vary based on who you're marketing to.
- Business-2-Business 🏢
- Generally, it's okay to send electronic marketing to individuals within businesses (UK). You can rely on legitimate interest and market without consent. You must tell people who you are, and you need to provide an option for people to opt out / stop receiving marketing.
- This effectively means that you can market to people who work in a business (known technically as "corporate subscribers" ) without relying on consent as your lawful basis. Some caveats do apply: 1) This is the UK interpretation of the PECR - other countries in Europe can take a different view; 2) Sole traders and partners (think law firms) do not count as "corporate subscribers" ; and 3) If you're not processing personal data neither the GDPR nor the PECR applies.
- Business-2-Consumer 🧍
- When emailing or texting private individuals, you almost always need to ask for consent before sending them electronic marketing. There is, however, one exception to the consent rule under PECR: the soft opt-in.
- You can rely on legitimate interests and send electronic marketing without consent if: 1) You have obtained the contact details in the course of a sale, or negotiation for a sale, of your product; AND 2) You are only marketing your similar products or services; AND 3) You provided a simple opportunity to refuse or opt out of marketing, both when first collecting the details and in every message after that.
What process to follow.
Great question! Glad you asked. We've created a beautiful flow-chart you and your team can easily (and simply) follow to understand who you can market to and what lawful basis you can rely on 👀.
FAQs from peeps like you.
All answers are provided by our Head of Delivery, Tom Gell. He oversees the data compliance of all of our wonderful customers. He literally eats data regulation for breakfast 🥐 (probably a true story).
"When purchasing sales contact data, what measures can I take to ensure the data is GDPR compliant?"
There is no such thing as having a GDPR compliant list. However, you may be talking about the data being from a reliable source. Most people in the UK won't be surprised to receive marketing emails via their business email address as it's commonplace, unlike in other countries. Keep in mind, there are always going to be risks when it comes to email.
"Can we use Google Forms to get consent?
Consent is a clear and unambiguous statement that displays what you're using data for. Using a tool such as Google Forms to display this is a good idea because it tracks when the consent was given, which is a good record to have as a business.
"As a customer, companies make it difficult to unsubscribe. Is this ok, or is it shady?"
US companies don't think about consent due to their local regulations. This means when it comes to them marketing in the UK, they don't think about it. Smaller companies often don't follow the regulations and almost feel immune due to the regulators going after bigger companies and a lot of the time they get away with it.
Keep in mind that if it annoys you, it probably annoys many others. When thinking about your data protection practices, put yourself in your customers' shoes. Would you trust your own company with your data? If the answer is no, then there are probably some change that need to be made.
If you're looking to understand how data compliant you are today, or what steps you need to take to become data compliant, it's worth talking to one of our experts. Our experts can create the policies & procedures and provide the support you need to market compliantly. To find out more, you can book in a call now.
