GDPR and email marketing - Managing your database the right way
June 29 - 2020
GDPR and Email Marketing Data 5 min read
As background, data is what drives the most successful email marketing campaigns. By using data to understand our contacts' preferences, we can then create personalised campaigns which we know stand a much higher chance of converting.
Here's some examples of how this works:
- Ask subscribers for their date of birth in order to trigger a happy birthday email. Usually these are sent with a special offer or discount code;
- Record their purchasing history so you can send them a 'recommended for you' emails;
- Know the date of their last booking if you run a hotel or restaurant so a 'we've missed you' email can be triggered if they don't return in a certain time period;
- Use preference centres so your subscribers can tell you what they are interested in and what they want to hear about.
The important point here is it's great to collect lots of data, providing you have a plan and a strategy in place about how you are going to use it. And from a practical point of view, we recommend you hold one 'master list' so all your data is in one place. You can then create rules and segments to send your emails to the people on your database who you want to receive them.
This makes managing your data much easier and much cleaner. This becomes even more important under GDPR for two key reasons:
- By including a 'data source' field in your database you'll be able to see at a glance where your data has come from (eg a website sign up or a competition entry).
- It will mean all your subscriber activity is one place so you can see when they last engaged with your content complete with a timestamp of when this happened.
One of the key specific questions we've been asked regarding GDPR and email marketing database management is:
"How long do we have to remove a contact from the database if they haven't opened a piece of email marketing (unengaged subscribers), assuming they meet all other GDPR criteria?"
Here's the legal standpoint provided by Stephens Scown:
"There is no set time frame under GDPR for removing a contact from your database, instead you must not hold information for "longer than necessary". Once you have carried out a data audit you can then decide on a series of compliant policies relating to how long you hold customer Personally Identifiable Information (PII). To arrive at this you can look at the transactional history of current customers and measure their purchasing lifecycle. This fits into something called the Privacy by Design concept which is central to the GDPR and the need to keep accurate records of processing."
As an example, if you are selling cars, one might argue that you could keep the customer information on file for 3 years on the basis that you also provide MoTs, servicing and repairs; and changing a car every 3 years is reasonable buyer behaviour. However, if you sell something smaller and consumable such as paper towels, the counterpoint is if someone hasn't bought again, or engaged with you in 12 months, then it's unlikely that they will be interested in the future and should be removed.
Each business can set out their policy for data retention, considering the above, and record it in a folder held by the individual responsible for Data Protection Officer.
The second most common question we've been asked on this topic is:
"We have heard that we can run re-opt-in campaigns to our existing database. Can we send an email and rely on the evidence of the recipient clicking on a trackable link to remain on the database (instead of ticking a box)?"
Firstly you need to make sure that you have the right to contact your existing database with a consent-related email. First, figure out whether you are relying on legitimate interests or consent - you don't need both. This is really important, as simply sending this kind of opt-in campaign could be a breach of the GDPR.
If you do have the right to contact your database in this way, remember, as covered in the previous article, explicit consent is needed: it must be clear, positive and transparent. So the clicking of a link could work as the giving of explicit consent, provided the above criteria are met. You will need to keep a record of the 'click' in your email platform and ensure that travels with the contact if you move platforms in the future. But from a marketing point of view, ask yourself whether or not this is needed. If you're already creating great content and a subscriber isn't engaging with it, will a re-opt in campaign make any difference?
And the final most frequent question we're being asked is:
"Do we have to delete contacts who don't meet the subscription process?"
You should keep the email address of the contact and it should be set to an unsubscribed status in order to avoid the contact accidentally being added to the list again after they have unsubscribed from it. However, you should delete any additional information associated with that contact.
In summary...
- Use a master list to manage all your data, making sure you are suppressing unsubscribed and cleaned contacts.
- Only collect data from your contacts that will help you send better email marketing campaigns to them.
- Remove contacts from your database who aren't engaging with your content.
This concludes our series of articles on GDPR and email marketing. Our aim is to help you send better emails and to make sure they are a catalyst for fuelling the growth of your business.
These articles and the guide are only looking at GDPR in relation to email marketing and do not set out to look at the wider reaches of the law, if you want specific legal advice for your own circumstances, you should contact Stephens Scown at ip.it@stephens-scown.co.uk to talk to their Data Protection Team.
If you would like support with your email data management, please get in touch with Jarrang at contact@jarrang.com and our team will be happy to help.
Subscribe to our insights newsletter
Be the first to hear about what’s hot in e-marketing and straight to your inbox.