GDPR and Marketing … surely the two things don’t go together.

With so much scaremongering about GDPR and Marketing – not to mention the imminent fines from the Information Commissioner’s Office – some companies appear to be throwing in the towel entirely with their direct marketing efforts. But is this necessary? In today’s blog on GDPR and Marketing from Marketing Exec, Beth, we explore some of the nitty gritty surrounding GDPR and how it could affect your marketing strategy for 2018 and beyond.

What is GDPR?

In a nutshell, GDPR refers to the new Data Protection laws coming into force across the EU and the UK on 25th May 2018. The new laws are designed to take into account new technologies and to prioritise the privacy of individuals, particularly when it comes to personal and sensitive personal data.

The legislation sets out various definitions of what constitutes personal data, who handles it, how and for what purpose, the storage of that data and the implications of losing, misusing or disclosing said data. There are also significant fines (in some cases up to 20 million Euros) for substantial data breaches where the ICO feel that someone’s privacy has been compromised. You can find out more about GDPR here.

And as you might expect, GDPR and marketing consequently have a lot of cross-over.

How does GDPR affect Marketing?

GDPR, and the changes it brings, are critical to understanding how your marketing is going to look going forward. For blanket marketing, such as TV and radio advertising, posters on buses and so on, you won’t be touching anyone’s personal data, so you’re home and dry. But as soon as you have personal contact with an individual is when you need to be compliance-aware.

If you make direct contact with any individual, be it via email, social media, newsletter, postal campaign, telephone call—you name it—you must have express opt-in permission from that person saying they consent to be contacted for marketing purposes. This is where GDPR and marketing collide and you have to know what you’re doing.

This is because even if the customer in question is an existing customer – in which case you don’t need permission to hold personal data if it is necessary to fulfilling the terms of your contract with them – you still don’t automatically have their permission to market to them and will have to seek this separately.

What does opt-in mean?

Opt-in to marketing does what it says on the tin, really. A customer, or potential customer, has to electively chose to receive marketing, as opposed to opting out of a mailing list. Of course, this means you should still make it easy for customers to unsubscribe at any point after signing up for your newsletter, or whatever marketing you are doing, but that isn’t enough.

Pre-checked boxes are now a thing of the past – whether it’s on a paper form or online, you cannot ask customers to “untick” the box to opt out. Neither can you have a check box that they must select in order to NOT receive marketing. Equally, you can’t make it a compulsory requirement of receiving your goods and/or services. You can’t simply add them because they phoned up to make an appointment with a stylist and gave you the email address thinking it was just to confirm the time. It’s really simple – the customer has to put somewhere, in writing, that yes, they would like to receive marketing. Nothing else.

Is there some loophole in this whole opt-in policy?

No! Please don’t even think about trying to bamboozle your customers with linguistic trickery – because if you’re ever asked to prove to the ICO that you have consent should someone report you for unsolicited marketing, you can be pretty sure that they won’t look too kindly on this kind of “opt-in” statement:

I do not agree to not receive things which may or may not appear to be similar in tone to marketing from not this company and/or others if I do not tick the box.


Just keep it simple – and then you’ll know you have consent.

And for best practice, you can always go for double opt-in – this is where they give you their details (usually an email address) in order to receive marketing, then you send a confirmation correspondence to check their intent and identity before adding them your list. There are lots of powerful online tools that can help you manage this.

Should you give up on direct marketing?

Well, that’s entirely up to you, but here at CloudyCreative we would say … of course not! All is most certainly not lost – in fact, GDPR is a great opportunity to make sure that your marketing is effective. It may mean that your mailing lists suddenly get much smaller, but they will also be more concentrated in individuals who a) want to hear from you, b) have cared enough about your brand to opt in to receive marketing and c) will be more likely to engage with your marketing in the future.

This means you’ll have cleaner marketing analytics to perform internal market research on, and data won’t be as skewed by a non-active audience, which adds real benefit to your marketing and sales. And, of course, as long as you ensure you follow best practice for compliance, you know you’re safely within the law, and respecting the privacy of your customers, which has to be a good thing, right?

What should you do now?

First things first: housekeeping. I know, I know, most of us go to work to get away from tidying and cleaning, but in the case of your mailing lists, once you’ve done it and put measures in place to keep in tidy, it will become a hugely powerful asset to you. So, if you haven’t already, get in touch with everyone on your list and ask them to opt-in to your new mailing list – give them an option to say no, and if they do, or if they don’t respond, then delete them. If they really want to hear from you, they can always re-subscribe.

And going forward, make sure your marketing subscription is all as user-friendly and as compliant as possible. Oh, and make sure you keep a record of all the data you hold, why you hold it, and where, in case anyone ever asks.

And it’s that simple. So yes, you can continue to do marketing under GDPR – it’s just important to remember to respect everyone’s right to privacy, and in the long run, this should make all marketing more effective anyway. Good luck!