Best practices Best practices for privacy and data protection in direct marketing
1. MCI Brussels
Best practices for privacy and
data protection in direct marketing
By Claudia Fortes, Marketing & Communications Manager, MCI Brussels
“Our philosophy is that people own their information and control whom they share it with”
Mark Zuckerberg, CEO, Facebook
The privacy and protection of our data is not a right easily relinquished. This right has been
recently put to the test with the fast growth of social media tools, such as Facebook, Linkedin,
Twitter, etc. The backlash against Facebook’s1 lops on their privacy policies has opened the
debate on how to best market your audience and at the same time respect the privacy laws. In
the case of Facebook, users seemed to be unable to completely delete their personal
information if they no longer wished to use this social platform.
The best marketing and promotional results can only be obtained when the targeted audience
has expressed their wish to be reached for a specific purpose. Direct marketing can be effective
through different tools and approaches, but there are also some key legislative rules that have
to be respected when doing so. By being lawful you will also discover that you will be providing
a direct marketing that is correctly targeted and with the opportunities to expand your current
database.
The legal basis
With the fast enlargement of the European markets into one and the impending globalisation of
the world, new rules have been set to ensure that everyone’s data is protected and well used.
Data protection and privacy policies have a direct impact in marketing.
A legal basis2 has been set in 1995 at European level to ensure the protection of data exchange
within harmonized laws. The implementation of the Directive differs in the European Member
States and to this end there are national bodies that answer to the divergences on the
application of data protection in each European national market. An independent European body
- EDPS, European Data Protection Supervisor3 - was also established in 2001 to protect
personal data and privacy and to promote good practice in the European Union institutions.
1
For more information: http://news.bbc.co.uk/2/hi/technology/7196803.stm
2
Directive 95/46/EC (of the European Parliament and of the Council of 24 October 1995 on the protection of individuals
with regard to the processing of personal data and on the free movement of such data; reference: 31995L0046
3
http://edps.europa.eu/EDPSWEB/edps/lang/en/pid/1
1
2. But what are the implications for professionals in marketing? What are the prerequisites? And
how can an organisation ensure that its direct marketing complies with the data protection
rules?
The marketing mix
When promoting products, services or events, a wide array of means can be used from e-
marketing (e-mailings, electronic brochures), social and viral marketing (Facebook, Linkedin,
email messages to send to partners and members), as well as printed materials (flyers,
brochures), faxes, phone messaging, etc.
For a marketing mix that complies with the data protection and privacy rules, make sure that
recipients have given consent4 to receive direct marketing and that an opt-out feature
(unsubscribe option) is always included.
Marketers should always strive to ensure that privacy choices are respected and that direct
marketing is sent only to willing recipients that have given their consent. Consent does not
have to be written but as a best practice, a written proof that clearly states the direct marketing
purposes should be ensured.
The Do’s and Don’ts
A clear understating of the best practices, on how to create and maintain databases and how to
best reach your audience, is fundamental. These best practices will assist you in correctly
marketing your audience.
The Do’s
• To collect data for a database, state the organisation’s name, products and services,
the aim of the use of the information and if it will be transmitted to a third party.
• If sharing marketing lists with other organisations, all individuals should be informed
in advance regarding who, when and how data will be shared with.
• Information and data should be used for a specific database and have a specific time
frame for its use. For example, to renew the information on your current database an annual
email to confirm the information should be applied.
• Aim at always holding a written statement of the permission to use the data.
• Avoid using already ticked boxes for permission forms.
• All individuals have the legal right to stop their personal information being used for
direct marketing. Follow up promptly on these requests and specify on your database why
and when it was declare to no longer use the data.
• Always provide a simple, cost free opt-out (unsubscribe) option that is clearly visible
and explicit in its wording.
• Create or widen databases for a specific use by using a sign up mechanism (opt-in
option/subscribe). For example, this sign up mechanism can be included on a website and
linked to different messages in order to maximise its use.
• Use flagship events or retention campaigns to create specific databases according
with what the delegates/members have a specific interest in. For example, use a simple
fill-in form or include it on the event survey/evaluation.
4 Consent does not apply to unaddressed flyers or letters, where there is no use of an individual’s personal data.
2
3. The Don’ts
• Do not transfer data outside the European Economic Area5 unless there is adequate
protection for the personal information being transferred, an organisation is willing to take on
full responsibility.
• Do not transfer data or database(s) to other entities or third parties unless all
individuals have given permission.
• Do not sell database unless you have the commercial rights to do so.
Rules for success
Even though the European legal basis was established in 1995, the awareness to its compliance
and best practices has been slightly over sighted. In the case of social media (such as
Facebook, Linkedin, Twitter) its fast expansion needs now to be matched with privacy rules. The
recent example of Facebook has reiterated the importance of privacy rules.
The neglection of privacy and data rules has brought the impending legal issues for these new
online platforms. Nonetheless, the rules and laws for e-marketing and for e-privacy are
constantly evolving in order to cater to every individual’s rights to privacy.
All organisations can avoid these legal issues by following these simple rules:
1. Have the consent to address the target audience
2. Include opt-out (unsubscribe) features and opt-in (subscribe) to
widen databases.
3. Use retention campaigns and events to update or further create
new and specific-end databases
Be aware of the privacy and data protection rules and best practice.
Use direct marketing with creativity, apply the rules and boast on successful results!
1017 words
*** *** ***
About MCI
MCI is a globally integrated association, communication, and event management company. For
more than 20 years, MCI has helped companies, governments and associations bring people
together to create meaningful connections and win.
5
The European Union member states plus Norway, Iceland and Liechtenstein
3
4. Our combined expertise helps clients to outperform by offering strategy, creativity and
execution in the field of Association Management & Consulting (AMC), Performance
Improvement, Professional Congress Organisation (PCO), and Meetings & Events. Our support
services, which include Global Destination Management in 16 countries and Audio Visual &
Staging solutions, “make it happen” by connecting the best people in the right places.
MCI has 33 offices in 19 countries and employs approximately 800 professionals worldwide in
Abu Dhabi, Amsterdam, Barcelona, Beijing, Belfast, Bengaluru, Berlin, Brussels, Buenos Aires,
Copenhagen, Cordoba, Delhi, Dubai, Dublin, Geneva, Gothenburg, Hong Kong, Lyon, Madrid,
Mar del Plata, Montpellier, Mumbai, Paris, Petersfield/London, Prague, Rome, Shanghai,
Singapore, Stockholm, Stuttgart, Tokyo, Vienna and Zurich.
With several partnerships and alliances, such as the “Uwin Iwin & MCI Strategic Alliance in
Performance Improvement”, the “SmithBucklin + MCI Worldwide Partnership”, the “Ovation
Global DMC & the DMC Network's Global Alliance”, MCI offers integrated solutions and seamless
services around the world, providing customers with a truly global brand experience.
For more information, visit:
www.mci-group.com – main website
www.growglobally.org – a resource for association global strategy, regional planning and local
execution
http://talkingcommunity.wordpress.com/ – conversations about the global meeting industry
www.lessconversationmoreaction.com – a blog about CSR and sustainability in the meetings
and events industry
About the author
Claudia Fortes is a Portuguese national. Before joining MCI in 2007, she
worked at the European Association of Chemical Distributors (FECC) where
she was responsible for the internal and external communications,
marketing of events, communications tools, and press and media relations.
She also did an internship at the Council of the European Union and worked
at the Brussels office of an American law firm working mainly with the
chemical industry. At MCI, Claudia is the European Marketing
Communications Manager for ISPE (International Society for
Pharmaceutical Engineering) and ASME (American Society of Mechanical
Engineers).
Claudia speaks Portuguese, English, French and Spanish fluently and has fair knowledge of
German. She holds a BA in Modern languages and literature, a MA in International Relations of
European Union. She also holds a professional certification from the New York University in
events marketing, and in Public Relations from the London College of Communication.
(claudia.fortes@mci-group.com)
4