The document summarizes a webinar about getting an email marketing team compliant with the General Data Protection Regulation (GDPR). It discusses the challenges email marketers face in understanding GDPR and ePrivacy regulations, providing new information to customers, and ensuring consent language is compelling not creepy. Technology and creative copywriting can help address these challenges. The webinar then provides steps for marketers to start their compliance process, including creating a cross-departmental team, updating privacy policies and forms, and analyzing existing customer data to understand their legal basis for processing it.
2. Kath Pay
Founder & CEO
Holistic Email Marketing
Steve Henderson
Compliance Officer
Communicator
3. Housekeeping
This webinar will be available to re-watch on-demand
immediately after the webinar has finished.
Don’t save your questions for the end! You can ask questions
at any time and we can go through them during the Q&A at the
end.
Also we value your feedback so we’d appreciate your rating of
the webinar as well as any comments, at the end!
6. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Agenda
1.
2.
3.
The GDPR challenges faced by email marketing team
Technology and copywriting can help
How to start your own data audit
7. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
What challenges exist
for a marketing team?
8. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
ePrivacy and the GDPR
9. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Non-personalised
dynamic email
Personalised
dynamic email
If all you need for your email
marketing is the email address,
you need marketing consent
(or a customer relationship) in
line with PECR (ePrivacy).
If your email marketing uses
personalisation, segmentation or
targeting, the GDPR applies. As well
as marketing consent, you need
consent or “legitimate interest”
to collect and profile any additional
behavioural or demographic data.
Dynamic content
populated by
Content management
Social media
Current offers
How GDPR and PECR (ePrivacy)
work together in email marketing
Dynamic content
populated by
Purchases.
Page views.
Personal profile.
www.communicatorcorp.com
10. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
The GDPR “information burden”
11. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
12. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
13. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
http://www.information-age.com/spotify-crossing-line-its-creepy-new-privacy-policy-123460035/
14. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
“68% of people don’t trust
brands to handle their
personal information”
2017 State of Consumer Privacy and Trust survey
15. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Nobody likes deleting data
16. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
GDPR – Challenges for an email marketing team
1. Having to understand both GDPR and PECR/ePrivacy
2. New information to be provided to customers and subscribers
3. Making consent statements compelling, not creepy
4. Knowing what to do with existing customer data and mailing lists
17. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Technology and
copywriting can help
18. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
The challenge
Information burden vs clear and concise language
And needs to be compelling instead of creepy
19. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
The solution
Technology: Simple and clear design. Use “layered information”.
Copywriting: Personal and honest. Be creative. Trust your
customers to be intelligent enough to understand.
Innovation: Give support, training and advice to allow those
skilled in design and copywriting to create and innovate.
20. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
21. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
22. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
23. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
24. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
You can explain what you do – tone of voice is important
YouTube: “YOUR ADCHOICES AND YOU”
https://www.youtube.com/watch?v=tjXBQjqNmo8
Channel 4 Viewer Promise
http://www.channel4.com/4viewers/viewer-
promise/our-viewer-promise
25. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
26. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
How to start
28. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Important Milestones
1. Create a cross-department team and put someone in charge
2. Create your internal data policy (based on data discovery)
3. Update sign-up forms and privacy notices
4. “Up-subscribe” your active customers and subscribers
5. Deletion processes (in line with your new data policy)
29. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Existing and legacy data:
How do you demonstrate your legal
basis for the large amount of data you
have in databases, shared drives,
marketing lists, accounting systems…?
30. Getting your email marketing
team GDPR compliant
@HolisticEmail | @CommCorp | @easyinbox
Existing and legacy data - discovery
•Names of lists, systems and data stores
•Any partners or third party software – do these have contracts in place
to delete, disclose breaches, and assisting with subject access requests
•Any international data transfers, directly or through partners and third
party software. Are these Privacy Shield accredited? Have you
international liability and enforcement clauses in your contracts?
•Classifications of data (anything sensitive?)
•Data usage
•Data lifecycle (volumes by age, oldest, deletion processes?)
•Any marketing data. Details about source, date and type of consent?
Identify