Compliance

How organisations can succeed with data protection around the world?

When GDPR was first introduced to the EU in 2018, the rest of the world watched keenly to assess the results. Initially, there was a lot of unease among email marketers regarding GDPR as they were concerned that program performance would be dampened by the tighter regulations.

However, research by the Data and Marketing Association (DMA) shows that email marketers adapted to the changes a lot better than expected after only a year of GDPR being in effect.

Influenced by GDPR, other countries have now introduced, or are on their way to implementing, their own versions of tighter data protection regulations that marketers will need to get behind. For example, the California Consumer Privacy Act (CCPA) is now in effect in the US, while the New York Privacy Act is under consideration. Brazil is less than six months from introducing the Lei Geral de Proteção de Dados Pessoais (LGPD), and in Australia updated consumer data rights legislation is in discussion.

How can email marketers around the world follow in Europe’s footsteps and ensure their campaigns continue to succeed, and improve?

Fail to prepare and prepare to fail

Marketers in countries and regions currently introducing their own privacy legislations can learn numerous lessons from GDPR, but perhaps the first is the steps that each company should be taking to prepare for tighter regulations.

A report by Marketo found that 72% of businesses which exceeded their organisational targets post-GDPR had taken a “marketing first” approach to the new regulations. This approach involved embracing the new laws to try and build better customer relationships and opposed the “legal first” approach that some businesses took which meant they only carried out the bare minimum to achieve compliance.

The DMA’s latest report further supports Marketo’s findings as they revealed that marketers have seen positive increases in the last year across almost all the key metrics used to define email’s performance. Most notably, 62% stated that ‘spam complaints’ were reduced and 58% confirmed that their ‘mailable list size’ was growing again post-GDPR.

This is also reinforced by Validity’s 2020 Deliverability Benchmark report. The UK reported average inbox placement rates of 87%, a full 5% higher than for the US, and reflecting benefits of improved data quality, tighter consent, and greater choice and transparency.

While these statistics are encouraging for global email marketers, businesses must establish this message early on. Even before the regulations are introduced, it’s an opportunity for marketers to cleanse their lists, retain their most engaged subscribers, and then message more effectively to them.

It’s also an opportunity to harness new technology: marketers have been leveraging list management, address verification, and data quality and deliverability tools to assist with these tasks. Validity’s 2019 State of Email Marketing report found that programs using technology to support email deliverability optimisation, A/B testing, and reactivation campaigns were between 10% and 18% more likely to enjoy above-average open rates by doing so.

Remain positive as there will be more hurdles

Considering Europe’s experience, the guidance to other countries as they adopt new legislation is for businesses to remain positive. The results of better performing data and stronger customer relationships will all be worth the initial hard work of achieving compliance.

The DMA’s report proves this – nearly half of respondents (48%) agreed the new laws have improved data quality. As a result, email’s return on investment (ROI) is now 15% higher at £35.41, compared with £32.28 pre-GDPR.

To add to this, respondents were recently asked about the shape of future data protection policy, and 59% felt that current regulations should be made even stricter. Their wishes may be granted. While many mistakenly believe GDPR is the only legislation governing personal data in the EU, it is the ePrivacy Directive (Privacy of Electronic Communications Regulations/PECR in the UK) that primarily covers all electronic communications (including email).

PECR imposes higher duties of care on data controllers and processors than GDPR, with consent required to send all B2C emails unless the “soft opt-in” exemption applies. Requirements for B2B emails are less stringent unless personally identifiable information can be identified (e.g. forename.surname@companyname.com).

ePrivacy should have been revised in alignment with the introduction of GDPR, but this failed to happen. Draft regulations (no longer a directive) are currently going through the European Parliament, but there have been numerous delays, and it is unlikely this process will be completed in 2020. When the new regulations do finally become effective, possible differences could include tighter regulations for B2B; limitation of soft opt-in to actual sales only; time-specific content; and streamlining of cookie rules.

While some countries may have only just introduced new legislations, email marketers should be aware that maintaining a positive outlook is key. Email has traditionally been largely self-regulating and treated with a relatively light touch as a result.  However, regulators can expand the scope of governing laws at any time, especially as technology and business landscapes constantly evolve.

The future for data protection in UK post-Brexit

Only a few weeks ago, the question of what data protection will look like after Brexit was still very much front of mind. Many organisations have been assuming that data protection laws in the UK will be largely similar afterwards, but this might not necessarily be true.

It is hoped by both the EU and the UK that an adequate agreement will be achieved regarding data protection. However, if this fails, industry codes of practice will be a possible alternative, and the UK’s Information Commissioner’s Office (ICO) is drafting a Direct Marketing Code with input from trade bodies like the DMA. It draws mainly from GDPR and PECR, which will hopefully result in limited disruption for UK email marketers after Brexit.

However, the arrival of the Covid-19 crisis means we are now hearing calls for a postponement of the current 31st December deadline, and predictions about the post-Brexit landscape will remain highly fluid while these decisions are up in the air.

Covid-19 also means we have been thinking about lessons from GDPR for a different reason. There has been a major rise in email volumes as companies update their customers on contingency arrangements, as well as process urgent transactional emails such as changes in travel arrangements and mortgage deferrals or holidays.

While these communications are clearly essential, we’ve also seen many companies who perhaps feel obliged to be “seen to be saying something” and are mailing their entire email bases with largely inconsequential messages. It’s as though the lessons from GDPR (send to clean, engaged lists) have been forgotten. At a moment where it’s crucial for email messaging to be authentic and credible, telling people how much you care for them when they haven’t engaged for 12 months or longer comes across as opportunistic and ill-conceived.

The genuine Covid-19 emails (“new shopping hours”, “how to find us online”, etc.) are generating above-average read rates, but we’ve also seen:

  • Over 14%of COVID-19 related emails caught by spam filters
  • A massive rise in spam trap hits (often old email addresses “recycled” for reputation monitoring)
  • Complaint rates for COVID-19 related marketing emails are steadily on the rise

This is very similar to what we saw in the run-up to May 25th 2018, when individual programs saw as much as 80% of their volume placed in spam/junk folders as a result. The importance of using quality data to send relevant messages to engaged recipients cannot be overstated.

Ultimately, success in dealing with changing data protection comes down to balance, preparedness, and a willingness to adapt. Although the risk of fines and public scrutiny may be causing unease with greater consequences for getting data protection wrong, we are also seeing significant advantages to getting it right. Around the world, organisations should view their new laws as a great opportunity to create trust, build better customer relationships, and increase their profit margins – as many companies in the EU have successfully done.

By Guy Hanson, VP of Customer Engagement (International), Validity

Guy is a passionate advocate for intelligent use of customer data to drive responsive sales and marketing programs. With a knowledge base spanning twenty years, he is globally recognised as an email and data expert and thought leader.

Over the past decade, Guy led Return Path’s global consulting team and worked with world-famous clients across six continents to improve their email delivery, subscriber engagement and revenue.

Now Validity’s VP for Customer Engagement (International), he continues to explore his passion for email and data and share it with his clients to maximise their program value. He’s a strong believer in giving back to his community, speaking at flagship events, providing training, and producing fresh and insightful thought leadership.

Outside of work, Guy has had long-term involvement with the DMA, currently sitting on the email council and involved with key pieces of research. He is a regular contributor to the industry press, and a three-time finalist as data storyteller of the year.