Marketers Preparing For And Adapting To Email Compliance Standards Around The Globe

The regulatory tide over the past few years has expanded individuals’ privacy rights on a global level and has put the onus on email marketers to be more deliberate in their handling of users’ personal data.

Canada’s Anti-Spam Legislation (CASL) and Australia’s Anti-Spam Act have already been enacted in those countries, but the biggest change is yet to come. In 2018, the European Union’s General Data Protection Regulation (GDPR) will have wide-ranging implications for all marketers, but will especially affect email marketers.

Navigating this new environment means email marketers need to reevaluate their existing data standards and adopt new ones.

CASL requires that all commercial email messages sent to or from Canada receive consent from recipients before sending messages. Such consent can be implied. If the sender has a preexisting relationship with the recipient, for instance, the communication is viewed as consensual. Australia’s Anti-Spam Act has similar stipulations and applies to emails to and from that country.

The GDPR has similar restrictions about email messages as well, but the law affects many more people — 750 million versus about 60 million for the combined populations of Canada and Australia. Neither soft opt-in or soft opt-out options are allowed. These restrictions are much more stringent that those set forth by the U.S.’s 2003 CAN-SPAM Act, which does not require that emailers permission before they send their emails.

For multinationals, a major hitch is that if a company already has a customer’s data, it will have to dump it unless it can show a “permission chain.” Peter Milla, a privacy/data protection consultant who works with Cint, said that some companies may have to dispose of as much as two-thirds of their CRM data.
The consequences of running afoul of GDPR are considerable and top out at 4% of global annual turnover for the previous year or €20 million (about US$23 million), whichever comes first.

Preparing For Compliance
While GDPR isset to take effect in May 2018, many companies are still in the process of formulating a GDPR response. A survey released in June found 61% of companies hadn’t started GDPR implementation, despite the fact that another survey from PwCfound that such compliance was a top priority for 92% of companies.  

 David Fowler, Chief Privacy and Delivery Officer for Act-On Software, said he started GDPR compliance efforts 18 months ago. Still, he’s not sure the company will be completely compliant in April 2018. “It’s a really big ask,” he said. “There are 99 articles in the GDPR and 177 recitals based on the articles themselves. I couldn’t sit here and say we’re 100% compliant because we’re probably not.” Fowler said that GDPR has sparked a conversation in the industry about how to “do the right thing in the digital marketplace.” He said one of the chief difficulties of complying with GDPR is getting accurate information about what companies need to do. The problem is there’s too much information, rather than too little, he said.For instance, Fowler said it’s unclear how the GDPR’s “Right to Be Forgotten” is going to work in practice. That ruling, set forth by the European Court of Justice in 2015, gives citizens the right to petition search engines to take down old internet posts that are defamatory or inaccurate and the search engines have to comply. “How do you erase data across multiple entities across organizations?” Fowler asked. “I think a lot of companies are figuring out how that’s going to work.”

Some are further along than others. Peter Bell, Senior Director of Product Marketing at Marketo, said that his company will be compliant when GDPR goes into effect “and Marketo’s services already include the functionality necessary for our customers to comply with the GDPR’s consent requirement.”

Different Regions, Different Strategies
GDPR affects all the EU and supersedes previous directives that just affected specific countries, like the German Data Protection Act.

That said, Fowler noted that the EU isn’t a monolithic body and each of the EU’s 28 countries are handling GDPR compliance outreach differently. “We’ve been paying close attention to the information commissioner’s office for the UK [for example] and they’ve done a tremendous amount of outreach,” he said.
But such outreach varies by country. Cint’s Milla, for instance, said that he would expect Germany to be much more rigorous about enforcement than, say, Italy. “In Southern European style, they don’t go looking for trouble,” he said.
Lacking a country-specific strategy, one approach is to adopt a template for Europe as a whole. Nate Skinner, VP of Marketing for Salesforce Pardot, said GDPR will prompt marketers to be more strategic about their communications and earn their right to keep communicating with customers. For instance, he recommends delivering emails with personalized headlines that will deliver offers that meet users’ interests.

“This will have the dual effect of...

Read The Full Article

0 Comments Write your comment

    1. Loading...