INside Performance Marketing
Got a tip? Let us know...
GDPR Checklist: Are You Putting Yourself and Your Brands At Risk?

GDPR Checklist: Are You Putting Yourself and Your Brands At Risk?

How to navigate the ICO's enforcement of the GDPR ePrivacy directive.

Last month saw yet another enforcement and monetary fine issued by the Information Commissioner’s Office (ICO). These recent fines have mainly been around electronic marketing consent, begging the question - is this the end of electronic marketing, a massively important marketing channel for brands?

Having spoken to almost all of the major players within email marketing and the major networks, the scale ranges from blissful ignorance to “ok we’ve got this” - to blind panic! So is the ICO leaving a grey area when it comes to defining ‘compliance’… maybe… although within the last couple of months that grey is definitely shifting to a more solid black.

So the ICO is already pretty clear on where it stands with this, generally stating, “Companies must comply with the law when using people’s personal information. Not knowing the law or trying to pass the buck to another company in the chain is no excuse.” 

Hard-hitting words which strike at the heart of how brands currently work with traditional email marketers. Most of the recent enforcements have gone back to the instigator of the marketing meaning brands can’t rely on contracts with their affiliate networks and subsequently the affiliate networks with their affiliates, sub-affiliates and sub-sub affiliates. 

Then there’s consent – this is where a number of businesses are going slightly off track, so to quote the ICO itself, “You should be very careful when relying on indirect consent (consent is originally given to a third party). You must make checks to ensure that the consent is valid and specifically covers your marketing. Generic consent covering any third party is unlikely to be enough”. To make things a little easier, here are those ‘checks’ that you need to make when it comes to consent:

Action to opt-in rather than pre-ticked - Marketing opt-ins require a positive action i.e. ticking a box so users are aware they are giving consent. These must not be pre-ticked.

Product categorised opt-in - You should now be collecting product specific opt-ins. A credit card brand should be using data opted-in to receive credit card offers and not just generic ‘finance’ or worse still a generic agree to third-party marketing option.

Type of marketing - The consumer must be able to select how they want to be marketed to i.e. via Email, SMS, Phone. Again, this selection must not be pre-ticked.

Privacy policy - The ICO requires you to also list out the specific product categories and names of brands that users may receive marketing from… that’s right folks, brands need to be named on your opt-ins now.

One final, and very important point - the consent a person gives is only valid for six months. There are more but when you look at just these few points, it’s clear that the current norm won’t cut it in this new world. 

It’s arguable that the primary reason that some email marketers are ‘overlooking’ these points are because it a) it makes all of their existing data a tad redundant and b) it limits the monetisation of fresh data; but I say data opted in compliantly, for my brand, within six months, is worth much more to me and will go a long way to repair some of the reputation third-party email marketing has received over the last few years.

To close on some scary numbers, currently, non-compliance is a maximum enforcement fine of £500k. When GDPR comes into force next year (May 25, 2018) the fines are up to €20 million or 4% of global annual turnover for the preceding financial year. With that in mind, now is the time for brands, email marketers and fellow affiliate networks alike to act, and if you’re unsure of the rules… just ask – we’re certainly always happy to help to secure the future of this channel.

This article was co-authored by Martin Nolan, director of Blue Owl Network.

Continue the conversation

Got a question or comment – post on Twitter, Facebook or LinkedIN.

Alfie Bektas

Alfie Bektas

Alfie Bektas is the Affiliate Marketing Director at Blue Owl Network. Alfie joined Blue Owl in 2017 in order to assist in their growth as the UK’s 1st GDPR ready affiliate network.

Prior to Blue Owl Network, Alfie held senior roles at AWIN and headed up affiliate operations at Global University Systems. Here he helped to launch their global affiliate programme across 12 international brands.

Read more from Alfie

You may also like…