Implementing GDPR best practices – long-term

Implementing GDPR best practices – long-term

I’d like to say at this point – don’t worry, it’ll soon be 25th May and everyone will stop going on about GDPR. But I just can’t see that happening. Yes – the last two year have been all about getting prepared to be compliant by that date, when the regulations will be officially enforced. For some data professionals and marketers alike, it’s a date which strikes more fear in their hearts than Brexit.

It’s very easy then, to get into the detail on short-term strategy. How do you run a campaign to re-engage and get consent from old contacts in the database? How do you transition your current subscribers across to a new approach, ensuring consent is fully compliant? These are all important to questions to ask of course, but for me, when anyone asks me to talk about GDPR strategy, I have to ask – what are you going to do in the long-term?

I’ve talked in a previous blog post about how your “GDPR strategy” should pretty much be your “Digital Marketing Strategy”, so I won’t get all ranty and riled up again. This post will focus on how to implement and emulate GDPR best practices in order to ensure that your long-term marketing strategy is compliant, and will stand you in good stead for ePrivacy too.


Decide on the process

The driving force behind any good GDPR strategy – well, any good marketing strategy – is a good deep dive into process. Under the lens of GDPR, compliance and getting consent, you need to think about the following questions:

  • How will you collect consent from your website visitors?
  • How will you record this consent in your email marketing/marketing automation/CRM system?
  • Can users easily update their subscription preferences or unsubscribe? How do you manage this?
  • Are there any integrations you need to be aware of? (NB – it’s common for larger business to operate both a CRM and some kind of email marketing or automation software simultaneously. Does data sync between these?)

Once you’ve got definitive answers to these questions, you’ve got all the tools and the framework you need to do some GDPR-compliant marketing. Anything else I address in this article is pointless unless you get your house in order first.


Spring cleaning

You will inevitably have some OLD data in your system – email addresses of lapsed customers from 5 years ago, people that have left the business, and the absolute classic – people you consistently send emails to who have never actually consented to communication from you. In order to start afresh and move forward with your shiny new compliant strategy, you need to flip these people to consenters, or get them out of the system (you’ll feel better afterwards, honestly). We’ve gone into more detail on reengagement/reactivation campaigns here – this includes advice on how to audit and segment your database and decide who to reactivate, and who to just delete. We would not recommend trying to re-engage a database of 80,000 historic contacts. You need to be smart about it. It also might be a good idea to set some sort of precedent going forward – perhaps set up an automated workflow to remove a contact who hasn’t engaged with communication in x amount of years, or to remove anyone who hard bounces. Keeping your data clean, up to date and relevant will make everything you do under the umbrella of compliance so much easier. Trust me.


Take everyone on the journey

In order to make sure your post-GDPR strategy takes off business-wide, you’re going to need buy-in from across the business. You need to be able to explain to people what you’re trying to do, why it’s important, and why you need their help to drive it. It’s time to pull those salespeople to one side who send out mass emails from their account, often unbeknownst to marketing, and explain why this isn’t going to cut it in the long-run. This part of the strategy isn’t easy – in some cases you might be asking people to change the way they’ve done things for years or even decades. But without getting them along for the ride, you’re putting your entire strategy – and maybe even the business – at risk.


Nail the “what?”

I cannot stress this one enough. You can run an re-engagement campaign. You can sit back proudly when 10% of your database resubscribe. But none of this means anything if you don’t know what you’re going to do with them after they’ve subscribed. During the re-engagement campaign, you will have been proving your value to these people. You need to continue to provide this value to them after they’ve re-subscribed. This means putting practices in places to ensure you keep up with content creation, running nurture programs and keeping people engaged after the 25th May. The best way to do this (and I’m not just saying this because I’m biased) is to implement an inbound strategy. Think about personas – who are your customers, what are they interested in, what are they searching for? Developing content plans and calendars around this, and keep the content coming. The more engaging, helpful and relevant content and conversion points you have on your website, the more likely you are to get subscribers. It works.


Think long-term

The key takeaway here is to think long-term. It’s easy to think of preparing for GDPR as a bit of a box-ticking exercise. But for a lot of businesses, I think it can be a real driver of change for marketing and a shift to a smarter, content-led way of doing things. Use GDPR as the catalyst to a holistic (I hate that word, but it makes sense here) on-going inbound marketing strategy.
If you would like to chat more about how to build an amazing inbound strategy for your business, for GDPR and beyond, get in touch.