Any company that collects data on residents of the European Union must follow The General Data Protection Regulation (GDPR). The old digital privacy laws were patchwork in nature. The GDPR is sweeping, redefining privacy laws with one overarching set of rules.
These rules are more consumer-friendly than the old group of laws. The GDPR redefines the idea of personal data. For instance, the GDPR even says IP addresses are considered to be personal data. Also, the penalties for violating the GDPR are steep. They are 20 million Euros or 4% of last year’s worldwide turnover (whichever is higher).
The GDPR is a complex law that will heavily impact marketing. Since the law is knotty, we interviewed nine experts about the GDPR. These sage experts gave us lots of original quotes and potent insights. We also found some timeless quotes that helped us put these events in perspective. We included those for you too.
Each section of this article has a statement, expert quotes to back up that statement, and reflective analysis. Read on to find out what the experts say about GDPR, and the effect it will have on marketing.
The GDPR Is Vague and Inexact
“The GDPR is overly broad and it is still unclear whether the blogging, e-commerce, and email platforms and solutions we use have all of the responsibility for compliance or some of it will fall on individual site owners.” – Gail Gardner, Small Business Marketing Strategist, Growmap
“If life were predictable it would cease to be life, and be without flavor.” – Eleanor Roosevelt
“The quality of your life is in direct proportion to the amount of uncertainty you can comfortably deal with.” – Tony Robbins
Just like Ian Cleary says, the GDPR leaves a lot to the imagination. For example, the GDPR demands that businesses offer a “reasonable” level of protection for personal data. The problem is they don’t define what reasonable is. There are other uncertainties too. For instance, there are vague terms in the law such as “undue delay”. How many days is an undue delay? The European courts may have to sort it out.
The GDPR doesn’t answer questions about cold emailing either. For example, can businesses send highly targeted, value-added, personalized cold emails to prospects? Even email experts disagree on this point. It’s challenging because many businesses rely on emails like these. This is an imprecise law. However, to paraphrase the great Eleanor Roosevelt, uncertainty gives life flavor.
The GDPR Is an Opportunity to Better Your Business
“GDPR is an opportunity to get your house in order, not just a regulatory threat from outside. If you can show that you take this [their privacy] seriously, they’ll trust you more. And trust is priceless.” – Doug Kessler, Creative Director & Co-Founder, Velocity Partners
“Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage.” – Victor Kiam
“Opportunities are usually disguised as hard work, so most people don’t recognize them.” – Ann Landers
Doug Kessler makes an excellent point. Many business owners think the GDPR is a burden, simply a set of government rules that must be complied with in order to avoid a fine. Yet, the GDPR is actually a blessing in disguise for many businesses. Take a look at Facebook. People deleted their accounts after the painful Cambridge Analytica scandal. Consumers don’t like when their data is sold, abused, and mistreated.
Most businesses will comply with the GDPR. Some will go above and beyond the call of duty. They will show customers they detest spam, unwanted emails, and data abuse. These businesses will gain consumer trust, which is invaluable. It won’t be easy, but as Ann Landers points out, most opportunities are disguised as hard work.
The GDPR May Cause Price Increases
“It will be a major burden and could cause price increases as third parties have to pay to register and for compliance.” – Gail Gardner, Small Business Marketing Strategist, Growmap
“There’s no such thing as a free lunch.” – Milton Friedman
The GDPR is no joke, jape, or jest. The fines are 20 million euros or 4% of revenue (whichever is greater). There are law experts, security assessors, and other companies that help businesses become GDPR compliant. Some of these costs will be passed to consumers. As Milton Friedman famously noted, there’s no free lunch.
Personalized and Relevant Cold Emails Are Still Okay
“For email outbound marketing you are still free to send a business person a relevant, personalized email with something that is potentially interesting to that person. You just need to make sure that [your email] really is potentially relevant, you give them an easy option to opt out of future communication and [ensure] their data is ultimately removed from your Database if no further communication is requested.” – Ian Cleary, CEO, Outreach Plus & Razor Social
“Do one thing every day that scares you.” – Eleanor Roosevelt
“If you aim at nothing, you will hit it every time.”- Zig Ziglar
As mentioned earlier, the GDPR is vague on certain points. Value-added, relevant, and personalized cold emailing is one of them. Many businesses (like B2B SaaS companies) rely on cold emails to generate business. Ian Cleary says these emails are fine if they really are personalized and add value. Yet, there are always companies who push the limit with “personalized” emails that aren’t personalized. It will be fascinating to see what the GDPR does with these types of senders, the ones who don’t follow all the best practices, but aren’t really spammers either.
The GDPR Will Increase Email Marketing Mindfulness
“Marketers will have to more fully embrace permission-based marketing approaches, be much more thoughtful about the data they collect, and be clearer about how sharing data with them will improve the customer experience.” – Chad S. White, Research Director, Litmus
“It simply means that we need to be more mindful of the data we are holding and how we’re using it, so ideally, we will be more focused on the actual end consumer – the individuals making up the data. The most significant change could simply be a change of mindset – that we begin to see the data as being owned by the individual consumer – rather than ourselves.” – Kath Pay, CEO, Holistic Email Marketing
“Mindfulness isn’t difficult, we just need to remember to do it.” – Sharon Salzberg
“Mindfulness means being awake. It means knowing what you are doing.” – Jon Kabat-Zinn
“The best way to capture moments is to pay attention. This is how we cultivate mindfulness.” – Jon Kabat-Zinn
Mindfulness is a way to stay to healthy and happy in your daily life. Nevertheless, it also applies to email marketing and the GDPR. The law, with its steep fines, jolted many business owners awake. After business owners were forced take a closer look at consumer privacy, they realized how much consumers valued it. Companies need to stay mindful of consumer privacy because this is something people care about.
The GDPR Is a Positive Change
“I strongly believe this new regulation will positively change the flow through which marketers approachleads. To me, this looks like a much effective approach than shooting offers to leads who are not interested in the first place.” – Alessandro Mazzi, Legal Advisor, AM Legal
“Those practices that are affected should enable a positive change.” – Kath Pay, CEO, Holistic Email Marketing
“I see it as a good move.” – Timothy Bointon, Email Marketing Operations Tech, eBay (AWF)
“Change is hard at first, messy in the middle and gorgeous at the end.” – Robin Sharma
“The secret of change is to focus all of your energy, not on fighting the old, but on building the new.” – Socrates
“There is nothing wrong with change if it is in the right direction.” – Winston Churchill
“Your life does not get better by chance, it gets better by change.” – Jim Rohn
Alessandro Mazzi makes a great case for the GDPR. He mentions that the old methods of bulk spam didn’t work anyway. He also argues that permission-based marketing is much more sustainable, and experts agree. As Churchill said, there’s nothing wrong with positive change.
The GDPR Won’t Change Marketing A Lot
“If we’re already practicing helpful, permission-based marketing, then things will carry on as they currently are, with a few minor changes. As the GDPR is legislation covering the processing and storage of data, rather than legislation about marketing, a lot of marketing practices won’t be affected at all.” – Kath Pay, CEO, Holistic Email Marketing
“There has been a lot of work around GDPR and documenting where and how suppliers are managing data. I personally think it will not have too much impact on most good marketing operations as most of the restrictions around data handling shouldn’t require too much change in practices.” – Timothy Bointon, Email Marketing Operations Tech, eBay (AWF)
There are a lot of experts, like Kath Pay, who believe the GDPR won’t affect permission-based marketers too much. There may be a minor change here or there, but daily operations will remain unchanged for the most part. That’s got to be comforting news for marketers. Of course, this point is hotly contested in the email marketing community.
The GDPR Will Change Marketing Quite a Bit
“Before you know it, GDPR will hit the EU and change the marketing world for good. Once implanted, marketers will no longer be able to send emails without opt-in or automatically drop cookies. This calls for tweaking the way they generate leads or send cold call emails and most importantly, how they collect data and monitor them.” – Pratik Dholakiya, Co-Founder, E2M Solutions
“Impact of GDPR already noticeable.” – Mandy Webster, Founder, Data Protection Consulting
“All progress takes place outside the comfort zone.” – Michael John Bobak
“Successful people do what unsuccessful people are not willing to do. Don’t wish it were easier; wish you were better.” – Jim Rohn
“Don’t let the fear of losing be greater than the excitement of winning.” – Robert Kiyosak
As mentioned earlier, the GDPR is a paradox, a riddle. It’s certainly not straightforward, cut-and-dry, or simple. Even experts disagree about its impact. Mandy Webster said the impact of the law is noticeable. Pratik Dholakiya makes that practical by showing how the GDPR alters the collection of cookies. Here’s the practical takeaway from the last two conflicting points: the GDPR compels change. The magnitude of change will be wildly different, mostly depending on your former email marketing tactics.
American Companies Will Struggle the Most
“Because of the extremely low standards set by CAN-SPAM and US privacy laws, American companies will be likely to struggle the most with GDPR compliance.” – Chad S. White, Research Director, Litmus
“Nothing great was ever achieved without enthusiasm.” – Ralph Waldo Emerson
Experts agree that the North American CAN-SPAM Act is less demanding than the GDPR. As a result, American companies will struggle to comply with the GDPR. Make no mistake though, the law affects them; it affects any company that collects data from European denizens. As Ralph Waldo Emerson said, nothing great was ever achieved without enthusiasm, and the GDPR will be the spur that kicks American tech companies into novel action. The European market is too important to lose.
Consumers Will Benefit from the GDPR
“GDPR establishes radically higher protections of and expectations around online privacy.” – Chad S. White, Research Director, Litmus
“But the essence of GDPR is not about stopping businesses doing business with other people. It’s about protecting the rights of individuals to [protect the] privacy of their data and ensuring this data is only used for appropriate means.” – Ian Cleary, CEO, Outreach Plus & Razor Social
“The GDPR will mainly focus on addressing the privacy concerns of consumers, protecting web data such as cookie data, location, RFID tags, IP address, etc.” – Shane Barker, CEO, Shane Barker Consulting
“The kind of transparency and responsibility GDPR calls for reflects how consumers want their data treated.” – Doug Kessler, Creative Director & Co-Founder, Velocity Partners
“The data protection regulation pinpoints the invaluable status of personal data as a resource.” – Pratik Dholakiya, Co-Founder, E2M Solutions
“The consumer is not a moron; she is your wife.” – David Ogilvy
“Consumers are statistics. Customers are people.” – Stanley Marcus
European consumers are the clear winners from this law. Data collection is big business. Companies like Facebook and Google generate billions of dollars via their data collection. These conglomerates will continue to do that, but consumers will finally regain a little control over their privacy. It’s a positive step for consumers.
Personalization Just Became a Little More Difficult
“I believe the most significant impact of this change would be on personalization. Businesses will now have limited access to data that helps them deliver personalized and relevant marketing messages to different customers.[Businesses] will have a hard time delivering experiences customized according to the behaviour, interests, preferences, and needs of their target customers. [Marketers] might be looking for a way to tackle this hurdle, and possibly even develop better marketing practices that enable them to continue delivering relevant and impactful customer experiences.” – Shane Barker, CEO, Shane Barker Consulting
“Good marketers see consumers as complete human beings with all the dimensions real people have.” – Jonah Sachs
Personalized emails have 29% higher open rates and 41% click rates than non-personalized emails. Businesses have used personalization to grow their revenue, but the GDPR makes it harder to collect personal data. That means businesses will have use other marketing tactics to make up the difference, such as better A/B testing, improved content marketing, or enhanced social media strategies.
Some Emails in Your Old Database Will Be Invalid
“Although PECR [has been] in force since 2003, they have been ignored and/or the flexibility of what we mean by “consent” has been tested, so we have had consent as a term of a contract, incentivised consent (effectively buying consent), pre-ticked opt-in boxes. Many marketing managers will be concerned now that their marketing database is worthless because they do not really have consent to marketing by electronic means. The clarification of what we mean by consent has reminded marketers about PECR which requires opt-in consent from private subscribers to marketing by electronic means.” – Mandy Webster, Founder, Data Protection Consulting
“There is nothing so useless as doing efficiently that which should not be done at all.” – Peter Drucker
If you purchased an email list, or you didn’t get permission from your subscribers, then you’re in the soup. The GDPR insists that marketers get permission from your email subs. Companies who built huge lists without permission must be feeling chagrin, like they built castles in the sand. As Peter Drucker said, there’s nothing so useless as doing a valueless task efficiently. Nevertheless, you can always ask these subscribers to reconfirm, allowing you to save some of them.
Evidence Is King
“Let’s look at email marketing. As a marketer to be compliant, before you start sending them marketing material promoting your product or service, you will have to strictly follow certain requirements which, in short, ask you to obtain consent from the leads.” – Alessandro Mazzi, Legal Advisor, AM Legal
“Second GDPR is about accountability and evidence, so you have to be able to evidence that you have obtained consent.Marketers with databases not completely worthless because they have followed PECR rules for marketing to private subscribers now realise that they cannot necessarily evidence consent and, as a result, their marketing databases will be worthless come 25 May 2018.” – Mandy Webster, Founder, Data Protection Consulting
“What they can do is make every individual provide informed consent and also, uphold transparency by maintaining records of accurate and consensual data.” – Pratik Dholakiya, Co-Founder, E2M Solutions
The GDPR follows the Ronald Reagan maxim of “trust but verify.” If you caught violating the regulations, you’re going to need rock-solid evidence to clear yourself. If you can’t prove your customers gave you permission, then you’re going to have to ask for it again. Naturally, that means lists will shrink, but its preferable to a hefty fine.
Companies Are Adapting to the New Laws Already
“Check out marketing strategy of the banks which has changed in the last year or so, they are no longer promoting products and services direct to customers but are embarked on an awareness campaign. Where the banks lead…the rest will have to follow even if they don’t know it yet.” – Mandy Webster, Founder, Data Protection Consulting
“If you really look closely, most overnight successes took a long time.” – Steve Jobs
Mandy Webster makes an interesting point about European banks shifting their strategy. If you didn’t officially get permission, then you may have to supplement your email marketing strategy while you rebuild your list. Perhaps email marketing will have to be aided by a new PPC campaign or a social media campaign for the time being. To paraphrase Steve Jobs, overnight successes don’t happen overnight. The same idea applies to rebuilding email lists.
Final Thoughts on the GDPR
The GDPR has been in the making for a while. It was passed in 2016 (although it didn’t go into effect until May 2018), and politicians debated its merits for four years before that (2012). The European Union is serious about this law. That’s why the penalties are so steep, and why the rulings apply to countries all over the world, not just European countries.
The GDPR is a complex law. As you can see, even experts disagree about its scope, rules, and impact. Still, one thing is certain. Permission-based marketers and consumers will benefit from the law, and that’s a good thing.