GDPR - Email prospection is dead?
I watched yesterday the Webinar 'Maximizing Marketing Success in the Era of the GDPR' and I had a questions that have not been taken during the event:
As EU company, are we allowed to keep sending prospecting emails to a contact database we've built on our own?
How Sales representative can contact prospects in that case via email?
That said, the webinar was very interesting, I recommend people to give it a watch to get prepared.
Thank you for your answers,
------------------------------
Cedric Brun
Head of Marketing & Lead Generation, Web Geo Services - Google Cloud Premier Partner
------------------------------
Comments
3 comments
You can send emails to your database if you have the consent from each contact - with a time stamp. Otherwise you can just delete them. The best way is probably to collect their consent before May 25th.
As for sales prospection, that's one of the gray area. As long as the service we promote is in line with the job role of the contact, we understand that it's OK to send direct email, i.e. promoting IT services to a CIO or IT director should be OK.
Regards,
------------------------------
Sandrine Duriaud-Leysens
Marketing and Communication Manager, Southern Europe & UK, Global Cloud Xchange
------------------------------
-------------------------------------------
Original Message:
Sent: 04-17-2018 09:40
From: Cedric Brun
Subject: GDPR - Email prospection is dead?
Hi everyone,
I watched yesterday the Webinar 'Maximizing Marketing Success in the Era of the GDPR' and I had a questions that have not been taken during the event:
As EU company, are we allowed to keep sending prospecting emails to a contact database we've built on our own?
How Sales representative can contact prospects in that case via email?
That said, the webinar was very interesting, I recommend people to give it a watch to get prepared.
Thank you for your answers,
------------------------------
Cedric Brun
Head of Marketing & Lead Generation, Web Geo Services - Google Cloud Premier Partner
------------------------------
Like Act-On said themselves in the webinar, I am not a legal expert and you will need to take your own guidance as to what will work best for you, and what your company interprets as compliance with the law. But that said, I do have some things to share about my company's approach.
My biggest concern about the entire project is that of gaining consent from existing contacts. Elements of the four pieces of legislation we are following (the GDPR/the Data Protection Act/the PECR/the ePrivacy Regulation) are yet to be finalised. This means that we have no choice but to carry out our re-consent exercise based on a 'best guess' interpretation of legislation as it stands.
And so, regarding existing contacts for whom you may not have GDPR-compliant evidence of their consent: remember that legitimate interest remains an option for marketers. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.
Where you are relying on legitimate interest as your legal basis for marketing, however, you are required to carry out a Legitimate Interest Assessment (LIA) and would be wise to document it. It isn't as simple as thinking 'this is reasonable; it is legitimate'. The existence of a legitimate interest would need careful consideration, including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
An LIA comprises a 3-stage test:
Before you contact a person or persons by email for the first time to talk about a product or service, you must think carefully about the following:
The Sales/Marketing teams will then keep a copy of this form on file, to serve as our evidence that we have given the campaign due consideration from a data protection perspective.
The ICO's website has detailed guidance on legitimate interest and the Data Protection Network has also published guidance that includes an example LIA template. A further note: if you are considering relying on legitimate interest for the processing of existing customer data, to comply with the GDPR, you should notify individuals of this. In practice, this means putting in the footer of the email the reason why you are contacting the person(s).
In due course, there will be another piece of EU-wide legislation that will sit alongside the GDPR: the ePrivacy Regulation. The ePrivacy Regulation as it is currently worded would require B2B marketing to use consent as a legal ground for electronic channels, just like B2C marketing at the moment. All companies should follow developments with the ePrivacy Regulation to see if legitimate interest will remain a legal basis for marketing. In the meantime, it makes sense to – as much as you can – put in place practices based on consent.
Ultimately, 2018 will see the biggest change in data protection and privacy for two decades and will have a global impact on companies of all sizes; public sector and government organisations, charities, professional bodies and associations. The GDPR is setting the tone for data protection and although the enforcement date is 25 May 2018, the regulators accept that many organisations will struggle to fully compliant by then. It follows that if you're not 100% compliant, it's important that you can demonstrate to regulators that reasonable steps are being taken. We believe the sum of the above actions will help us in the event that we are asked to demonstrate compliance.
------------------------------
Sion Stedman
Idox Software Ltd
------------------------------
-------------------------------------------
Original Message:
Sent: 04-17-2018 09:40
From: Cedric Brun
Subject: GDPR - Email prospection is dead?
Hi everyone,
I watched yesterday the Webinar 'Maximizing Marketing Success in the Era of the GDPR' and I had a questions that have not been taken during the event:
As EU company, are we allowed to keep sending prospecting emails to a contact database we've built on our own?
How Sales representative can contact prospects in that case via email?
That said, the webinar was very interesting, I recommend people to give it a watch to get prepared.
Thank you for your answers,
------------------------------
Cedric Brun
Head of Marketing & Lead Generation, Web Geo Services - Google Cloud Premier Partner
------------------------------
What an answer! Thank you so much for this.
I understand that emailing is not dead yet, but more the way we get the contact details which is still an issue to me as most of the contacts we have don't come from a form submission, at least for the moment as we are redesigning our digital strategy and our website will be more inbound friendly than we do today.
Have a great day.
Cheers
------------------------------
Cedric Brun
Head of Marketing & Lead Generation
Web Geo Services - Google Cloud Premier Partner
------------------------------
-------------------------------------------
Original Message:
Sent: 04-17-2018 10:58
From: Sion Stedman
Subject: GDPR - Email prospection is dead?
Hi @Cedric Brun
Like Act-On said themselves in the webinar, I am not a legal expert and you will need to take your own guidance as to what will work best for you, and what your company interprets as compliance with the law. But that said, I do have some things to share about my company's approach.
And so, regarding existing contacts for whom you may not have GDPR-compliant evidence of their consent: remember that legitimate interest remains an option for marketers. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.
Where you are relying on legitimate interest as your legal basis for marketing, however, you are required to carry out an assessment (LIA) and would be wise to document it. It isn't as simple as thinking 'this is reasonable; it is legitimate'. The existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
An LIA comprises a 3-stage test:
Before you contact a person or persons by email for the first time to talk about a product or service, you must think carefully about the following:
The Sales/Marketing teams will then keep a copy of this form on file, to serve as our evidence that we have given the campaign due consideration from a data protection perspective.
The ICO's website has detailed guidance on legitimate interest and the Data Protection Network has also published guidance that includes an example LIA template. A further note: if you are considering relying on legitimate interest for the processing of existing customer data, to comply with the GDPR, you should notify individuals of this. In practice, this means putting in the footer of the email the reason why you are contacting the person(s).
In due course, there will be another piece of EU-wide legislation that will sit alongside the GDPR: the ePrivacy Regulation. The ePrivacy Regulation as it is currently worded would require B2B marketing to use consent as a legal ground for electronic channels, just like B2C marketing at the moment. All companies should follow developments with the ePrivacy Regulation to see if legitimate interest will remain a legal basis for marketing. In the meantime, it makes sense to – as much as you can – put in place practices based on consent.
Ultimately, 2018 will see the biggest change in data protection and privacy for two decades and will have a global impact on companies of all sizes; public sector and government organisations, charities, professional bodies and associations. The GDPR is setting the tone for data protection and although the enforcement date is 25 May 2018, the regulators accept that many organisations will struggle to fully compliant by then. It follows that if you're not 100% compliant, it's important that you can demonstrate to regulators that reasonable steps are being taken. We believe the sum of the above actions will help us in the event that we are asked to demonstrate compliance.
------------------------------
Sion Stedman
Idox Software Ltd
------------------------------
Original Message:
Sent: 04-17-2018 09:40
From: Cedric Brun
Subject: GDPR - Email prospection is dead?
Hi everyone,
I watched yesterday the Webinar 'Maximizing Marketing Success in the Era of the GDPR' and I had a questions that have not been taken during the event:
As EU company, are we allowed to keep sending prospecting emails to a contact database we've built on our own?
How Sales representative can contact prospects in that case via email?
That said, the webinar was very interesting, I recommend people to give it a watch to get prepared.
Thank you for your answers,
------------------------------
Cedric Brun
Head of Marketing & Lead Generation, Web Geo Services - Google Cloud Premier Partner
------------------------------
Please sign in to leave a comment.