If January is a time to tackle what you keep putting off such as losing weight or getting fit, then what better time to get your digital marketing approach to privacy sorted out. The good news is that it isn’t as hard as you think.
Here we set out a handful of simple(ish!) steps to ensure you have a consent process in place for the three digital marketing cornerstones that most businesses rely on, namely:
- Digital advertising
- Email marketing (which is readily adaptable to other direct digital marketing such as chat, push notifications and SMS)
The topic of online privacy is not helped by buzzwords. It’s not helped by cookies and privacy being seen as separate “projects”. It’s also not helped by falling across the separate silos of law, IT and marketing or by GDPR’s complexity and flaws.
However expectations and enforcement are ramping up. And people posing as privacy activists are also seeing non-compliant businesses as an opportunity to ask for money. With the law probably on their side, the costs of dealing with non-compliance are increasingly outweighing the costs of getting your house in order.
As a minimum, it now makes sense to take some sensible steps to avoid being among the easiest targets. It is also becoming clear that a good portion of now standard analytics and advertising techniques, will only be available to businesses able to get and prove that they have “consent”.
Here are five steps that we think everyone should now be taking:
- Get a “Do not pass go” cookie banner that actually works
- Put clear privacy information wherever you collect email addresses and get a linked “preference centre”
- Make risk-based decisions on your approach to targeted advertising and analytics
- Implement automated deletion of out of date contact information
1. Get a “Do not pass go” cookie banner that actually works
Our suggested approach to cookie consent is to make customers take a decision before they can use the site (i.e. an overlay banner). This is all very achievable with a low-cost consent management tool.
What these tools don’t advertise though is that they rarely work out of the box, despite suggestions to the contrary. The user interface will work but the actual placing (or otherwise) of cookies almost always needs a lot of configuring before it does what you expect it to do (i.e. respect the choices your customers make). As a result many companies now have banners that aren’t actually doing what management think they are doing!
The configuring part, which we usually do in Google Tag manager, does need ongoing management as things will “break” or get out of date over time. Yes it’s a process that needs putting in place but it is perfectly doable.
2. Put clear privacy information wherever you collect email addresses and get a linked “preference centre”
The days of assuming that you can do whatever you like with an email address, even one given voluntarily, are over. Instead you need to get permissions for specific purposes (e.g. marketing). The place to do this is the point at which you are given the email address (i.e. the form on your site or app).
Having got permission, you then need to make it easy for permissions to be updated. Rather than just a simple unsubscribe option, a “preference centre” is a better option. All this is a single destination on your site where customers can decide exactly what messages they do and don’t want to receive from you.
Although doing this well (maximizing consent whilst genuinely respecting privacy) requires a clear strategy and attention to detail, technology is finally making it doable. If you are using a tool like HubSpot these consent features will now be built in.
The point, is the ability to do all this is now within the reach of most businesses, which wasn’t the case two years ago.
3. Make risk-based decisions on your approach to targeted advertising and analytics
The first part of this is to understand what analytics and advertising your business is currently involved in. Even use of standard products such Google Analytics, Google Ads and Facebook Ads have quite significant privacy implications.
At its simplest, we suggest getting to answers for the following questions:
- How explicit a consent do we need for Analytics?
- Every company will have different red lines on these questions. You will need to debate them and then draw up a policy..
Management being involved in the above steps will go a long way to understanding the privacy implications of your marketing activity. Our view is to write the first draft of the policy as a team and only once that is done, get the lawyers to take a look. This will have two primary benefits:
- It will increase understanding across your teams
- It will result in something more customer friendly
5. Implement automated deletion of out of date contact information
Old forgotten about contact information in your systems is a risk. Being proactive about cleaning up data routinely will also deliver a better marketing result. Most modern CRM systems will allow you to set-up automated rules so you can delete information on sensible timelines (and ones tailored to different situations e.g. you’d retain a contact for longer if they have made a purchase than you would if they have never purchased and don’t interact with any of your content).
As with all the other steps, debating and agreeing the right approach for your business is the starting point.
Doing the above certainly does not guarantee full compliance. Hopefully though they are achievable steps that businesses can make a firm part of their early 2022 plans. We urge you to make this a key New Year’s resolution and of course would be happy to help you on that journey. If you would like to schedule a meeting to discuss any of the above please select an available date from the calendar>>
In the meantime, fingers crossed for a great, uninterrupted, Christmas!