3 creative and compliant ways to gain consent

Topic: How-to guides, Marketing

It is important to note that while we have checked our sources and are confident in our interpretation, this article does not constitute legal advice. 
Ahead of the General Data Protection Regulation (GDPR) that comes into effect on 25th May 2018, all businesses need to review whether their current data processing activities are compliant.

Data processing covers the collection, storage and use of data, and under GDPR there are six ‘lawful bases’ that allow this activity. We’ve written a guide to one of these – legitimate interests – that for most private companies may be the best approach to take for your active customer databases.

In contrast, here we’re offering suggested approaches to contacting prospects and lapsed customers once GDPR takes effect in May 2018.

Defining prospects, customers and lapsed customers

  • prospect is someone who has provided you with their contact information, but hasn’t (yet) taken the next steps of making a purchase, booking an appointment, or formally registering to utilise your services
  • A customer is someone who has taken those next steps, and our previous blog post goes through the requirements you need to consider to continue to contact them
  • A lapsed customer is someone who was a customer but isn’t a customer any more. Exactly how you define a lapsed customer will vary from business to business, and industry to industry. For example, at Esendex, we take the view that a customer is officially ‘lapsed’ 12 months from the date of their last purchase – because in the nature of what we sell (principally SMS), it can take several months for the customer to utilise that service.

In the case of both prospects and lapsed customers, it is probable that gaining consent will be the most appropriate lawful basis for communicating with them, because legitimate interests are only valid when you can demonstrate an “existing customer relationship” (source: Direct Marketing Association).

Gaining consent

How you approach this now depends on how you have approached this in the past.
If you have always provided a tick box at the point at which you collected their data to say ‘Yes! I would like to receive updates about products and services…’, and allowed people to actively opt-in by ticking that box, then, assuming that they have had the opportunity to unsubscribe, you will simply need to be able to demonstrate that consent.

However, most businesses haven’t done this: they’ve either rolled in consent with their normal terms and conditions of service; they’ve pre-ticked the consent box, or they’ve missed this step out altogether.
If this is you, don’t panic.
Going forward, you need to have a tick box at the point of gathering data which invites individuals to opt-in to receive messages from you. This must be separate from other terms and conditions and not pre-ticked. eConsultancy lists some great examples of different retailers, media companies and charities getting this right.

GDPR Preferences via SMSWhat can you do about your current database?

You’ve probably already started to receive ‘re-permissioning’ emails from companies asking you to re-confirm that you would like to receive emails / text messages.

These typically direct you to a preference centre where you can select your preferred channels, what content you’d like to receive, and who gets to process your data.

C5 Communication’s preference centre is in line with what ICO (the body implementing GDPR in the UK) is looking for.
If you take no action, these companies will remove you from their databases as at 25th May 2018.
Similarly, if you haven’t already got an explicit opt-in from your prospects and lapsed customers, we’d suggest you take this opportunity to win more subscribers.

3 practical ways to gain consent

Before even considering this exercise, you need to ensure two things: firstly, that your prospects and lapsed customers haven’t unsubscribed. You can’t contact people who have unsubscribed.

Secondly, that your original method of collecting the data was inline with PECR’s guidelines. If you’re unsure about this, it’s probably better to err on the side of caution, and use a non-electronic means refreshing consent (direct mail is not subject to the same rules as electronic mail).
Number 1Email consent
Emailing your prospects and lapsed customers to ask them to confirm if they want to continue receiving content from you going forward is quick, easy and cheap. However, if your email open rates aren’t great to begin with, the amount of people who’ll see this request will be limited. For some ideas we like this re-engagement blog post from IMPACT – or just check out your own inbox!
Number 2SMS Survey consent
With a 95% open rate for text messages (source), an SMS Survey overcomes email’s visibility challenges, and as you can see from the above screenshot, can replicate the functionality of a preference centre. However it’s probably not best suited for email preferences, so would need to be combined with an email or direct mail campaign.
Number 3SMS + mobile-first preference centre
To overcome the limitations of an SMS Survey, try coupling a text message prompt with a mobile-first preference centre. Most preference centres are not designed with the mobile user in mind, and an unfriendly user experience here will result in fewer people completing the exercise. A service like a Mobile Journey delivers full preference centre-functionality, but puts the needs of the mobile user first, as our example shows.
Mobile first preference centre
At the point at which GDPR becomes effective, any prospect or lapsed customer who hasn’t specifically opted in to receiving messages from you should be removed from your database.

Yes, it’s quite possible that your database will be reduced as a result of your GDPR preparations, but on the plus side, the people that do opt-in will be more engaged –  and you’re probably losing people who weren’t that excited about hearing from you in the first place.