Businesses need to prepare themselves for changes to the ePrivacy Directive in preparation for the forthcoming General Data Protection Regulation (GDPR).
The changes are set to come into effect 25th May 2018.
Earlier this year, the EU Commission ‘quietly’ proposed a new Regulation on Privacy and Electronic Communications to replace the ePrivacy Directive.
The proposed Regulation will address the rules of confidentiality of electronic communications, including VoIP, cold calling, third party website tracking, and SMS marketing.
If your business currently collects data to market to, you may have to act differently under new regulations.
VoIP allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line. One of the attractive features of messenger apps like Whatsapp is that you can make in-app VoIP phone calls without the cost for the call being attributed to the user’s phone call minutes allowance.
The new Regulation could change all of that.
Opting in to tracking
The key proposed changes include a departure from the current third-party website tracking practice.
At present, websites using cookies and other similar technologies assume a “notification and implied consent” method of visitor opt-in. Under the new rules, web browsers must ask visitors to opt-in to tracking via their own privacy settings, putting the ownership onto the visitor.
Cold-calling is also going to be hit hard. All Telemarketing phone calls must display their phone number, or use a unique prefix to indicate that the incoming call is for telemarketing purposes. Ultimately, this gives the receiver the opportunity to instantly decline the call, as well as making it easier to block future calls from that number.
The Regulation on Privacy and Electronic Communications is aligning itself in this way to ensure that it is ready for the forthcoming GDPR.
The GDPR will take effect from 25 May 2018 and will mean any company that offers goods and services, or tracks individuals, in the EU will faces serious changes as to how they market to end users.
The purpose is to increase the rights of individuals when it comes to their data, and therefore, increase the fines liable to businesses or organisations that breach these individual rights. These fines can be in excess of £10million for unsolicited marketing messages or security breaches.
Article 5 sets out the new rules that businesses will have to comply with;
- data must be processed lawfully, transparently and fairly
- personal data must be collected for an intended, limited and explicit purpose
- data collected must be minimal to include what is necessary to the purpose
- data must be up to date and accurate
- processing data must have the appropriate level of security
- the data controller must be responsible and compliant with these principles
“Hard opt-in” is king
If we take SMS marketing as an example, the new regulations will mean that if you wish to market to a consumer you will need to have obtained “freely given, specific, informed and unambiguous” consent from your contacts.
“The silver lining to this is that any data collected after the regulations come into play will be directly targeted to those customers that are interested in your product, service or marketing campaign and as such, the ROI from an SMS campaign, for example, will be higher than before.” – Gareth Davies, Managing Director, Voodoo SM
It is simply not enough to just have a customer’s mobile number and send an SMS to them if they have previously filled out a contact request on your website.
Under new rules, the customer must explicitly state that they are happy to be marketed to by way of SMS via a tick box or other means of agreement to the marketing campaign.
This is what is called a “hard opt-in”.
How to prepare your business
Preparation is key. Audit the way that your business gathers customer data and think about how to employ hard opt-in permissions.
Your business could:
- offer something of value – a loyalty scheme offering discounts or updates for your customers may entice a hard opt-in at check-out
- competition – a competition is a great way to get people opted-in, just make sure it is very clear that they are signing up to a marketing campaign
- transactional – transactional messages, especially via email, are a great way to request customers opt-in to other types of marketing, like SMS
- promote your marketing campaign on your website with explicit tick box permission-granters
- harness the power of social media to encourage customers to opt-in