How to Make GDPR Work For You

Last updated May 09, 2018

The following is a guest post by Matt Harris, Co-founder and CEO, Sendwithus.

At this point in the game, every company that needs to prepare for the GDPR (General Data Protection Regulation) should be close to ready. You’re:

Instituting data protection by design
Updating your Privacy Policy
Revamping your sign-up process to ensure consent is given by affirmative action
Making it easy for users to update, export, or delete their data
Establishing an incident response plan to ensure both users and authorities are properly notified within 72 hours in the event of a breach.

And that’s just a high-level overview — this handy checklist goes into much more detail.

But even my abbreviated list feels like plenty, doesn’t it? Yet there are additional things you should be doing, not just for GDPR compliance but also to benefit both your business and your customers.

One of those things is overhauling your email strategy. I know everyone has told you to audit your list, and maybe you already have, but I’m talking about going even further than that.

“If your list cleanup is focussed solely on EU customers, or solely on subscribers and collecting re-consent, the job is only half done.”
— Matt Harris, Co-founder and CEO, Sendwithus

Even though your efforts probably mean you’ll be compliant enough, it’s worth doing it for all your customers, no matter where they live. The result will be not just a finely tuned list but also an actionable plan for boosting engagement with those customers who remain.

Expand your strategy even further by going beyond just those customers receiving marketing emails and include those existing customers who receive transactional emails. The GDPR’s consent requirements don’t apply to transactional emails in the same way they do for traditional marketing messages but the value of these emails and of the customers who receive them take on added importance in a post-GDPR world.

Segment Your Customers

Segment email list — Segment your customers using your ESP or SQL query.

First, segment your customers based on the following criteria:

Group A

Customers who have purchased or created an account but who are not receiving marketing emails.

Group B

Customers who have purchased or created an account and who are receiving marketing emails, either because they opted themselves in or because you opted them in based on past activity. (Seriously - some companies still have people on their lists who were automatically opted in just because they bought something or created an account. If this is you, just stop.)

Group C

Email addresses belonging to people who’ve never purchased and who don’t have accounts but who are receiving marketing emails due to a previous opt-in.

Overhaul Your Strategy

The next step is to implement a strategy to boost engagement with each of these three groups in ways that are GDPR compliant.

Group A

You don’t have to do anything. No, I’m not kidding. These are existing customers that only hear from you in relation to a purchase or when it’s necessary as part of their ongoing relationship with you, e.g. order confirmations, app notifications, password resets, policy updates, etc.

As such, your communications with them fall under the GDPR’s “legitimate interest” provision, so you’re not required to obtain consent to continue.

That said, transactional emails are invaluable for deepening customer relationships, fostering brand loyalty, and maximizing the revenue potential these customers represent.

Develop a strategy for optimizing transactional emails to:

Reinforce transparency, privacy, and trust messaging
Encourage opt-ins to email marketing
Solicit referrals or reviews

Kick it up a notch. Take advantage of the huge marketing potential these emails represent by personalizing with relevant cross- or upsell offers, content recommendations, or even simply to reinforce your brand experience. Just be sure that you have consent for any personalization data you use or that you’re using data for which consent is not required, e.g. product info to recommend related items.

Google Flights personalize their emails with geographic information based on your destination.

Group B

You can go one of two ways with these customers:

Reach out and ask for consent to continue sending marketing emails
Proactively opt these customers out of marketing emails and continue to communicate only via the transactional and triggered emails that fall under “legitimate interest”

Optimizely use a creative opt-in email for consent.

Before you jump on option 1 as the only way to go, bear in mind that with option 2, you can continue to engage these customers, and even encourage them to opt back in, through the transactional email optimizations recommended for Group A — which might actually result in a better customer experience.

Group C

These are the people you must obtain new consent from in order to continue sending emails. Some have argued that a case can be made for “legitimate interest” if customers have opted in at some point in the past but I believe that would be unwise.

Your past sign-up processes were probably not GDPR compliant and your methods of documenting and storing the consent you did collect probably weren’t either. So to CYA, ask for consent again, in a way that is compliant and with a process in place to properly document and store that consent.

Addressing this last group is the one that instills fear and dread into the hearts of many marketers. It’s the one that directly impacts the metric they’ve held most dear for a very long time — list size. But isn’t a smaller list of engaged customers far more valuable than a huge list of email recipients who rarely open or click? A shift in focus from list size to list quality is long overdue and will benefit both your customers and your bottom line.

Not only that but by expanding your email strategy to include the optimization of transactional email, you’ll also expand your efforts to include the entire customer lifecycle, allowing you to extract more value from those further along in the journey and rely less heavily on top-of-funnel.

Your email program will become more balanced, a tool not just for attracting new customers but also for improving the customer experience and building brand loyalty. And that can’t be anything but a good thing.

About Sendwithus

Sendwithus has been helping leading brands, including Microsoft, Autodesk, and Zillow, craft exceptional communications experiences since 2013. Dyspatch by Sendwithus is a cloud-based, communications management platform that allows Enterprise organizations to centralize email security, compliance, and reputation management while streamlining collaborative creation, revision, and approval workflows. The GDPR-compliant solution empowers teams to deliver powerful, global communications that engage customers, drive growth, and increase revenue.