For the past several months, we’ve been seeing an upswing in conversations with clients around compliance with modern marketing legislation. CAN-SPAM, CASL (Canada Anti-Spam Law), and EU cookie laws are weighing on marketers’ minds. Let’s take a look at the current state of affairs and how you can stay compliant to avoid some pretty scary legal issues.
Since the 2003 introduction of the U.S. CAN-SPAM law, traditional email and marketing automation (MA) systems have been built to handle fairly straightforward email-centric opt-in and opt-out scenarios, and marketers have become accustomed to including proper unsubscription links and all that. But due to recently enacted laws in other countries and regions, combined with increasing privacy concerns on the part of consumers, marketers need a whole new approach to legal compliance.
First, let’s take a look at the legislation itself.
- The hottest issue right now is probably the Canada Anti-Spam Law, or CASL, which came into being in 2014 with a three-year transitional grace period. As of July this year, however, the provisions of this tough law will be enforced. CASL applies to all electronic messages that organizations send to, from, or within Canada to in connection with a “commercial activity,” and requires (with just a few exceptions) that senders must receive consent from recipients before sending messages.Violate the email preference and opt-in regulations of CASL, and you can get slapped with criminal charges, civil charges, personal liability for company officers and directors, and penalties up to $10 million.
- The “EU Cookie Law” started as an EU Directive that gave individuals the right to refuse the use of cookies that reduce their online privacy. Under the cookie law, you have to first inform visitors that your site uses cookies, and then you must give them the ability to opt out of being tracked. Previously the onus was on visitors to disable cookies or periodically clear cookies from their browser.
All the EU countries adopted the directive in 2011, and each country then updated its own laws to comply. (The UK updated its Privacy and Electronic Communications Regulations (PECR), so despite Brexit, as long as PECR is in place, consent for cookies is still required in the UK.)
- The EU General Data Protection Regulation (GDPR), approved in April, was designed to better protect EU citizens from privacy and data breaches. It will be applicable to EU members in spring 2018, and will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20M, and “not having sufficient customer consent to process data” is among the most serious infringements.
Clearly, to avoid potentially large fines and legal repercussions, yet still be able to market your business, you need to create the means for people to subscribe and unsubscribe not just globally from your systems, but by business unit, region, product, country, asset type, etc. And such a system needs to be fully searchable and reportable by the marketing organization. With so many organizations having multiple lines of business with global reach, not to mention a vast array of communications channels for countless products and services, you don’t need to be a legal or technology expert to see that staying compliant under all this scrutiny is going to require some work.
Custom preference centers make compliance a positive opportunity
As with so many things, regulatory compliance can be a blessing as well as a curse. By forcing us as marketers to better manage individuals’ privacy requirements, governments are actually helping us do a better job of marketing to them.
Preference centers have become tremendously important, and we’ve been doing a lot more work recently developing custom preference centers with functionality beyond what comes in the email or MA too. A global, multi-lingual center with double opt-in typically sits outside the marketing automation system and gives individuals the ability to manage their own preferences, such as:
- Subscribe/unsubscribe based on business unit, product line, etc.
- How frequently they want communications
- What media channels they want you to use in communicating with them
Users love them. From the user’s perspective, the ability to go to a tailored preference center and manage communication preferences at a detailed level makes for an enhanced user experience with your company. Building a preference center shows that you are listening, for one thing. Many people just want fewer emails or emails based on their specific areas of interest, and would much rather NOT unsubscribe from everything – if only you gave them the choice.
Companies (and corporate counsel) demand them. Until recently, Marketing had to beg for budget to build a custom preference center to help with segmentation and nurturing. Now, the executive team is begging marketers to do it and practically throwing money into the marketing budget: now it’s a corporate initiative because there are legal ramifications to being non-compliant.
Marketing is empowered. An initiative driven by both the marketing organization and the legal/executive arm – even if for different reasons – is fantastically effective at achieving results. With this custom preference center, marketers build insight into what those individuals are really interested in. Rather than hindering your ability to market your products and services, giving preference power to the user enhances your digital profile around the individual’s areas of interest and most effective channels for communication. For example, if someone unsubscribes one product line and subscribes for another, that gives you data points on what action to take next. If people opt out of cookie tracking, you can’t figure out their interests from product page visits but you can see what pieces of content they download. If an individual opts in for text/SMS and out for email, you now know the best way to communicate with that lead.
Ask yourself these questions:
- Are marketing contacts shared across countries, regions, or business units?
- Do the regions or business units use different tools or platforms for their outbound marketing?
- Do you have a master consolidated database of contacts, or does the data live in different systems?
- Are you marketing in multiple languages?
- In how many different mediums (email, SMS, tactile, telephone, etc.) are you marketing?
- What’s the best way to present preference data to your target audience?
Oh yes, much to consider in all this. You may well want to consider consulting an expert firm like DemandGen to help you think through your use cases, understand how your target audience will need to interact with you, and how to present their preference data to them most effectively. We’re ready to help.
Adam Pierce, Director of Sales, helps demand marketers launch and build long-lasting relationships with the DemandGen team. With more than 15 years of industry experience in B2B and B2C sales and sales management roles, Adam contributes a unique perspective on marketing and demand generation as a “sales leader with a marketer’s mentality.”
The post Modern Marketing & Compliance: Friend or Foe? appeared first on DemandGen.