We've now been covering the implications of the GDPR for marketers and their audiences since 2015 on Smart Insights with many articles contributed by guest experts specialising in privacy law for marketing.
Initially, there was a lot of speculation and it was difficult to provide practical examples since ultimately what businesses need to know is to how to update their forms for collecting email addresses and the copy explaining consent for communications in their privacy statement. As the Information Commissioners Office provided more guidance there were some simple sample examples provided in templates, but these didn't cover the range of situations where businesses in different sectors needed to implement them.
Today, as we fast approach the deadline, we can learn from the examples of larger companies who have implemented new forms and privacy notices. We don't know they are GDPR compliant in that they haven't been independtly assessed, but the examples we give here are large businesses who will have taken advice from specialist lawyers.
In this article, we don't explain the concepts of personal data, consent and legitimate interests, those are covered in our members guide and likely you are familiar with them already, so we'll concentrate on the examples. We will start with privacy statements and then look at forms and copy asking for consent.
Download Premium Member resource – GDPR Briefing for Marketers
Learn the requirements of GDPR for businesses and get practical recommendations on how you need to update your data collection forms, privacy statements and re-consent.
Access the GDPR and ePrivacy briefing for marketing professionals
Your privacy Policy can no longer be something that only your lawyers will understand. The GDPR requires information to be transparent, simple to understand for the intended audience and accessible. You’ll need to consider both your layout and your language.
Here are our examples of good practice
Example 1:
This example follows the structure of the GDPR and references features like 'legitimate interests'. We like it since it is clearly written for the end user, transparent about the data sources and use and clearly structured. However, it is long due to the importance of different types of data processing in insurance products.
Structure of AA privacy statement:
Under legitimate interests, it covers marketing communications specifically:
i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match.
It's interesting that it specifically mentions the options available from Facebook and Google to enable uploading of customer lists to find lookalike audiences and for retargeting based on email address.
Example 2:
You will know that Facebook has a strong need to be transparent about its privacy. We have chosen this example for the structure, similar to the A, which explains privacy in an easy to understand way. It's very different from previous Data Protection Act notices from Facebook and others which were more legal in tone and near unintelligible.
Example A. Lead generation / lead magnet example form
This example follows the requirements of the law closely since it doesn't require you to opt-in to future communications in order to receive the offer. It shows you don't have to use a tickbox instead using a radio button. Tests referenced by Tim Watson in his well-worth-a-read post giving example GDPR consent forms shows that radio buttons can perform better than the more traditional opt-in tick-box.
Example B. B2B Email newsletter sign-up
While this example illustrates compliance well, it is arguable whether it is needed if you bundle additional resources or explain the range of communications will receive. The discussion on Tim's blog gives the example of his own opt-in at the foot of articles.
Example C. Retail.
This example also includes an affirmative action based on selecting a radio button. It also follows good practice since it has a compelling description of what's available. Not simply 'Receive marketing communications', but detailing the types of offers and coupons available. Retailers are in a strong position since they can offer these incentives.
Note that it can be argued under the Privacy and Electronic Communications Regulations that opt-in is achieved 'during course or negotiations for sale' and this an additional tick-box is unnecessary. For example, at the time of writing Amazon UK doesn't give a choice. It would be interesting if the Information Commissioner went after Amazon for failing to give this guidance.
Example D. Retail, part of a larger group
Since Tesco Grocery may want to share customer data with other parts of the group which are not for 'similar products and services' in the words of the PECR, Tesco asks for sign-in to the Tesco Group. It has pre-ticked the box, presumably on the basis that is during the course of negotiations for sale.
Example E. Publisher
Economist Free Email newsletter sign-up
This example is complex since the Economist wants to distinguish from signing up for the enewslettter and other communications. Both use a different implicit format to gain consent which isn't straightforward to understand since you have to opt-out in a different way. However, they are transparent about types of communications.
And that's our final example. I hope these have proved interesting and useful to benchmark against your approach. For further discussion do let us know on social media, especially our Facebook members' group.
By Dave Chaffey
Digital strategist Dr Dave Chaffey is co-founder and Content Director of online marketing training platform and publisher Smart Insights. 'Dr Dave' is known for his strategic, but practical, data-driven advice. He has trained and consulted with many business of all sizes in most sectors. These include large international B2B and B2C brands including 3M, BP, Barclaycard, Dell, Confused.com, HSBC, Mercedes-Benz, Microsoft, M&G Investment, Rentokil Initial, O2, Royal Canin (Mars Group) plus many smaller businesses. Dave is editor of the templates, guides and courses in our digital marketing resource library used by our Business members to plan, manage and optimize their marketing. Free members can access our free sample templates here. Dave is also keynote speaker, trainer and consultant who is author of 5 bestselling books on digital marketing including Digital Marketing Excellence and Digital Marketing: Strategy, Implementation and Practice. In 2004 he was recognised by the Chartered Institute of Marketing as one of 50 marketing ‘gurus’ worldwide who have helped shape the future of marketing. My personal site, DaveChaffey.com, lists my latest Digital marketing and E-commerce books and support materials including a digital marketing glossary. Please connect on LinkedIn to receive updates or ask me a question.
This blog post has been tagged with:
Implications of the GDPR for marketing in UK and EuropeTurbocharge your results with this toolkit containing 11 resources
The Digital Marketing Strategy And Planning toolkit contains:
Start your Digital Marketing Plan today with our Free membership.
Recommended Blog Posts
Discover how to use our customer journey mapping template to create actionable insights to improve your marketing In today’s digitally connected world, customers have a myriad of choices when it comes to connecting with brands and businesses. There are many …..
Our guide to creating a SWOT matrix analysis to prioritize digital marketing strategy with the TOWS technique A SWOT analysis is an essential part of any business or marketing plan. It allows you to create a plan of action based not …..
It’s not enough to create buyer personas and leave them getting dusty on the shelf. Find out how to apply customer personas to inform each stage of your marketing strategy What are marketing personas? Customer or buyer personas are fictional …..
