Comply or die? Or just hit the erase button? That's the prospect facing email marketers before May 2018's deadline for GDPR fines to come into place. As
reported on Monday, 58% of marketers are not sure their
own data lists are compliant, and a similar number are wary of buying in data from a third party for the same reason. It's a quandary.
Research studies have consistently shown that the vast
majority of email marketers are not yet ready for GDPR's deadline next year. Most marketers are either devising a strategy or waiting to see what happens. The reality for any company hoping the new
European rules somehow disappear is that they will come into action while the UK is still a member of the EU. What's more, the mood among British businesses, according to the British Chambers of
Commerce, is for regulators to keep EU
rules.
They may have complained about them at the time, but having the same rules as the EU makes it easier for companies to export, so they would rather see the majority of today's
regulations maintained. One can easily imagine how this notion applied to new data privacy rules. Why would UK marketers want to have different lists for UK and EU residents? It just wouldn't make
sense -- so GDPR will not only become law, it will almost certainly be maintained as UK law post-Brexit.
Which brings us full circle back to compliance. The majority of marketers are not
sure their lists are compliant and the majority also aren't sure they can prove that third-party data they bring is legal. The cost of becoming compliant is significant, both in terms of people hours
and the slimming down of lists. The lifeboat charity, the RNLI, has been one of the few organisations to be open about this. Becoming compliant by repermissioning its lists to provide fully informed
consent has cost it thousands of email addresses and hundreds of thousands of pounds in costs -- and most significantly, lower donations.
So one suggestion is that many companies may already
be running fully informed sign-ups today and will simply ditch older lists when the time comes. Experts who are suggesting this will happen point to third-party lists as being the first that will
go.
It's easy, as an individual who doesn't have to go through this to advise companies to get repermissioning sooner rather than later because it costs them nothing. But if you accept that
from this coming May you will have a year to be compliant, that's still a full year to ask people to sign up at a preference centre and give informed permissions. If you leave it until this time next
year, however, the May 2018 deadline will be upon you -- and before you know it, your finger will be hovering over the delete button.
Sadly, I suspect this is the terrible dilemma that many
companies will end up facing, but with more than a year to repermission lists and with more than a year to go for you to tell subscribers you will stop contacting them if they don't get back to you,
there's still plenty of time to avoid the awful prospect of erasing databases and starting from scratch.
Repermissioning is a pain but it has to beat hitting delete every time, doesn't it?