When GDPR Goes Wrong

It has started – the mad, desperate scramble to get me to re-opt-in to companies' mailing lists ahead of the GDPR deadline on the 25th of May.

I had always predicted that this was going to be a bit of a challenge, but I hadn’t realised why.  This screenshot gives you an example of kind of issues that marketers face:

The inbound email came from a reputable supplier with whom I have dealt before; someone whose email list I do want to be on.

In this case, assuming that this isn’t just a down-and-dirty case of phishing, it’s a spam filter issue. Technically speaking, by asking me to confirm I want to receive their information, the opposite is also true: If I don’t click, I don’t want the email.

And the evidence shows that in most cases, consumers choose the second option.

This is the second time in two weeks that a company has had a tech issue trying to reach me. The first one was as simple as someone not setting a private form public – again, a company from whom I want to hear.

These are the issues for companies that I love, companies with whom I willingly engage. What I can’t tell you is how many other companies looking for me to opt-in after May 25th that have had similar issues. Why don’t I know? Because I haven’t clicked.

It wasn’t that looking at bullet holes meant looking at the wrong part of the aircraft; it was that they were looking at the wrong aircraft in the first place – the ones that came back.

And that is the point of this piece.

In the Second World War scientists spent an enormous amount of time analysing the bullet holes in returning aircraft to optimise the positioning of reinforcements. It wasn’t until a bright spark pointed out something so obvious – and yet so significant it arguably changed the course of the war.  It wasn’t that looking at bullet holes meant looking at the wrong part of the aircraft; it was that they were looking at the wrong aircraft in the first place – the ones that came back.

And the same is true with GDPR re-permissioning.  You need to not look just at the emails to which people replied, but those to which they did not. Understanding the reason for the lack of response is important. Assuming you are unloved or unwanted is flawed.

As the incessant countdown towards the 25^th of May continues, lots of companies are going to run out of time to test and refine their GDPR opt-in strategy. 

https://t.co/ShwGvvYbmn With #GDPR just 3 months away, we analysed feedback on a specific #marketing question. Here's what we found #GDPRWeek #compliance @consumerintel

— Tom Flack (@thomasflack) February 16, 2018

 Many more haven’t yet worked out that they need a strategy in the first place.  Someone recently pointed me to a standard called PECR (The Privacy and Electronic Communications Regulations) and said they complied with that, so “It’s all good”.  No, it isn’t. Parts of PECR are untouched by GDPR, and parts of PECR are overwritten or tightened by GDPR. But it isn’t a smorgasbord: You can’t just select the tastiest morsels.

But GDPR isn’t a smorgasbord: you can’t just select the tastiest morsels.

The noise of GDPR is going to grow over the next few weeks, and it is important that you don’t leave it until the volume is so loud that it is deafening – or worse you send out something only to have it intercepted by spam filters.  Those filters are going to be working on overdrive.

So, this is my plea to you.  Do something, and do it now.  Get someone, anyone, in to do an audit, just to see whether you have a problem or not?  Surely you owe yourself – if not your customers – that?

• Read more on GDPR

Post a comment . . .