GDPR the data wave we need to be ready for banner image

Preparing for the Future of Data Protection

Lucy Hemingway 7 years ago

Media sites and brands have been hasty to brandish the ‘General Data Protection Regulation’ (GDPR) as ‘a complication’ or ‘struggle’ at best and as Adage put it, capable of ‘rip(ping) global digital ecosystem apart’ at worst.

GDPR is the new data legislation coming into full force on 25th May 2018. This law will affect each and every one of us in one respect or another, be it consumer or marketer, so with less than 12 months to go before the legislation comes into force, we give you the information you need to start your preparations for GDPR next year.

What is GDPR?

Anyone working with consumer or employee data such as email addresses, names and telephone numbers should be well familiar with the current data protection policy which has been in place for the last 19 years (The DPA).

At the time, the legislation brought a level of control over how external parties could use personal data, giving consumers greater trust and brands better engagement with consumers who decided to part ways with their information.

The DPA is formed around eight principles which, without going into too much detail cover how personal data should be handled, obtained, processed and kept.

The latest round of amends to the DPA legislation will see every company in Europe (Brexit or not), responsible for legally proving permissions for the data they hold and will hold in the future. This includes clarity around ‘the right to be forgotten’, data transfers, profiling and consent to name just a few and expands to ‘online identifiers’ such as cookies and IP addresses.

Why bother? Well a tidy fine of either €20 million or 4% of global revenue is at stake, as well as a prime opportunity to shake up your CRM team and get better conversions and ROI from your subscribers. We think that's reason enough.

So why the legislation update?

For an extended period of time, brands have had access to a huge pool of data and the line between authorised communications and misuse has been somewhat blurred. The trust between consumers and the brands they choose to engage with has evolved and brands have to work a lot harder to keep loyal visitors.

We’ve all been there, questioning when exactly we gave that company our email address or phone number, when actually we have consented to multi-party usage without being fully aware. But the question is - has this ever really been effective marketing?

Here are our six biggest recommendations for what you and your team should be doing in preparation for next year’s incoming legislation. These tips will not only help you on your way to conforming but will also improve your communications with your audience. Grab a pen and take action!

  1. Achieve C-Suite buy in 

    One of the most effective ways of pushing a project through to completion is making sure the senior executives in a company recognise the impact. Ask for ‘GDPR preparation’ to be put on the company objectives for the year and agree actionable deadlines for when and how you’re going to do it. If you have an email database of 100,000 with unclear sign up data, it’s going to take a large portion of time to segment and sort into automated nurture pots!

  1. Ask for expert advice

    Seeking the advice of a data protection consultant will never harm your brand. Over and above your standard governance policy, the expertise of a consultant will build you a roadmap for not just reaching compliance by May 2018 but what maintenance and improvement looks like post GDPR update for the years to come.

    The best starting point would be to reach out to the Information Commissioner’s Office (ICO). As the team who are bringing the enforcement in next year, they are well positioned to offer a GDPR downloadable guide and a team of experts ready to help. It is also worth mentioning that, provided you are currently following the October 2016 privacy notices of practice your brand should be in line for complying with GDPR in 2018…

  1. Create ownership

    As we saw May 25th 2017 come and go, The Drum reported in a recent survey that 24% of companies were yet to start putting together plans for tackling GDPR, yet over half of those interviewed believed their organisations would be ready for the 2018 deadline. Now, this is either lack of information or lack of understanding of the potential consequences involved with not complying, but as a YouGov survey highlighted, '16% of marketers don’t think GDPR is relevant to their business', there could also be a fear over ownership too.

    Our suggestion to brands would be to put together a team of colleagues to own the successful delivery of GDPR compliance by the end of the first quarter in 2018.The suggestion would be to have marketing minds in the room familiar with the CRM, but also people with an appetite for data and any legal minds you may have in the office! The important thing to achieve from your GDPR team is ownership and total understanding of why compliance is as important as bringing sales in.

    Once you have your project team together, you can break down actions into months and work out your strategy for nurturing, retention but new business too. As you’ll have learnt, this will involve assessing what your brand is currently doing in the way of email sign up approval (opt in or double opt in), and then assessing those contacts which need to either be accounted for or re-engaged with. Diverting responsibility of addressing GDPR will unfortunately not erase the elephant in the room, only your team can prepare for the data wave ahead.

  1. Analyse your CRM

    The best place for you to start is with the data you currently hold. It’s important to have a secure CRM system for your consumer data, any information about your consumers including their opt-in preferences, interactions and profile can all be stored in one place. Among other things, a neat and tidy CRM enables you to deliver targeted campaigns and monitor your audience’s behaviour to different content types, so it's well worth keeping it clean and permission based!

  1. Build the trust and truly earn your contacts

    With every challenge comes an opportunity, and GDPR is just that. View the up and coming changes to data legislation as a means to refining your consumer data and ensuring that every one of your prospective contacts wants to be in your ‘gang’." Reconnecting with your database is the most important single consideration in the run-up to GDPR", commented the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR”.

    Here are some great tactics for how to nurture your contacts by permission marketing, from opt-in to incentives. Make your subscribers feel valued and engage them in what you have to say to see a return on ROI.

  1. Refine your email communications

    Serve your subscribers with good quality content, and importantly; the content they signed up for. If your newsletter is designed to educate then make sure you have captured the types of educational, query-based content they will want to consume. Some ideas for content creation can be found here if you need a helping hand, but consider also running a short survey to gather your subscribers' opinions too! A thorough review of your outbound email campaigns should always involve looking at the following areas to make sure your audience are as satisfied as possible:

    1. Branding 

      Do your email campaigns mimic your website’s brand guidelines and tone of voice? An easy one to get wrong but it can be the difference between someone reading on and clicking off your email.

    2. Repetition

      How often are you contacting your subscribers? There’s a fine line between expected regular updates and, plain annoying automated emails which have been triggered for no reason. Campaign Monitor found that over 45% of people flagged mails as spam when they were sent too frequently with 24.2% suggesting that more informative content would improve things. For some pointers on how frequently you should be speaking to your audiences this piece provides you with some useful metrics.

    3. Open rate (OR) and click-through rate (CTR) 

      These two metrics are a good temperature test for monitoring your subject line performance, loading time, content types, layout and email copy to name a few. Measuring a month on month increase or decrease will give you a good indication of list health, but it’s also worthwhile monitoring the average OR and CTR in your industry as a benchmark! Here’s a 2017 benchmark guide for you.

    4. Segmentation 

      Once you are happy that your data is as clean as possible, your nurturing process can begin. Now, because you may be going ‘above and beyond’ your normal communications with subscribers, you shouldn’t be alarmed if you see some unsubscribes occurring. If your campaign content is right moving forward, this should only be a short term issue so think of it as a data detox, but do keep an eye on it.

      There are many ways to segment your data including by user personas, pain points, lifetime of the subscriber or the service or product they came to you for. Whichever you decide to opt for, make sure it fits in line with your overall marketing objectives and the consumers and services or products you deem most valuable. Segmentation will enable you to tailor content specifically to each user group so that consumers gain more useful information and increasingly will interact more with future emails.

    5. Value exchange

      Your sign up and email copy will have a huge part in helping your subscribers understand and ultimately decide if they are getting a fair deal out of their sign up with you. It’s therefore your job as the brand to translate your value proposition so that, “We will regularly deliver cutting edge tactics to you,” or, “We will use your data to make your shopping experience more enjoyable”, just make sure your subscribers ‘get it’ and embrace the opportunity to develop this relationship with your database. Another important factor to consider is the risk you take when you take a subscriber on board, it becomes your job as a keeper of data to protect your subscribers from misuse.

Brands testing data protection laws

Snap Map

App producer Snap, who are recognisably responsible for the App Snapchat, have launched their latest update. The Snap Map enables users to track each other’s movements in real-time which has the option of being shared with no-one, select people or everyone. With almost a quarter of recorded UK Snapchat users being 18-24, how many of the 7.1 million monthly users will really have digested what this exciting new update means for their security and privacy? (source:

Larry Magid of commented via The Guardian that, “Parents need to sit down with their kids and get them to really consider which friends they are sharing with”... “Users should be aware of the feature and review it periodically - if a friend becomes an ex friend for example”.

Snapchat’s response has been one of rose-tinted glasses, but you can kind of see their point. “There’s something really powerful about seeing the diversity, but also the similarity of snaps around the world”. In the world we live in, we are immersed in other people’s day-to-day via other social means such as Instagram Stories and Facebook Live, so why would the Snap Map be any different?


Just last week, Google have had their proverbial ‘wrists slapped’ for scanning personal emails for content that it can intelligently use to shape user experience. The information, according to Google, was to be used to shape ads but have hastened to pause activity following a recent blog post which stated that it would follow suit for its free users.

The use of personal data is almost brushed aside with the promise of more fulfilling services on offer with the ‘G-suite’- Google’s paid for web apps. And in the increasingly heated competition between Google and Amazon for Cloud competitiveness it seems the non paying consumers fall to a lower priority than the ‘safe’ G-suite members.

Some examples of brands doing a great job of getting GDPR practices right can be found in this Econsultancy feature which centres on UX as their weapon for success.

All in all, let’s not forget that if your communications are valuable and relevant to your consumers they will WANT to hear from you. The important part to remember between now and next May is that cleaning up your lists is an opportunity not a chore and should put your brand in a better position when it comes to communications and proving you have permissions in the long run!

Stay in touch with the Zazzle Media family

Sign up for our monthly newsletter and follow us on social media for the latest news.

Our website uses cookies for various purposes and to enhance the site’s functionality. This helps us understand how you use and interact with the website.

Settings Accept Cookies