Summary: The transition from “opt-out” to “opt-in” consent will effect the close and delight states of the marketing lifecyle.
My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me.
The GDPR is expected to give organizations and EU citizens a real chance to renegotiate the terms of engagement of their data. Instead of mindlessly accepting terms during the sign-up process, a higher bar will be set for consent and use of personal data. Data subjects need to give “opt-in” consent. As of May 25, organizations will not be able to assume consent by email anymore. Instead, users will have to actively opt-in to receive emails when they sign up.
Article 4(11) of the GDPR outlines what is meant by opt-in consent. Specifically, it states:
“any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed;”
and goes on to clarify the meaning of clear affirmative action in Recital 25:
…Silence, pre-ticked boxes or inactivity should therefore not constitute consent.
Also, consent should be easily withdrawn as stated in Article 7(3):
“The data subject shall have the right to withdraw his or her consent at any time. (…) It shall be as easy to withdraw as to give consent.”
There is a business impact on the need for “opt-in” consent. The regulation is replacing the “opt-out” consent to one in which the data subject actively consents for marketing. Soft opt-ins (such as a pre-ticked box) and silence are forbidden, but Recital 32 does say that: “choosing technical settings for information society services” is acceptable consent by a data subject. These settings would create an obligation and opportunity for organizations to make sure that data subjects have given clear consent for each communication for marketing calls, faxes or texts.
Regulatory frameworks like the GDPR and other policies are necessary but may impinge on marketing efforts. From a technical perspective, user preferences such as the consent to marketing services should contain creative. However, with the GDPR, the unenviable task of data privacy and security often may fall on stakeholders that are known for adherence and not known for adventure, lawyers. Unfortunately, having a GDPR compliant message can hurt the business and marketing efforts of an organization. Subscribing to marketing is the business goal.
An email is an essential tool in lifecycle marketing at the close and delight stages. Marketing email list growth is critical to the success of digital sales and marketing campaigns, so it’s essential to have “opt-in” formats that promote the business and create winning efforts by the organization. However, the fear is that marketing efforts will be stifled. So it should be no surprise that Eric Johnson’s study “Defaults, Framing, Privacy: Why Opting In-Opting Out” tested the results of offering opt-in versus opt-out. The result of this study was that getting valid GDPR consent will halve list growth.
The GDPR will require organizations to 1) obtain re-permission from legacy contacts; 2) obtain clear consent for each communication and; 3) to record consent from data subjects. The GDPR may seem like an onerous regulation but think of the alternative result that Facebook had to deal with, #DeleteFacebook, wherein which users left the social platform. The bright side is that effective consent may well create opportunities for ardent fans of a product to mobilize and create more value while also supporting the mission of the organization.