|Guest blog by:Paul Dawson-Hart, Member360|
Over the last few months my advice on this tricky topic has been to adopt a ‘wait and see’ approach and avoid any irreversible action until the ICO releases final guidance on consent – scheduled for the end of July 2017. Actions that is, such as Weatherspoon’s decision to delete their entire email mailing list last month. It is rumoured they decided their email channel just wasn’t worth the risk of dubious consent and the risks of trying to re-permission it. The last post to their happy patrons:
“Our database of customers’ email addresses, including yours, will be deleted.”
It was therefore disappointing to learn that the ICO guidance has now been delayed – until December 2017!
The ICO quote:
“We’re currently waiting for the EU Article 29 Working Party to release its consent guidance. Once this has happened, our guidance will follow”
As we can’t reasonably wait to December 2017, here’s some initial advice:
Firstly, membership Organisations should consider adopting a risk-based approach and starting the process of segmenting membership data and communications via a risk matrix. A task made easier for our sector as a number of communication types are likely to avoid the need for consent as the lawful basis for processing, instead, either fulfilling the membership contract, or our legitimate interests e.g. AGM updates/Professional Training/Latest Sector news – all subjects that a member would reasonably expect communications around.
1) What’s the best way to refresh consent?
Whilst email is the most obvious and cost effective communication channel; several recent surveys show that people feel more valued when they receive mail rather than digital communication. Given the importance (and indeed difficulty) of gaining permission from members, the effectiveness of spam filters and the bear traps of emails under the Privacy & Electronic Communication Regulation (PECR); then a decision to place mail at the core of your repermissioning strategy may prove a wise one! Consider a high quality personalised post card that can be easily posted back? Whatever you decide, this is one of the most important communications you’ll send so ensure it makes your member feel valued and appreciate the importance of their response.
2) At the time you collected the member data, did you request marketing preferences?
If at first contact you provided marketing preferences and members chose not to opt-in, or actively opted-out, then why are you contacting them? They’ve already told you they don’t want marketing –see point 4 for email marketing.
3) If you have concerns around the personal data you hold for direct marketing purposes, then repermissioning may not be your solution.
If the personal data is of prospective members where did you obtain it? How has it arrived on your marketing systems? Should you even have this data? Appraise the risk robustly and the likelihood you could be opening a can of worms.
4) If you do not currently hold consent for email marketing, then sending an email seeking to repermission may in itself be a breach. It’s still a marketing email.
Consent to send direct email marketing should have been requested at the point of collection. If you didn’t have the opportunity (data came from a third party or the data wasn’t intended to be used for marketing purposes) then consider appraising your data collection methods rather than repermissioning. If members have opted out and you attempt to re-permission, then you’re in FlyBe and Honda territory – look up the enforcement notices under PECR here.
5) How clean and up-to-date is your member data?
Ensure your membership contact data is refreshed and accurate. Consider undertaking a data cleanse and refresh campaign prior to repermissioning to weed out duplicates, check gone-aways and inconsistent or incomplete data.
Good luck and for more information and guidance on GDPR and solutions and services focused on the membership sector feel free to contact me on Paul@member360.co.uk