Direct Marketing and its Relevance: The 'Opt-in Challenge'

Direct Marketing and its Relevance:

The 'Opt-in Challenge'

Martijn van den Corput (OptInsight) | Tjeerd van der Stroom (OptInsight)

Legal Editor Andre Walter (Baker McKenzie Amsterdam)

How can organizations strengthen their direct marketing activities given the changing privacy legislation? What

has changed for the practice of direct marketing activities since 25 May 2018, the day on which the privacy

legislation, GDPR, came into the effect. How can an organization continue to justify 'direct marketing' in a

changing privacy landscape and increase its relevance (the opt-in challenge)? These are the questions that we

answer in this article.

For the GDPR deadline of 25 May, many organizations have sent emails asking for consent for

the future processing of personal data for direct marketing activities. The purpose of these

requests was usually to still establish consent according to the requirements of the GDPR. In

this context, it is important to know that the way in which organizations can use 'direct marketing'

is laid down in legislation other than the GDPR; namely, national legislation that derives from the

European ePrivacy directive. In the UK, for example, this is laid down in the Privacy and

Electronic Communications Regulations (PECR), and in the Netherlands, in the

Telecommunications Act (anti-spam laws).

Moreover, practice has shown that the way in which many of these emails were sent has not

been very effective, partly because the request for permission was related to too generic

information (for example, being allowed to continue sending newsletters), and did not address

the specific needs and preferences of the recipient. Many organizations have been unable to

make the relevance of their consent requests sufficiently clear. In our view, 'relevance' is the

commercial leverage of the direct marketing challenge.

Direct Marketing

Roughly speaking, you can make a distinction in direct marketing between the front office and

back office activities. In the back office you will find activities such as business analysis,

segmentation, profiling and re-targeting. The front office maintains the relationship with the

customer or prospect.

This article focuses on front office, direct marketing, meaning targeted marketing activities and

communication channels through which contact is made with both prospects and customers with

the aim of establishing and maintaining commercial relations. Examples include newsletters,

email campaigns, targeted website advertisements, telemarketing (e.g., call centers), but also

customer contact at trade fairs and customer visits.

The legal aspect of direct marketing

What has changed since 25 May 2018? The obligations regarding the recording and

demonstration of the lawfulness of processing fall within the scope of the GDPR. Most front

office, direct marketing activities also fall under the anti-spam laws. This also applies to the

statutory supervision of these activities and any resulting fines.

Front Office – ePrivacy is leading

In the front office, we first have to deal with ePrivacy legislation (anti-spam laws) when

information is sent unsolicited to individuals through digital means (e.g., newsletters, email

campaigns, offers).

Active consent (opt-in) is required to be able to send these messages. In some cases there may

be a 'soft opt-in', for example, in the case of offering or providing information about similar

products or services. There is a fine line; if messages are insufficiently related to previously

obtained products or services, then active consent is again required.

Current ePrivacy legislation refers to the GDPR for the definition of 'consent.' However,

enforcement is still covered by anti-spam laws, which means that, for the time being, the

financial risk of fines is still lower than under the GDPR. But, be aware, this is going to change.

For violation of anti-spam laws, 'GDPR-like' fines will be introduced in the future.

A new, harmonized European ePrivacy regulation is in the pipeline that aligns the penalties with the GDPR. It is expected that this regulation

will be adopted by the end of 2019.

The accountability of the GDPR

Based on the GDPR, the accountability principle applies to organizations. An important element

of accountability is determining the preconditions for continuing to communicate with prospects

and customers in a manner compliant within the GDPR. A solution that we offer is the 'opt-in

challenge.' We explain which steps can be taken to achieve this in the rest of the article.

Under the GDPR, organizations must take their accountability for the processing of personal

data. This also applies for all direct marketing activities (as a general rule, personal data will be

processed). A crucial aspect in that respect is the 'lawfulness' of the processing, i.e., determining

the legal grounds for the processing.

One of the legal grounds is 'consent,' subject to stringent requirements. The request for consent

must be formulated, specific and unambiguous, and be in understandable and accessible

language. Consent must be freely given by the data subject and can be withdrawn at any time.

In addition, organizations must at all times be able to demonstrate that consent has been

obtained under these conditions.

The requirements of consent have been tightened under the GDPR and also apply to consent

requests (opt-ins) from the front office. The accountability obligations fall under the stricter

supervisory regime of the GDPR.

Gain insight into personal preferences through relevance

What is a suitable approach for coming into contact (with prospects) and remaining in contact

(with customers) in commercial relationships through direct marketing?

The GDPR emphasizes that the protection of privacy is a fundamental right. Everyone has

the right to the protection of his/her personal privacy. However, the right to protection of

personal data must be considered in relation to its function in society, which also includes the

business sector.

To be commercially successful, companies have to engage with their customers. There are

several ways to engage with customers; certainly, relevance is an essential aspect from the

customer perspective.

In a recent article

, the relationship between consent and direct marketing is discussed in

greater detail. The article mentions, among other things, that if you ask for consent to

communicate, this will increase the relevance of your company, strengthen your brand and

reduce the risk of spam.

Seth Godin also states in his book, Permission Marketing: Turning Strangers Into Friends, And

Friends Into Customers, that direct marketing with consent is a very effective technique for

building strong relationships.

Relevance arises where the message or offer of a company and the perceived value of an

interested party overlap. The image below illustrates what happens next.

What is the relation between relevance and opt-in or opt-out?

Relevance in direct marketing means that the recipient attaches 'value' to the content of the

received message. If value is perceived, the recipient is likely to be interested in receiving further

Lyfemarketing (https://www.lyfemarketing.com/blog/permission-based-email-marketing/)

messages on the same or similar topics. In essence, it is very plausible that the recipient gives

his/her consent on communication about these specific topics and preferences.

In short, when it comes to relevance, the recipient will be more willing to opt-in to continue to

receive specific messages.

The company then obtains insights into the preferences of the recipient and can respond to this

through various communication channels. This creates a powerful customer relationship.

An opt-out also offers the organization relevant insights. An opt-out can be a clear signal that the

need of the recipient does not match the company's offer. At that moment, it is not

recommended that the company keeps approaching this person in the usual way. However, the

company can try to reach this person through other, non-direct channels, such as through social

media campaigns, advertising, or by telephone or mail.

As a company, how can you be relevant yet fulfil

your 'accountability'?

Start the opt-in challenge for sustainably compliant and relevant direct marketing.

The following steps can be taken to mature your privacy standard and, after the new ePrivacy

regulation comes into effect, keep communicating in a compliant way with prospects and

customers.

The opt-in challenge concerns the use of direct marketing with the aim of obtaining and retaining

opt-ins by being relevant, within the framework of the accountability obligation.

It is important to determine who is responsible within your organization for direct marketing

activities and for monitoring compliance with the GDPR and the e-privacy directive. Direct

marketing is a team effort; marketing, technology, the privacy officer, and possibly other

functions, must work well together to implement the next steps.

Direct marketing roadmap

1. Making the current 'consent mechanism' GDPR-proof - i.e.: notification language, pop-

ups and their presentation (specific, unambiguous, freely given, easily accessible, clear

and simple language, etc.) and traceability of the consent process. Determine where and

by whom you want to have it recorded and what evidence is required. Ensure that the

evidence remains up-to-date.

Content

or message

2. Making the 'back office' GDPR-proof - i.e.: comply with all the principles of the GDPR,

including ensuring the lawfulness of the processing of personal data for back office

activities such as business analysis, segmentation, profiling, re- targeting, etc.

3. Develop a consent policy and risk profile of the policy frameworks and requirements

that the organization defines for consent ('opt-in' and 'soft opt-in'), in accordance with the

GDPR, ePrivacy requirements and the commercial marketing strategy.

4. Qualify the current customer and prospect database based on the designed consent

policy. Determine for which customers and prospects the organization has obtained a

lawful opt-in or soft opt-in, and which individuals didn't provide valid consent.

5. Develop a 'consent strategy' to increase the opt-in ratio - it is all about relevance and

accountability. Make explicit use of communication channels that are (partly) not in scope

of the ePrivacy regime to collect consent; for example social media campaigns,

telemarketing, but also physical customer contact at trade fairs and customer visits. This

step is crucial for the success of the 'opt-in challenge.'

6. Roll out the 'consent strategy' to collect and retain more opt-ins. Centralize the

implementation of the opt-in challenge in the organization in an automated way.

Responsibility, relevance and decision-making should be implemented and managed in

one place. Connect with your existing customer communication systems. Take the

organization with you in all the changes.

7. Evaluate & decide - based on the activities you perform to obtain consent and

accountability, you build insights, for example, about the effectiveness of campaigns; the

relevance of information on your website as the effectiveness of visits.

How does the 'Opt-in Challenge' work in practice?

Use case: Meet innovators, a conference organizer

In our use case we look at a large provider of conferences, called Meetinnovators.

Meetinnovators offers conferences in the field of innovation. During these conferences,

companies present innovative ideas or solutions that can inspire other companies to innovate.

Meetinnovators' revenue model is based on connecting decision-makers with larger

organizations and companies that can offer innovative solutions for a specific challenge. Both

the visiting decision-makers and the providers pay a fee to attend a conference.

Meetinnovators has a database of 10,000 people with providers of innovative solutions and

decision-makers at companies. Their aim is to obtain an opt-in from 35% of the group of people

who have not yet given their consent.

Meetinnovators starts with the first step by clearly defining what the consent mechanism looks

like and the language to use.

In this case, it is decided to relate the 'opt-in' to themes that are relevant for congress visitors.

The consent collection will be based of the mechanisms and language determined in step 1. The

privacy officer will have access to an audit trail regarding the 'opt-ins' with which the following

criteria can be monitored; time, employee or channel concerned, purpose limitation (theme),

legal basis. Then, in the next step, Meetinnovators determines which GDPR measures have to

be taken in the back office as a result of profiling and segmentation.

Based on the previous steps, Meetinnovators can determine which legal grounds apply for the

different processing of personal data in front- and back-office direct marketing –'opt-in' (consent)

and 'soft opt-in' (similar products or services) are the grounds for sending direct marketing

messages.

Meetinnovators establishes (soft) opt-in policy rules to determine whether there is consent to

approach customers that already have an agreement. One of the 'soft opt-in' rules is that

relations who bought a ticket last year to attend a conference will be approached in the future for

similar events.

Based on the above policy, Meetinnovators qualifies the 10,000 relationships in its customer-

relationship database (CRM). The CRM system shows that 40% of the contacts fall into the

(soft) opt-in category. From the other 6,000 relations, it is unknown whether they have attended

a conference within the last year. These relationships cannot be categorized as 'soft opt-in' or

'opt-in.'

Among these 6,000 relations, according to marketing and sales experts, there are 3,500

additional people who may be in the target group of Meetinnovators; namely executives and

other decision-makers from larger organizations. In consultation with the privacy officer, it is

checked whether Meetinnovators can justify a legitimate interest to approach these relationships

through other channels (for example, by telephone or via LinkedIn) to still request consent for

direct marketing.

To increase the likelihood of getting an 'opt-in', a number of specific themes are defined on

which decision makers can express their preference and where they may want to be informed

about. As stated above, this request could for example be made in a telephone call.

Meetinnovators defines the following themes to be as relevant as possible for the decision-

maker:

"Would you like to be informed about topics such as ..."

Governing in the

digital world

Privacy as an asset

of your organization

Performance

management in 2025

The effect of robotization

on your formation

Customer-oriented

organization

Strategic opportunities

in ecosystems

Then Meetinnovators asks the decision-maker to give specific and unambiguous consent to

send direct marketing messages about these topics.

Meetinnovators has opted for one central tooling in which both a) an audit trail for the opt-in and

the related burden of proof, and b) the choices and the associated communication can be

shared, as c) combined insights in the field of opt-in and opt outs and the commercial

performance are clear.

Management would like to know how this request and future requests lead to relevance (an opt-

in) and require evidence.

The opt-in challenge will start at 40% (1,400 people) of the persons approached to indicate their

preferences after a telephone conversation. In its consent strategy, Meetinnovators has opted

for a double opt-in, i.e., the opt-in choice is confirmed after both the telephone call and

subsequent confirmation email. The audit trail shows that eventually 1,100 opt-ins have been

added (300 have not answered the confirmation email) and the evidence for valid opt-ins has

been stored.

This is a good start: from 3,500 people of whom almost nothing was known, 1,100 people have

expressed their interest and are now approached on their preferences. This is an important gain

for Meetinnovators: being able to focus on the relationships for which it can be relevant and can

always explain why their personal data is processed.

Because of its success, Meetinnovators decides to use the same application (a mobile app)

during face-to-face meetings to collect opt-ins in similar ways. Next month, their client team will

go to a large conference, where potential customers are present, to explain their proposition.

Here too, the aim is to make relevant contact within the framework of the privacy landscape.

Want to know more about the 'Opt-in Challenge'?

Contact:

Martijn van den Corput

Commercial Advisor

OptInsight

+31 20 214 9676

[email protected]

Andre Walter

Executive Privacy Advisor

Baker McKenzie Amsterdam N.V.

+31 20 551 7941

andre.walter@bakermckenzie.com

the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means

a person who is a partner or equivalent in such a law firm. Similarly, reference to an "office" means an office of any such law firm.

This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.