How to Run a Successful GDPR Re-permissioning Campaign: A Step-by-Step Guide
Freeze. Crash. Groan.
Do you remember the old days of word processing? Where you’d get halfway through a project, or a presentation, and your program would just stop responding.
All your unsaved work—gone. Your headache—throbbing.
That’s what GDPR, and email marketing, have given me ugly flashbacks to.
Don’t get me wrong: GDPR is overwhelmingly a good thing. It’s paving the way for smarter, kinder, more transparent, marketing, and data usage.
But it has some pretty cruel quirks.
One is: it applies to all the personal data you currently process. Not just the data you collect after it’s instate date in May 2018.
That means, the newer, stricter rules of consent gathering; the broader definition of “personal data”—those are the new standards that alllllll your collected data needs to be held up against.
Meaning: if you collected personal data with Google Analytics—that needs to be wiped. If you’re using persistent cookies, those need to be cleared. And if you collected email addresses without first obtaining proper, GDPR-defined, consent—it’s time to start gutting.
The briefest of overviews on consent and personal data:
Personal data now means any piece of information that can identify someone—OR which can be combined with other information (specific to the user, and accessible to the data processor) to identify someone.
So some things that are definitely personal data: name, id number, location data, email, phone, address, IP address, company.
Some things that are almost definitely personal data: zip code, cookie identifiers, “unique IDs” of any kind.
Consent has to be unambiguous and affirmative.
So, in a nutshell:
This is not compliant. It’s bundled email permissions in with another permission.
A pre-checked “I want to receive emails box” is not compliant. It’s implied consent—rather than active consent.
Just collecting an email from a lead magnet, and then using it to send content or offers—not compliant.
Someone attended you webinar and logged in with an email address? Not in-and-of itself compliant.
Want to follow up on a cart abandonment campaign? Ehh….think again.
Introducing, the re-permissioning campaign
No one likes to ask a lot of their prospects.
Mostly because—the bigger the ask, the more persuasive you have to be. The greater the odds that your funnel gets thinner.
Luckily, a re-permissioning campaign doesn’t have to be asking a lot. It just has to be a concerted effort to get your already qualified audience to re-qualify themselves.
So if you obtained someone’s email (or phone number, or any other bit of personally identifiable information) without explicit, affirmative consent—you’ve got a few months to ask nicely, and within the bounds of GDPR, to keep them around.
Here’s how to navigate that ask:
Step 1. Evaluate – Who do I need to Re-Permission?
If you run any sort of inbound marketing strategy—you probably deal with multiple email lists.
For every single one of them, GDPR says, the burden to show “proof of consent” lies on you.
So I’d inventory your contacts, email list by email list, back to their source point. Find where they opted in, and take a close look at what that form looks like (and, any iterations of what it has looked like)
If yes—grab a screenshot, grab a url, store what that permissioning process looks like for that email list, and sigh sweet, sweet relief. That whole group of people can go into the “you’re good” pile.
But if no—select all those names, and throw ‘em on a list (in your email client, in google sheets, etc.) of people you might want to re-permission.
One thing I wouldn’t recommend: throwing everyone who qualifies to be re-permissioned together. You might want to remember what they downloaded, or where they came from, if you want to reach out in a way that’s more personal.
A few other notes:
1. Before you send any unnecessary emails, remember: you might have some contacts on multiple email lists. If they’re on even one, for sure, “I’ve consented” segment—you might want to spare them the extra inbox traffic. If your email client or automation software has the capacity for it—do a contact cross-check before you send a blast out.
2. We’re all a bit guilty of letting our email list grow unchecked. I’d seriously use this as an excuse to evaluate your current list. Before you go through the tireless process of sorting “consented” and “did not consent”—maybe it’s time to whittle out the people who haven’t opened a message from you in years.
Those folks, can report you as spam. Those folk, aren’t going to convert anytime soon. Maybe it’s time to hit them with one last “Do you want to be here email?” and give them a chance to get gone.
Step 2. Decide – how am I reaching these folks?
Here’s the tricky part. Here’s where you have to put your crafty-marketer hat back on.
Because the challenge here is the same as it is with any marketing milestone:
How do you get people to pay attention?
Barring cheap tricks or incessant pestering or a celebrity appearance or a marching band.
The obvious here, for re-soliciting email consent, is an email sequence.
And yes—not “an email.” A drip. A well-written one. With some serious time spent on those subject lines.
Because I don’t know about your email list—but I’d put money on the fact that not one blast goes out with an 100% open rate.
So use your trigger words. Throw: ACTION NEEDED. Or IMPORTANT into that subject line, if it’s on brand. Space out your emails over the weeks. Keep following up with your unopens. Send an “are you sure” to the folks who open, but don’t convert.
Do your email. marketing. due-diligence.
And make the best out of your winning emails.
I know as well as most that the “one email, one call-to-action” conversion rule is sacred.
But if you’re throwing your users a piece of content they might find useful, or a newsletter they’ll enjoy, or a discount they’ll be grateful for—now is the time to remind them of what a good thing they have going.
“PS: Want to keep hearing about discounts like this? We’re updating our data processing policies to be more transparent. Opt back in here to keep receiving emails. No opt-in, no more exclusive deals, coupons, and tips.”
…tacked onto your emails until the GDRP enact-date could do you a world of good.
Phone number, if you’ve got it. Retargeting, if you can muster it.
Fun fact: most people’s phones are less crowded real-estate than their email inboxes.
This means two things:
- Abuse of this more personal contact-space will not be taken lightly.
- A message from you here is harder to miss.
So if you’re somewhere where people actually use and check their SMS messages: now might be the crucial time to send them an opt-in message.
And then there’s social.
Another place where people don’t want to hear from you.
But if you have the budget, and you see regular, solid $$$, conversions from your email list, it might be worth running an ad-campaign to get folks back onboard. You can throw some money behind a reminder post to your followers, in the hopes that audience that follows you on Twitter/Facebook/Instagram/LinkedIn, overlaps with the audience you have in your inbox.
Or you can upload a list of emails—perhaps the “unopens” on your re-permissioning drip?— to a Facebook Custom Audience. This might be a small pool, if your email list is mostly business addresses. But see if you can pick up some of the people who missed your well-crafted email messages, on a different platform.
(PS: if all that sounds like nonsense jargon to you, our friends at Adspresso have a solid breakdown on Custom Audiences here).
Step 3. Woo ‘em once more.
So I’m a sucker for a no-brainer discount.
Offer me 10% off and ask me to tick a box for it and who knows what I might mindlessly sign away.
So if your earnest pleas to your audience to stay on board are falling on deaf ears—decide what that email address is worth to you.
- Does your list convert at such a rate that an extra discount for opting in might be worthwhile?
- What about a content piece, specifically tailored to them?
- A perk, a membership, a closed off group, an audit, a course—but only if they opt-in now?
Because here’s the thing, when you acquired this email the first time—you probably had to pay for it. Maybe with a paid ad, to a landing page, to a lead magnet. Maybe it was with the hours spent laboring on a robust, SEO-boosting, content strategy.
But either way, it was probably, in comparison, expensive.
Getting folks who love you now, or loved you once, to say “I love you” again—has to be cheaper, and more time efficient than wooing a digital stranger.
So if you value your contacts—and don’t want to lose them—now’s the time for the grand gesture.
(Or an extra 5% off clearance items).
Step 4. Cut your losses (and your email list).
All good things must come to an end.
And May 25th, 2018, might be the end of a few good relationships.
But if you’ve done your best to re-permission your contacts…
And you’ve reminded them enough times, that this is goodbye…
You’ll start mid-year with a smaller, but stronger list—filled with people who click your links, and read your blog, buy your stuff, and actually care about what you have to say.
And if you need an extra reminder to rip the bandaid off, and delete those inactive names, here are the GDPR fines for noncompliance:
“Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.”
No email address shy of that to a sovereign king can be worth that.
To sum it up:
GDPR has set a new standard for who you can contact, and what gives you the right to contact them.
And they have gone back to the dawn of time and set that standard to apply to all your currently held data.
It’s a headache. But it’s the start of something good: a stronger email list, a more engaged audience, and a more responsible way to deal with data, in an increasingly data-driven world.