Recently, my company completed research on the topic of data compliance to examine how IT and marketing decision makers around the world are handling the most common data privacy and compliance challenges. We did this because this year marked the third anniversary of the EU’s General Data Protection Regulation (GDPR) and because of the recent increase in data awareness among consumers. In addition, there has also been a widespread increase in new state-specific privacy regulations in the United States, such as the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (CDPA), for no. name just two.
Without a doubt, the driving force behind these laws is that consumer data is a valuable resource for businesses, but nearly a decade of constant data breaches has caused most consumers to become cautious about sharing their personal information. . Organizations want at least some regulation when it comes to permissions for what they share.
The data revealed that many companies still struggle to understand and comply with local data protection laws and regulations. It also translates into vulnerable consumers. Responses from 1,000 professionals revealed that 62.4% of businesses are still not âfully compliantâ with data regulations to which they are subject, including GDPR, CCPA, and Virginia CDPA. Over 61% of respondents said they have processed data from the EU, which requires GDPR compliance. A smaller number of respondents processed data from the UK (21.9%), California (21.1%) and Virginia (17.2%).
A bit annoying is that almost a quarter (24.4%) of those surveyed were unsure which data regulations apply to the business, indicating a lack of understanding of the laws that apply to the business. the location where the business operates, as well as any laws to which its customers may be subject. subject to.
More importantly, almost half (44.7%) of businesses had to add or modify marketing technology to comply with applicable data regulations; and some companies report spending $ 10,000 or more each year to stay compliant with data regulations. That’s not a trivial cost of operation – and, given the speed at which privacy laws and regulations continue to evolve, it could easily increase costs year on year. So what can businesses do to ensure compliance, while controlling spend and improving the customer experience? Regardless of geography, company size, or budget, I share four pro tips to help email marketers achieve data compliance success.
Pro tip 1: allow compliance frameworks to guide consent methods
First and foremost, what helps marketers comply with data is making sure they always get consent before adding someone to a mailing list. Whether through a single registration process or (even better) a dual registration process, marketers should use practices for clear consent.
There are a few methods of obtaining consent, but not all are sufficient under current compliance regulations. For example, a soft opt-in is not considered explicit consent under the GDPR. Flexible opt-in is a form of temporary consent given by individuals when collecting email details. No matter how engaged individuals are in a brand’s marketing communications, consent should be requested in explicit language. In the end, if the person didn’t say “yes”, it means “no”. Additionally, a new explicit permission must be obtained before email marketing campaigns are sent to legacy contacts. The exception is if merchants have kept a record of prior consent to receive communications from the brand or organizations.
This, of course, leads to the important aspect of compliance which is to store data securely and keep a record of how express consent was obtained. It is about who gave the consent, when the consent was given (such as date and time) and the express purpose of the consent. Unless accompanied by a screenshot of a consent form, any record of the IP address, or location and time the consent form was submitted would be considered insufficient. Therefore, email confirmation may be required. Finally, it should always be simple and easy for consumers to withdraw, modify or revoke their consent at any time.
Pro tip 2: prioritize business reputation and customer safety
Since most respondents were based in EMEA (65.4%) and North America (21.7%), almost all organizations in the study were subject to GDPR, CCPA and / or to the CAN-SPAM law. And it revealed a small but bright spot in privacy and compliance challenges: EMEA businesses are closer to full compliance compared to North American businesses. While the number of fully compliant organizations in the EMEA region and North America is quite similar, there are more companies in the EMEA region that are said to be âmostlyâ compliant.
Before we get too excited about these numbers, I must point out the serious business consequences that failure to comply with data privacy laws can have. It puts data security, business success and corporate reputation at risk. As a result, companies cannot afford to simply stay ânear compliantâ. A rule of thumb to follow is that if a business processes personal data, regardless of where it is based, complying with data privacy laws is not a choice.
Any type of non-compliance with data privacy laws affects customer data security, business success and reputation, or worse, exposes the company to legal action or penalties. Using compliant tools and solutions provides businesses with simple and effective ways to achieve full compliance. It also allows IT and marketing decision makers to operate with greater certainty.
Pro tip 3: invest in a technology stack that also protects data
Unfortunately, complying with data regulations doesn’t just happen at the snap of a finger. For starters, businesses may need to change the way they collect and use personal data. Businesses may need to review existing data collection and retention processes and examine the technology stack to determine where improvements are needed. They may also consult with third-party vendors to purchase a different solution.
In fact, the tech stack was a sticking point for some of the survey respondents – when asked, 44.7% said their companies had made changes, due to compliance concerns. Most businesses spent less than $ 1,000, but a portion (5.9%) spent up to $ 10,000 or more.
These changes are undeniably important, especially in the messaging space. Email Service Providers (ESPs) and various validation tools handle massive amounts of customer data, and keeping data secure and, as discussed earlier, avoiding the costs of non-compliance is crucial.
One thing you should also be careful of when working on compliance is to choose vendors who also prioritize compliance. Companies are also responsible for the use and protection of customer data by third parties. To achieve full compliance, companies must ensure that all contractors in the equation comply with all relevant data protection regulations and provide the highest level of privacy and security.
Pro tip 4: get your global privacy priorities in order
We have explained how avoiding the legal and financial consequences of non-compliance can maintain customer confidence. There is no shortcut to getting the job of protecting customer data, but it is worth it. As our research revealed, only a minority of companies surveyed comply with applicable data privacy laws. It’s also interesting to see how different regions deal with data privacy. Overall, 76.7% of respondents said the EU seems more privacy-conscious than North America. While even North Americans generally agreed with this sentiment, it was more prevalent in the EMEA region. The data echoed respondents’ hypothesis: over 50% of respondents in North America were unsure which data protection laws applied to their businesses, but in the EMEA region that number fell. at only 12%.
The results are clear that there is a little more room for improvement here. The harsh reality is that regardless of local attitudes, data privacy affects everyone equally. So, no matter where in the world you do business, privacy should be a top priority.