GDPR: What is it? Does it affect your business? And what to do now...

Words by Steve Baskerville, Caffeine Injection

GDPR. Four letters that are presently striking fear into the hearts of many small business owners; but it needn’t.

First of all… don’t panic! Yes, GDPR does require you to change the way you do some things, but mostly it’s common sense and more a case of adjusting what you already do, opposed to re-inventing the wheel.

What you mustn’t do though is bury your head in the sand.

Of all the things GDPR is going to effect, mailing lists are one of the biggies, with many seeing the impact as hugely damaging. But it doesn’t have to be.

To help guide you through the GDPR mailing list minefield here are five key pointers.

  1. When collecting a person’s data for inclusion on your mailing list, get only what you need and be clear, VERY CLEAR, how you’ll be using it.

The first thing you need to put together is your privacy policy. It needs to include how the data you’re gathering will be stored (securely), how those on the list can inspect the data held on them, how they can have this data removed and how you plan to use it.

Don’t be ambiguous and don’t use technical jargon. If you’re going to use the data to profile and target marketing emails at them, say so. If you plan to send marketing emails on behalf of your trading partners, say so. If you only plan to send them emails about things your own business is doing, say so. In short, be open, honest and upfront about what you’ll be using their data for.

Your privacy policy doesn’t have to be wordy and doesn’t have to sound official. It just needs to be easy to understand.

Once you have your privacy policy, you need to publish it somewhere on your site with a link to it near the mailing list sign-up box. There is no requirement for a consent box to confirm the policy has been read, but there is no harm in adding one if you can.

With regards to your sign-up box, keep it simple and only ask for the data you need, ideally just a name and email address.

  1. Double opt-in. It’s not an option.

In recent months many companies who collect personal data for marketing purposes have been creative in how they plan to ensure those signing up to their mailing list are, firstly, who they say they are (the email address owner), and secondly that they want to be on the list.

The simple fact is, there is only one option for sign-ups: Double opt-in via email confirmation. Yes, you can get cute with the process and water it down, but sooner or later you’re going to land in hot water, so it’s just not worth it.

What is double opt-in via email? You most likely already know, as you’ve most likely already been through the process yourself on other sites, but in case you haven’t, here it is.

First of all, you add your name, email address and any other data the collector wants to a sign-up box on a website. Next, you get an email sent to the email address used with a confirmation link, asking you to click it if you want to be added to the mailing list. Finally, you get redirected to a “success” page, which contains the privacy policy, an unsubscribe box and contact details for the data protection officer.

“No one is going to do that?” You’re now all saying, and you’ll be half right. In tests conducted over the last three months an average of 50% of those who start the sign-up process complete it.

The reasons for non-completion are varied. They might have made a typo in the sign-up box, or they didn’t have access to emails and subsequently forgot, or the confirmation email got spammed. Or any other number of reasons.

Yes, you’re going to lose about half of your sign-ups from the 25th of May onwards, but the chances are, the 50% who failed to complete the process weren’t that interested anyway and would sooner or later have unsubscribed, or marked your newsletters as spam.

Conversely, the 50% who did complete the process are VERY interested, so think about it as quality over quantity.

Which brings us nicely onto the a very thorny issue, and point number three…

  1. Clean your old lists.

The chances are your existing mailing list is made up mainly of email addresses gathered from online purchases or previous single opt-in signups, and it’s highly likely none of these can legally be used beyond GDPR day.

You might be lucky and find your website provider was savvy and instigated a GDPR compliant signup process some time back, but for most you’re going to have to clean your mailing list.

Let’s get this out in the open: Yes, this is going to be a painful process. You are going to lose a considerable number of your carefully curated email addresses. But, harking back to the quality not quantity comment, once you’ve cleaned the list you will have a (much) smaller, but 100% receptive, mailing list.

How to clean your list: It’s pretty simple.

You need to send everyone an email explaining what you’re doing what why. You need to include your new privacy policy and a link that when clicked commences a new double opt-in sign-up process. You should also include an unsubscribe link and tell people if they don’t want to get further emails to click it.

But what if they don’t read this particular email but do want to continue to receive newsletters? Good question. The solution is simple and completely within GDPR.

In the initial email, you put a link to sign up for the new list, and an unsubscribe link to leave the present list, so you’re asking the recipient to do something. If they do nothing it’s reasonable to assume they missed the email, so you’re good to send it again, and again, and again. And, because the email doesn’t contain anything that can be considered marketing, you can keep this up way beyond 25 May.

Obviously, don’t go mad. Don’t send the email daily. Weekly or even monthly is best, and don’t send it indefinitely, give the recipient six months, after which assume they’ve spammed your messages and remove them completely.

In the email, as well as a conformation link, put an unsubscribe link too. If they click the confirmation link, great, they’re on the new list. If they click the unsubscribe link, boo, they are no longer interested in hearing from you. If they do neither, then assume they never read the email.

  1. Using your list

“It’s not about size, but how you use it.”

So you’ve cleaned your list, and you’ve now a fraction of subscribers you once had, but don’t worry, it’s now going to be a lot cheaper to market to them (fewer subscribers means lower distribution costs), plus the pro-rata returns will be much higher.

No matter how big or small your list is you MUST connect to it regularly. Weekly is good, but only if you have a story to tell. Monthly is the minimum.

And don’t just email your list with deals. In fact, NEVER email your list with just deals. Why? Because the harsh realities are your deals are most likely not the best out there. So, if the only message you’re sending out is “look at this deal” and it’s not a killer deal, you’re effectively telling your subscribers you’re 2nd best, and there’s nothing to be gained from that.

Got an event? Mailshot it. Got a new product in? Review and mailshot it. Added a new story or news article to your blog page? Mailshot it. You get the idea!

Leave the constant barrage of “latest deals” to those who use being the cheapest as their USP, instead focus on what you do and why your subscribers need you. Connect with them for reasons other than wanting to extract pound notes from their pockets, and you’ll soon get their attention.

At the footer of every mailshot explain why they’re getting the newsletter and how to stop getting them. If your list is small this doesn’t have to be an automated process, it could be done manually, but make sure you do it. If someone requests to unsubscribe from the list and you forget, expect trouble, an awful lot of trouble.

  1. Building your list.

So now you have a small but receptive mailing list and a good angle on what to include in your newsletters, now it’s time to build that list.

The first and most obvious way to build your list is to add the mentioned subscription box to your site. But don’t stop there. Most mailing list services provide clickable URL for inclusion in emails, for example, which once clicked commences the sign-up process. So get it and add it to the signature of every email your business sends out.

Take that link and use one of the many online generators to turn it into a printable QR code and add that to all printed matter (business cards, flyers, letterheads etc.).

Finally, produce some content for your website, or make an offer, that the user can only get after they’ve signed up to your list.

Now that you’ve read our five top tips you’re either fired up and ready to go, or thinking it’s all too much effort and there’s no point anyway.

But think on this: After GDPR kicks in on 25th May, 2018 the amount of newsletters being sent out is set to plummet. Instead of a constant stream of bike-related news, your subscriber’s inboxes will fall quiet. So there is no better time to get your marketing head on and let your message fill that void.

If all of this sounds too daunting, don’t panic, help is here in the shape of A brand new mailing list service from Caffeine Injection

From list management at only £5 per month to bespoke newsletter services, can help curate your lists and put your message right in front of new and existing customers.

This article originally appeared on Torque's sister site, Cycling Industry News