Businesses need to prepare themselves for changes to the ePrivacy Directive in preparation for the forthcoming General Data Protection Regulation (GDPR), set to come into effect on 25th May 2018.

In January, the EU Commission ‘quietly' proposed a new Regulation on Privacy and Electronic Communications to replace the ePrivacy Directive.

The proposed regulation will address the rules of confidentiality of electronic communications, including VoIP (Voice over Internet Protocol), cold calling, third party website tracking, SMS marketing etc. If your business currently collects data to market to, you may have to act differently under new regulations.

The purpose is to increase the rights of individuals when it comes to their data, and, therefore, increase the fines liable to businesses or organisations that breach these individual rights. These fines can be in excess of £10 million for unsolicited marketing messages or security breaches.

  • Article 5 sets out the new rules that businesses will have to comply with:
  • Data must be processed lawfully, transparently and fairly
  • Personal data must be collected for an intended, limited and explicit purpose
  • Data collected must be minimal to include what is necessary to the purpose
  • Data must be up to date and accurate
  • Processing data must have the appropriate level of security
  • The data controller must be responsible and compliant with these principles

"Hard opt-in" is king

If we take SMS marketing as an example, the new regulations will mean that if you wish to market to a consumer you will need to have obtained "freely given, specific, informed and unambiguous" consent from your contacts.

It is simply not enough to just have a customer's mobile number and send an SMS to them if they have previously filled out a contact request on your website. Under new rules, the customers must explicitly state that they are happy to be marketed to by way of SMS via a tick box or other means of agreement to the marketing campaign. This is what is called a "hard opt-in".

How to prepare your business

Preparation is key. Audit the way that your business gathers customer data and think about how to employ hard opt-in permissions.

The experts at Voodoo SMS predict that permission rates for organisations will lower, however, it's not all doom and gloom. Gareth Davies, managing director at Voodoo SMS said: "The silver lining to this is that any data collected after the regulations come into play will be directly targeted to those customers that are interested in your product, service or marketing campaign and, as such, the ROI from an SMS campaign, for example, will be higher than before."

Your business could:

  • Offer something of value - a loyalty scheme offering discounts or updates for your customers may entice a hard opt-in at check-out
  • Competition - a competition is a great way to get people opted-in, just make sure it is very clear that they are signing up to a marketing campaign
  • Transactional - transactional messages, especially via email, are a great way to request customers opt-in to other types of marketing, like SMS
  • Promote your marketing campaign on your website with explicit tick box permission-granters
  • Harness the power of social media to encourage customers to opt-in