12th Feb 2018 – How to Run a Successful GDPR Re-permissioning Campaign: A Step-by-Step Guide
Mostly because—the bigger the ask, the more persuasive you have to be. The greater the odds that your funnel gets thinner.
If yes—grab a screenshot, grab a url, store what that permissioning process looks like for that email list, and sigh sweet, sweet relief. That whole group of people can go into the “you’re good” pile.
Just collecting an email from a lead magnet, and then using it to send content or offers—not compliant.
But if you’ve done your best to re-permission your contacts…
The obvious here, for re-soliciting email consent, is an email sequence.
It’s a headache. But it’s the start of something good: a stronger email list, a more engaged audience, and a more responsible way to deal with data, in an increasingly data-driven world.
So some things that are definitely personal data: name, id number, location data, email, phone, address, IP address, company.
And make the best out of your winning emails.
A pre-checked “I want to receive emails box” is not compliant. It’s implied consent—rather than active consent.

All good things must come to an end.
Luckily, a re-permissioning campaign doesn’t have to be asking a lot. It just has to be a concerted effort to get your already qualified audience to re-qualify themselves.
That’s what GDPR, and email marketing, have given me ugly flashbacks to.
You’ll start mid-year with a smaller, but stronger list—filled with people who click your links, and read your blog, buy your stuff, and actually care about what you have to say.
(Or an extra 5% off clearance items).

No email address shy of that to a sovereign king can be worth that.

One is: it applies to all the personal data you currently process. Not just the data you collect after it’s instate date in May 2018.
And you’ve reminded them enough times, that this is goodbye…
Those folks, can report you as spam. Those folk, aren’t going to convert anytime soon. Maybe it’s time to hit them with one last “Do you want to be here email?” and give them a chance to get gone.
Because here’s the thing, when you acquired this email the first time—you probably had to pay for it. Maybe with a paid ad, to a landing page, to a lead magnet. Maybe it was with the hours spent laboring on a robust, SEO-boosting, content strategy.
That means, the newer, stricter rules of consent gathering; the broader definition of “personal data”—those are the new standards that alllllll your collected data needs to be held up against.

Introducing, the re-permissioning campaign

One thing I wouldn’t recommend: throwing everyone who qualifies to be re-permissioned together. You might want to remember what they downloaded, or where they came from, if you want to reach out in a way that’s more personal.
GDPR has set a new standard for who you can contact, and what gives you the right to contact them.
Here’s how to navigate that ask:
Freeze. Crash. Groan.
Because I don’t know about your email list—but I’d put money on the fact that not one blast goes out with an 100% open rate.

Step 1. Evaluate – Who do I need to Re-Permission?

Another place where people don’t want to hear from you.
A few other notes:
Because the challenge here is the same as it is with any marketing milestone:
Do your email. marketing. due-diligence.
Or you can upload a list of emails—perhaps the “unopens” on your re-permissioning drip?— to a Facebook Custom Audience. This might be a small pool, if your email list is mostly business addresses. But see if you can pick up some of the people who missed your well-crafted email messages, on a different platform.
So use your trigger words. Throw: ACTION NEEDED. Or IMPORTANT into that subject line, if it’s on brand. Space out your emails over the weeks. Keep following up with your unopens. Send an “are you sure” to the folks who open, but don’t convert.
“PS: Want to keep hearing about discounts like this? We’re updating our data processing policies to be more transparent. Opt back in here to keep receiving emails. No opt-in, no more exclusive deals, coupons, and tips.
Meaning: if you collected personal data with Google Analytics—that needs to be wiped. If you’re using persistent cookies, those need to be cleared. And if you collected email addresses without first obtaining proper, GDPR-defined, consent—it’s time to start gutting.
And yes—not “an email.” A drip. A well-written one. With some serious time spent on those subject lines.
Fun fact: most people’s phones are less crowded real-estate than their email inboxes.
A tasteful…

Step 2. Decide – how am I reaching these folks?

(PS: if all that sounds like nonsense jargon to you, our friends at Adspresso have a solid breakdown on Custom Audiences here).
But if no—select all those names, and throw ‘em on a list (in your email client, in google sheets, etc.) of people you might want to re-permission.
And May 25th, 2018, might be the end of a few good relationships.
This is not compliant. It’s bundled email permissions in with another permission.
Personal Data:
Personal data now means any piece of information that can identify someone—OR which can be combined with other information (specific to the user, and accessible to the data processor) to identify someone.
So I’d inventory your contacts, email list by email list, back to their source point. Find where they opted in, and take a close look at what that form looks like (and, any iterations of what it has looked like)
Consent:
Consent has to be unambiguous and affirmative.
Want to follow up on a cart abandonment campaign? Ehh….think again.
It’s bundled email permissions in with another permission
1. Before you send any unnecessary emails, remember: you might have some contacts on multiple email lists. If they’re on even one, for sure, “I’ve consented” segment—you might want to spare them the extra inbox traffic. If your email client or automation software has the capacity for it—do a contact cross-check before you send a blast out.
So, in a nutshell:
How do you get people to pay attention?
So if your earnest pleas to your audience to stay on board are falling on deaf ears—decide what that email address is worth to you.
Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.”
So if you value your contacts—and don’t want to lose them—now’s the time for the grand gesture.
Getting folks who love you now, or loved you once, to say “I love you” again—has to be cheaper, and more time efficient than wooing a digital stranger.
No one likes to ask a lot of their prospects.
If you run any sort of inbound marketing strategy—you probably deal with multiple email lists.

  • Abuse of this more personal contact-space will not be taken lightly.
  • A message from you here is harder to miss.

Don’t get me wrong: GDPR is overwhelmingly a good thing. It’s paving the way for smarter, kinder, more transparent, marketing, and data usage.
So I’m a sucker for a no-brainer discount.
Yikes.
But it has some pretty cruel quirks.
…tacked onto your emails until the GDRP enact-date could do you a world of good.
Someone attended you webinar and logged in with an email address? Not in-and-of itself compliant.

Step 3. Woo ‘em once more.

And then there’s social.
Good riddance.
Phone number, if you’ve got it. Retargeting, if you can muster it.

  • Does your list convert at such a rate that an extra discount for opting in might be worthwhile?
  • What about a content piece, specifically tailored to them?
  • A perk, a membership, a closed off group, an audit, a course—but only if they opt-in now?

But if you’re throwing your users a piece of content they might find useful, or a newsletter they’ll enjoy, or a discount they’ll be grateful for—now is the time to remind them of what a good thing they have going.
Do you remember the old days of word processing? Where you’d get halfway through a project, or a presentation, and your program would just stop responding.
So if you’re somewhere where people actually use and check their SMS messages: now might be the crucial time to send them an opt-in message.
2. We’re all a bit guilty of letting our email list grow unchecked. I’d seriously use this as an excuse to evaluate your current list. Before you go through the tireless process of sorting “consented” and “did not consent”—maybe it’s time to whittle out the people who haven’t opened a message from you in years.
Some things that are almost definitely personal data: zip code, cookie identifiers, “unique IDs” of any kind.

Step 4. Cut your losses (and your email list).

Does the way it asks consent hold up under GDPR?
I know as well as most that the “one email, one call-to-action” conversion rule is sacred.
But if you have the budget, and you see regular, solid $$$, conversions from your email list, it might be worth running an ad-campaign to get folks back onboard. You can throw some money behind a reminder post to your followers, in the hopes that audience that follows you on Twitter/Facebook/Instagram/LinkedIn, overlaps with the audience you have in your inbox.
Barring cheap tricks or incessant pestering or a celebrity appearance or a marching band.
For every single one of them, GDPR says, the burden to show “proof of consent” lies on you.
So if you obtained someone’s email (or phone number, or any other bit of personally identifiable information) without explicit, affirmative consent—you’ve got a few months to ask nicely, and within the bounds of GDPR, to keep them around.
All your unsaved work—gone. Your headache—throbbing.
But either way, it was probably, in comparison, expensive.
Offer me 10% off and ask me to tick a box for it and who knows what I might mindlessly sign away.
This means two things:

To sum it up:

And if you need an extra reminder to rip the bandaid off, and delete those inactive names, here are the GDPR fines for noncompliance:
Here’s the tricky part. Here’s where you have to put your crafty-marketer hat back on.
And they have gone back to the dawn of time and set that standard to apply to all your currently held data.

Join our GDPR & Eprivacy Facebook Group

Similar Posts