GDPR – Importance of proof of consent

With the upcoming GDPR high on our radar at the moment, we came across a post on LinkedIn about a well-known confectionary brand sending out an email to its customers about the GDPR, and how it would change the way they made contact.

And it got us thinking.

Just how are companies approaching GDPR with their customers and who are they sending current email campaigns to?

The new regulations regarding collecting and storing data, coming into play this May, means that if you don’t have proof that the person you’re contacting has ‘opted in’ for that communication, you won’t be allowed to send to them. And this seems to be where the biggest problem lies. Consent.

Retailers have so many ways of collecting information from their customers. And because those customers haven’t had to give their consent in the past, showing that they have is proving tricky. The most common way of encouraging email sign up would be on a retailers website, but other methods can include taking emails in store when making a purchase or entering a competition, or even requesting email addresses when dealing with customers over the phone. The problem is, most of these methods make it incredibly hard to prove that you have the individual persons consent to record, use and store their personal information.

We know the complications first hand, having worked with a company who collected email addresses on cards while in store. In return for their details those particular customers were entered into a prize draw. Sounds simple doesn’t it? But behind the scenes these cards were sent to head office, inputted into their CRM and then thrown away – essentially losing any physical evidence that the retailer had the customers consent.

The question we’re hearing more in the run up to May, is that if you’ve had client details for a few years or more, how do you show proof of consent? And if you can’t, does that mean that the data is useless?

Which brings us back to our LinkedIn story. The confectioner decided that the best way to gain consent was to send out a communication to all their current contacts. They explained both the changes and how it affected the way they would be contacting customers in the future – essentially asking for them to opt in for a second time.

Many comments in response to the story claimed they had approached the changes in the wrong way and risked losing a large number of contacts, because they were unlikely to give their consent again, or may miss this interaction and essentially just drop off the list. And yes, they could be right.

But right now, we believe the fact that they have a taken a first step means they’re in a good position for GDPR. Having a clear strategy in place before the regulations come into effect can only be a good thing. And that even if they lose some customer data by sending a communication in this way, they are moving in the right direction and essentially focusing on how to stay ahead of the changes.