GDPR for Business: Is GDPR the End of Outbound Marketing?
Inbound marketing has been nipping at the heels of outbound marketing's interruptive tactics for years. In so many tangible ways, inbound has already surpassed it: for cost, reliability and, most importantly, brand trust.
If you've only heard one thing about the new General Data Protection Regulations (GDPR) since it became law on 25 May 2018, it's probably the fact that businesses are having to significantly adapt dated outbound marketing techniques like cold-calling. Outbound methods rely on the company initiating the conversation rather than the consumer and often this initiation has been done without consent.
This means more and more businesses are turning to the consumer-focused tactics of inbound marketing, which raises one simple question:
Is Outbound Marketing Dead?
To answer this, we're going to examine whether there is a compliant and cost-efficient GDPR outbound practice still available in this new GDPR world.
In this instalment of our GDPR Business series, we investigate three central pillars of GDPR and examine how they are impacting the relationship between outbound and inbound marketing tactics.
The Lawful Basis for Processing
The primary focus of the new regulation from Brussels concerns the rights of the individual. That means it’s the right of the consumer to be protected, to opt in or opt out, and even to explicitly ask data controllers and processors to forget about them.
As a result, companies need to recognise and choose the correct lawful basis for processing the data of individuals and companies within the EU. So, what are the different lawful basis for processing data?
1. Explicit Consent - the data subject has given their explicit consent to the processing of data
2. Contractual Basis - the processing is necessary for the performance of a contract
3. Legitimate Interest - the processing is necessary for the legitimate interest pursued by the data controller
4. Vital Interests - the processing is necessary to protect the vital interests of the data subject
5. Public Interest - the processing is necessary for the performance of a task carried out in the public interest
6. Legal Interest - the processing is necessary for compliance with a legal obligation
For most businesses, especially those dealing with consumer data, they may choose to rely on explicit consent as the lawful basis for processing data. So, let's look at this in more detail...
The Impact of Consent
Outbound marketing has long been the home of direct marketing and data purchase lists. In effect, cold calling has been allowed to thrive under the jurisdiction of the Data Protection Act, a UK-only regulation that has now been replaced by GDPR.
A simple illustration of why outbound marketing is outdated lies with purchased data lists. The advent of GDPR has presented a rapidly closing window for the viability of this intrusively collected contact information. That’s because these contacts often haven’t actively opted-in to any communication from your company and so have not provided consented to a specific contact method. Instead, they may have accidentally agreed to a general marketing consent. Under GDPR this is not sufficient to constitute explicit consent as a lawful reason for processing the data.
As well as complying with GDPR for the lawful basis of processing data businesses also need to comply with the rules under the PECR (Privacy & Electronic Communications Regulations) when making marketing calls, emails and texts to consumers and businesses.
Under PECR, consumers and businesses are treated differently (complicated we know!). Essentially, consumers must have given specific consent for emails or texts to be sent to them and must be able to opt out of emails, texts and calls. So, for consumers, consent can be needed twice - under GDPR for the lawful basis for processing and under PECR for communicating via calls, emails and texts. Even if a company does not use explicit consent as the lawful basis under GDPR (and selects another option) for holding consumer data then consent will still be needed under PECR for communicating to them.
All this can be pretty difficult to understand, as well as costly to implement, track and monitor - so it's no wonder that some estimates suggest that up to 80% of businesses have still not managed to become GDPR compliant.
If you need some further information on the GDPR rules and how this applies to your marketing join the 100's of other businesses who have downloaded our free GDPR Toolkit for Businesses.
So, What's Changed?
GDPR is quite clear on what constitutes consent and this is where the regulations diverge from the old Data Protection Act. Under GDPR, explicit consent must be: given freely (with a positive opt-in); be clear and concise; be separate from terms and conditions; and not be mandatory.
Wave goodbye to outbound tactics such as forced checkboxes, consenting to generalised 'marketing', and telesales agents relying on speaking to you based on you completing some forgotten survey.
By contrast, inbound marketing has always been on the right side of these regulations. Inbound marketing, by its very nature, means consumers or businesses freely coming to your business for content or services. Done correctly, inbound marketing will allow you to collect consumer and business data with consent to both process and communicate.
In order for outbound marketers to comply with the regulations, it is reasonable to assume that the costs of gathering this consent are going to significantly increase. It is also difficult to envisage such a tough consent process that does not rely on some form of inbound marketing in the first place to acquire that data.
As such, it's going to be interesting to see how outbound marketers can respond to the challenge of collecting and evidencing the new consent thresholds. Time will tell how strictly the ICO enforce these new regulations and the cold-callers are the first in the crosshair for the increased fines and penalties.
Why GDPR Impacts ALL Marketing
On the whole, both inbound and outbound approaches to marketing are affected profoundly by both the GDPR and the PECR. However, for outbound, the required changes to the business model are greater and more significant. Lists of consumer data and relying on non-specific consent are no longer viable in their current forms and haven't been since May 2018.
To do outbound effectively going forward, you will need to precede it with inbound marketing tactics to obtain the relevant consent in the first place.
Don’t misunderstand - you can still collect data; you just need to sharpen your mechanisms to control and process it. Many companies who rely solely on inbound marketing are still going to have to review their processes to ensure compliance with GDPR. That said, the changes to inbound are much less onerous, both in terms of process and costs.
Is This the End of Outbound Marketing?
Where there is a will, there is a way. So, we don’t expect outbound marketing to disappear overnight. While we believe in inbound, it would be silly to rule out outbound marketing tactics altogether.
As long as direct marketers change their philosophy and find effective ways to comply with the new regulation, outbound can still exist. However, for proponents of inbound marketing, like ourselves, we view GDPR as an opportunity and not a restriction.
As for what your business can do now GDPR is here, take the first steps to compliance by downloading our free GDPR Toolkit for Business today.
Prefer to speak to a member of our team? Click here to book a FREE Marketing Assessment to find out how you can grow your business post GDPR.