3 important retail industry GDPR rules you can’t ignore

Joy Ugi Deliverability

Learn about retail industry GDPR rules.

*These retail industry GDPR rules shouldn’t be construed as legal advice. These are marketing tips only. Consult your legal counsel for official direction about GDPR.

There’s a lot of advice out there when it comes to the General Data Protection Regulation (GDPR) passed on May 25 this year. A ton of those recommendations are targeted at the retail industry, which collects an unprecedented amount of information about its current and potential customers

If you’re in the retail industry, you collect, store, and manage data about contacts including shopping history, demographics, age, shopping preferences… and a whole lot more.

Securing this data is most likely top priority at your retail company; however, the GDPR adds another layer of complication. Overall, it makes sure you’re protecting the privacy of your contacts’ information by placing rules around data gathering and management practices.

We’d recommend you implement three of these retail industry GDPR rules right away. By doing so, you’ll be a better email marketer and avoid common mistakes related to this new regulation.

rule #1 – update your subscriber acquisition and communication strategy

Retailers send a boatload of promotional emails, which is why this first GDPR rule is so important.

So how do you make sure you’re staying within proper subscriber acquisition and communication boundaries according to the GDPR?

First, you must abandon all shady subscriber acquisition tactics. This includes pre-checked boxes on forms and adding subscribers to all your lists after they’ve given you their email addresses for contests or promotions. You must also be clear on every form about what type of information you’ll be sending subscribers via promotional emails.

Most importantly, there must be explicit consent from each and every subscriber… and you must store the proof of that consent to back up their opt ins.

You must also be clear about if, when, and how an email address will be used for retargeting purposes. We’ll cover that in more detail in the next rule, but it’s something essential to keep in mind. One way you can make this information clear is by including a link to your updated privacy policy on every form.

The GDPR is uber concerned with an email address and the data attached to it. Your customers and subscribers shouldn’t be surprised when they receive any emails from you. That’s why it’s so important to make it as clear as possible when and how subscribers will be hearing from you via email.

Download the GDPR Checklist!

rule #2 – email marketing confirmations

We don’t have to tell you… the retail industry sends a lot of email. Every transaction has an email tied to the other end of it, confirming the purchase. According to GDPR implementation rules, this is allowed. In the course of regular business, you have permission to send someone an email confirming his or her transaction with you.

That being said, it’s important to understand technically, this counts as monitoring your contacts’ behaviors, which is a big topic of the GDPR.

Our suggestion? It’s laid out in the second of the three retail industry GDPR rules: Play it safe and give your subscribers a heads up you’ll be sending them a confirmation email.

You can do it via your thank you page or a pop-up message once they’ve submitted their information. As always, make sure you’re tracking everything, such as what type of messaging the subscriber agreed to receive and what your confirmation email said at the time of opt in.

rule #3 – be clear about your use of email retargeting

The retail industry relies heavily on website cookies to track visitor behavior and serve potential customers advertising and behavior-based content in email marketing. This website retargeting is a primary topic of the GDPR ruling and the second of the three important retail industry GDPR rules: Gain explicit consent from each and every website visitor in order to retarget them.

There’s a straightforward way to knock this out: a privacy policy.

Get together with your legal team and update the language of your privacy policy to reflect your retargeting initiatives. Make sure each and every website visitor sees this privacy policy by serving it to them on a website popup as soon as they come to your site (and on every website form, per the previous section of this article).

Track and store the language you use in your opt-in to the privacy policy. If visitors ask not to be retargeted, make sure there’s a procedure in place to remove them from this channel automatically.

Website retargeting can be one of the most difficult areas of implementation of GDPR for the retail industry. However, it’s one of the most important rules.

conclusion: retail industry GDPR rules to the rescue

There’s no getting around the fact, as a retailer, you’re going to have to execute strategies to update all your marketing channels to reflect the GDPR.

If you haven’t already taken steps to do so, these three retail industry GDPR rules will start you off on the right track.

And if you need help with implementation, just reach out. Our team has worked hard to add GDPR-friendly features to our platform, and our strategy team has helped many marketers develop a strategy and execution plan for making GDPR changes to their email marketing programs.

Schedule a demo with WhatCounts Email Service Provider (ESP).

Answers almost everything with “for sure,” enjoys craft beer, loves email, and is always good for a grammar pun. Wrangles content for WhatCounts.