It’s important to prioritize customer data privacy and make it a central part of your marketing strategy. At Dotdigital, we know that understanding data privacy can be complex and you may have concerns and questions. That’s why we created this blog to explain the key considerations and best practices you should use. By embracing these practices you’ll build trust with your customers and comply with regulations.

What is data privacy?

In a nutshell, data privacy is the protection, and the fair and transparent use of an individual’s personal information, preferences, and activities. With the rise of online customer data, new measures have been developed to protect personally identifiable information (PII) such as full names, dates of birth, email addresses, financial details, and browsing history. 

How governments and organizations are safeguarding customer data privacy

To tackle the pressing concerns surrounding data collection, governments and organizations across the world are taking action to protect personal information. As a marketer, it’s important to be compliant when collecting data. Consider keeping an eye on these regulations:

General Data Protection Regulation (GDPR)

Data privacy regulations like GDPR have made a big impact on marketing. These regulations aim to give people more control over their personal data and make sure businesses ask for clear permission before getting and using their data. Due to this, digital marketers have had to change how they collect data and update their privacy policies to follow the new regulations.

One big challenge for marketers with GDPR is having to be extra clear about how they collect and use data. Companies have to let people know what they’re doing with their data and give them a choice to say yes or no to having their information collected. This makes it more complicated for marketers to target customers and personalize content, as they need to be sure they have the right permission from people before using their data.

Another key part of GDPR is handling requests for people to see or delete their data. Customers can ask companies to show them the data they have on them and request for it to be deleted if they don’t want it stored anymore. Marketers need to be ready to deal with these requests quickly and properly to follow GDPR regulations.

Emerging privacy legalization in the US

As data privacy evolves globally, the United States has started enacting its own privacy laws. Although the country has yet to implement a comprehensive, nationwide data privacy regulation similar to the European Union’s GDPR, individual states have begun stepping up their efforts to protect their citizens’ privacy.

One of the most prominent examples is the California Consumer Privacy Act (CCPA), which came into effect in January 2020. The law grants Californians more control over their personal information by giving them the right to know what data businesses collect, who they share it with, and if desired, they can delete it. Additionally, the CCPA allows consumers to opt out of selling personal information to third parties.

Several states have looked to California’s lead and are creating privacy legislation. Virginia, for instance, passed the Virginia Consumer Data Protection Act (VCDPA) in March 2021, adding yet another layer of privacy protection for its citizens. Similar to the CCPA, the VCDPA gives Virginians more control over their data, offering transparency, access, deletion, and opt-out rights.

Apple’s privacy-focused updates

Marketers continue to face new challenges with Apple’s privacy-focused updates. The MPP (Mail Privacy Protection) feature, introduced in 2021, serves as one example. MPP uses a bot to open incoming emails as soon as they arrive in the recipient’s inbox. This method saves user privacy by hiding IP addresses and preventing open rates from exposing the recipient’s location or tracking their online activity.

In addition to MPP, Apple’s recent iOS 17 privacy updates add another layer of protection for users. These updates have been implemented to safeguard user data and privacy, making it increasingly difficult for marketers to track and measure engagement through traditional methods. For instance, iOS 17 features Link Tracking Protection, which automatically removes tracking parameters from messages, mail, and links, complicating the process of linking an interaction to a specific user.

Despite these challenges, you don’t need to panic. Link tracking remains a useful tool and metric, with only specific link types for certain user cases being affected. For example, Dotdigital customers are expected to see less than a 1% impact on the data they gather from link tracking. By staying informed and adapting to these changes, you can be an ethical marketer and protect your audience’s privacy.

Best practices for responsible data collection

Customers can feel limited when collecting data. If they don’t consent to data collection, their overall experience will be lessened. However, if you’re open and transparent about what data you want and why you want it, you’ll build a relationship based on honesty and integrity. Here are some ways to be ethical when collecting or using personal data: 

1. Use consent management tools: Don’t leave your customers guessing about the data you’re collecting. Use our consent insight feature at the point of sign-up. With this, you can be transparent about the data you collect, and how it will be used, and offer a fair and easy way for customers to provide (or withhold) their consent.
2. Build a preference center: Show your customers you respect their choices by providing an easily accessible preference center. Let them easily add or remove information, and include it in every email you send. 
3. Include a double opt-in: Double opt-in ensures that marketing lists are accurate and high-quality. Make it a standard for any channel you use and your customer engagement will improve.
4. Offer alternative channels: Different customers have different communication preferences. While some prefer emails, others prefer SMS or WhatsApp. Stick to their preferences by giving them the option to choose their favorite channel to ensure an optimal customer experience. 
5. Communicate the benefits: Help your customers understand how sharing their data can improve their experience with your brand. Are you offering exclusive deals? Tailoring content to their interests? Let them know what’s in it for them, and they’ll share willingly. Transparency is key. 

How to build trust and transparency

Trust is an important part of being a responsible marketer. Trust is no longer just a nice to have, it’s a necessity. Customers are more aware than ever of the potential risks associated with sharing personal information online. By establishing trust with your customers, you can reassure them that their data will be handled responsibly. This not only helps to build a positive reputation for your company but also ensures that customers feel safe and secure when interacting with you. 

Here are ways to build trust and transparency:

1. Collect zero and first-party data: To create trust and show respect for privacy, focus on collecting zero-party data by asking customers to share information via a survey or sign-up form. Also, gather first-party data from your customers’ direct actions, like website visits or social media engagements. 
2. Use data protection tools: Keep customer information safe by using encryption, secure storage systems, two-factor authentication, and safe data transfer methods. This will protect data from breaches. 
3. Educate your team: Get your team involved in a workshop or training so they can understand data privacy rules and best practices for protecting customer information.
4. Appoint a Data Protection Officer (DPO): Have a dedicated person, a DPO, in charge of ensuring your company follows data privacy rules. They will also be the main contact between your company and the official authorities.
5. Regularly check your practices: Review how your company handles data privacy. Look for any weak spots and fix them to keep your practices up-to-date and effective.

Key considerations for marketers

Whether you’re aware of it or not, your data is being collected almost constantly. Regulatory breaches, brands, and buying and selling customers’ data have led to an ethical conundrum for marketers.

To tackle these ethical challenges head-on, consider the following concerns when collecting and using customer data. This will make your decisions more responsible and help maintain the trust of your customers:

1. Privacy invasion: It’s not right to take personal or sensitive information without your customers’ permission.  This could make them uneasy about their privacy and potentially put your brand at risk of legal consequences.
2. Data security: You have a responsibility to protect your customer’s data. Data breaches can lead to financial losses and damage the reputation of both your customers and your business.
3. Informed consent: Your customers should be clearly informed about the information being collected, its intended use, and the reasons for it. Transparency goes a long way in building trust.
4. Data minimization: Keep it simple, focus on collecting only what’s necessary, rather than keeping extra data. This approach reduces risks and shows respect for your customers’ privacy.
5. Unwanted communications: It’s not okay to use customer data to send emails, text messages, or make calls without their permission. Doing this can invade their privacy and might even break privacy laws.
6. Unfair targeting practices: Avoid using personal information like gender, race, or disability to unfairly exclude groups. This can lead to discrimination and unequal treatment.
7. Misuse of data: Hold off on using customer data without permission. These actions are not only unethical but can also break down customer trust. Marketers have a responsibility to make sure any third parties they work with handle data properly.
8. Accuracy of data: Double-check and keep customer data accurate, current, and up-to-date. When you use incorrect information it can lead to a negative customer experience.

By sticking to these guidelines, not only will you reduce risk when collecting data, but you’ll also create an environment where your customers feel valued and respected. When your audience knows their privacy is a top priority, you’ll establish a strong foundation of trust that paves the way for more meaningful and long-lasting relationships. In turn, your marketing efforts will flourish as your customers reward you with their loyalty, positive word-of-mouth, and a genuine appreciation for your brand’s commitment to ethical practices.

Future-proof your marketing with Dotdigital

As a marketer, you should use a marketing platform that values data protection and customer trust is essential. Dotdigital, an ISO 27701-certified customer experience and data platform (CXDP), equips you with the tools to stay ahead of the curve and deliver personalized customer experiences. By using these best practices, you’ll stay compliant with data privacy regulations and grow stronger relationships with your audience.

What’s playing out across the Atlantic in the USA is more of a slow wave than a sudden tsunami, but US businesses are still at risk of being swept away if they leave it last minute to scramble the flood defenses. 

One of the benefits of Dotdigital is we’ve been here before – we’re set up for these legislative changes as a trusted platform that knows how to navigate the waters this type of challenge brings. As you’re reading about what’s to come, remember we’ll keep you updated – we’ve got your back. We’re not your lawyers though – so remember to check with them for any legal advice. 

State legislation: the story so far

California blazed a trail in the USA when the CCPA (California Consumer Privacy Act) went into effect on January 1 2020, granting Californian residents 6 rights that will feel pretty familiar to those of us fluent in GDPR: the right to know what data a company holds on them, the right to request deletion of that data, the right to opt out of sale of that data, making the sale of personal data for consumers under 16 years of age illegal without prior authorization, the right to not be discriminated against for exercising any rights and the right to privately initiate action if their personal data is breached. 

Jan 1 2023 was a busy day. The CPRA (California Privacy Rights Act) amendments to the CCPA came into force, granting a further two rights: the right to amend inaccurate data and the right to say what companies can do with and how much they’re allowed to share sensitive data about Californians. The Virginian VCDPA (Virginia Consumer Data Protection Act) also went into effect for Virginian businesses that meet qualifying criteria.

Just this July, Colorado and my own adopted home state of Connecticut joined the GDPaRty with the CPA (Colorado Privacy Act) and CTDPA (Connecticut Data Privacy Act) respectively coming into effect at the beginning of the month. Colorado has gone further than other states so far by adding the right of portability: to be able to download and move your personal data to another platform.

US EU Adequacy Decision

On July 10 2023, the US EU Adequacy Decision was passed. This means that personal data can flow between the EU and US businesses that comply with a detailed set of privacy obligations – the EU-U.S. Data Privacy Framework. 

This provides safeguarding for personal data about EU citizens from US government intelligence (outside of what is necessary and proportionate for national security). It also preserves rights established by GDPR, such as the right to be able to identify the data controller and how and why data is being collected and processed, and the right to access, correct, and have personal data deleted. Finally, it establishes access to free resolution mechanisms and arbitration if data is handled wrongly.

Where this is going

Utah’s UCPA (Utah Consumer Privacy Act) bill has been signed and is likely to become effective for qualifying businesses at the end of 2023. There are at least 5 more states which are due to have privacy laws come into effect by 2026. And while lobbyists, lawyers, and the FTC are skeptical about federal legislation passing, the writing is on the wall: state by state, more privacy laws are coming.

Targeted advertising is being, well, targeted by existing and upcoming legislation as consumers become increasingly aware of how they’re being tracked and the value of their personal data. Law makers are looking to crack down on the sale and sharing of personal data, including the transfer of data to third parties for monetary or other valuable consideration. The concept of a Universal Opt Out Mechanism (UOOM) – whereby if someone opts out on one device or browser, they’re opted out on all devices and browsers – is well within the realm of possibility.

There’s also increased talk of addressing “dark patterns” within privacy legislation or in separate legislation. A dark pattern is any technique that tries to manipulate people into doing something they would not otherwise have done. Examples include:

• trick or trap subscription programs, also known as negative option subscriptions; are free or cheap when you enroll, but if you don’t cancel then a fee is charged or the price goes up
• disguising advertising as editorial content
• junk or hidden fees
• manipulating people into sharing unnecessary data e.g. misleading people into selecting the highest data-sharing option
• uneven weighting on options; having “accept” or “reject” is evenly weighted, offering “accept” or “manage preferences” would be uneven
• creating a false sense of urgency; fake countdown timers that never hit 00:00, and those products where 99 other people always seem to have this item in their cart

What this means for US businesses 

While the specifics of legislation vary, the themes are the same – and it’s reasonable to expect future legislation to be similar. 

US businesses are going to need to be able to provide data subjects (people they hold personal data about) with ways to:

• find out what data has been collected
• find out why their data is being collected and processed
• obtain a copy of their data
• amend the data held
• restrict or opt out of the selling or sharing of some or all of their personal data with third parties
• restrict or opt out of the use of some or all of their personal data for profiling or targeted advertising
• request processing of their data be stopped
• port their data to another platform
• request the data held to be deleted

Consumers will be able to initiate action against businesses if their personal data is breached or in the case where they’re unable to exercise the above.

US businesses that have a robust opt-in process and where records are kept of explicit consent for data collection and processing are going to be in a much better starting place. In addition to keeping opt-in data, brands that understand what data they collect and process and why, who document their data flows, and who use integrated platforms are going to be better able to fulfill the rights of their contacts and data subjects, as well as more easily implement a UOOM for targeted advertising.

Dark patterns also need to be on your radar; just because something is a common technique in your industry or vertical doesn’t mean that it’s not a dark pattern, and you could be penalized.

How to prepare for the new changes

I love hanging out with our fabulous legal and privacy teams here at Dotdigital, but I understand that talking to your lawyers or DPO might not be your idea of fun. Unfortunately, it’s going to be needed so you can stay on top of the rapidly changing privacy landscape.

If you want to avoid the legal conversations being long ones, then you can always decide to implement best practices when it comes to personal data. Best practices almost always trump the legal minimum. So rather than arduous legalese on what you might be able to get away with, make it a quick conversation where you ask for a review of your best practice plans or implementation to make sure all the boxes are ticked.

 Here’s some homework to do before you go talk legals:

• get familiar with GDPR; the US legislation looks similar, and having an understanding of some of the terminology and framework will help you understand the new laws. We have some great resources in our GDPR advice center to help you get started.
• understand what personal data you are collecting/processing – and why. Ask whether the collection and processing are necessary, ensure you have consent, and map out your data flows to include where storage and processing happen.
• talk to your developers and your vendors’ solutions architects to identify opportunities for integration to improve the flow and oversight of your data. 
• identify any marketing or advertising strategies that include manipulative techniques that could be identified as a dark pattern, and start investigating best practice alternatives.

Dotdigital can help

We’ve seen the writing on the wall and, having held our UK and European customers’ hands a few years back, we’re in a great place to help our US customers adapt to the changing landscape. We’re ISO 27001 certified in Information Security Management Systems, meaning that you can trust us to do our part when it comes to managing your data safely and securely. Our trust center has more details, as well as contact information for our Security Team who are happy to answer questions. 

Dotdigital customers can also leverage our CXDP superpowers, using our many integrations to connect all your customer data. Our solutions consultants are always happy to discuss your needs and how the Dotdigital platform can help you manage your data effectively. Reach out to your CSM or Dotdigital Support so they can put you in touch.

And, as always, our Deliverability Team is here to help advise you on best practices to stay ahead of the legal curve. Just drop an email to support@dotdigital.com and we’ll get back to you.

It gives us enormous pleasure to announce that Dotdigital has retained all three of its ISO certifications after passing eight days of auditing with no non-conformities being raised. Since obtaining our ISO 27001 certification in 2020, we have undergone regular audits. However, this is the first time Alcumus (our external auditors) have assessed all aspects of our three standards (ISO 27001, ISO 14001, and ISO 27701) simultaneously.

Our commitment to ISO standards

Since 2020, Dotdigital has opted to implement 3 ISO standards, underpinning its commitment to the protection of Information, the promotion of sustainability, and positive environmental behaviors. The three standards Dotdigital is certified to are:

• ISO 27001 – Information Security Management 
• ISO 27701 – Privacy Information Management 
• ISO 14001 – Environmental Management 

The global significance of ISO certifications

The International Organisation for Standardization (ISO) is an independent body that sets global standards for safety, security, and quality. As the name suggests, its goal is to define standards for best practices that can be implemented, irrespective of the size, type, or location of an organization. By holding these certifications, we can show global clients and prospects that Dotdigital is the obvious choice for responsible marketers wanting a customer experience and data platform. Not forgetting that we’re also the world’s first carbon-neutral, ISO 14001-certified CXDP.

What is GDPR?

GDPR is a data protection law introduced by the European Union (EU) to safeguard EU citizens’ privacy and personal data. 

Implemented on 25 May 2018, GDPR is a data protection law that ensures individuals have increased control over their personal information. The regulation has also hammered home the importance of transparency in how businesses collect, use, and store user data.

To comply with GDPR, organizations must get permission before using personal and customer data. This can be done by including a consent clause in the terms and conditions during the sign-up process. We’ve seen some hefty fines handed out for GDPR non-compliance and lack of transparency.

Key developments since GDPR

Here are some of the key developments in data protection since GDPR was implemented: 

Increase in data privacy expectations and awareness

GDPR has raised consumer awareness about data privacy and personal data rights. Consumers now demand transparency, accountability, and ethical data practices from organizations, expecting them to handle their personal information responsibly. 

Consumers are no longer willing to compromise their privacy and are more likely to support businesses that align with their values and prioritize data protection. Failure to prioritize data privacy can harm a company’s reputation and reduce consumer trust.

To thrive in today’s data-driven landscape, companies must have a privacy-driven approach and be responsible marketers. This means meeting regulatory responsibilities and putting the customer at the center of everything you do. By managing these expectations, businesses can build lasting customer relationships and gain a competitive edge. 

Data collection and cookies death

GDPR has impacted the digital ecosystem and data collection, especially with the decline of cookie-based tracking. Cookies are small text files that store information about browsing habits and preferences. They can be useful for remembering login details or personalizing online experiences. Now, websites must inform visitors about cookies and seek permission before placing them on devices.

Due to the growing demand for privacy protection, leading companies like Google are responding by phasing out third-party cookies. Essentially the shift in consumer attitudes thanks to GDPR makes old-school cookie-based tracking methods a thing of the past.

National data protection authorities (DPA)

GDPR has brought about notable changes in data protection enforcement in the EU. All EU members have a national data protection authority (DPA). They enforce compliance and handle data breach notifications.

Notably, DPAs have not shied away from imposing substantial fines and penalties on organizations found violating GDPR. These enforcement actions serve as a strong deterrent and send a clear message that non-compliance with data protection regulations will not be tolerated. 

In addition to enforcement efforts, DPAs have also taken a proactive approach by offering guidance and support to organizations. This includes the publication of guidelines, frequently asked questions, and best practice recommendations to assist businesses with GDPR compliance.

Data breach reporting

GDPR has changed the game for data breach reporting. With a strict 72-hour time frame organizations must act swiftly. Organizations are responsible for communicating breaches to their customers if personal data has been compromised. 

Several big companies, such as British Airways, Boots, and the BBC, have suffered cyber security attacks that led to employee personal data exposure. AT&T also experienced a breach in March, affecting 9 million customers. The breach compromised customers’ first names, wireless account numbers, phone numbers, and email addresses.

It has become evident through recent data breaches that companies must clearly outline the nature of the breach. They must address it, and offer advice on safeguarding against future risks.

California Consumer Privacy Act (CCPA)

While reflecting on GDPR, we cannot ignore its undeniable impact on data privacy laws around the world. The CCPA is an example of GDPR’s impact, which took effect on January 1, 2023. The law grants Californian consumers new rights and control over their personal information. The law draws considerable inspiration from GDPR and echoes similar principles aimed at safeguarding user privacy. Even though the law primarily affects businesses in California, it has broader implications across America and around the world.

Brexit

Brexit has significant impacts on data privacy and protection. Post-Brexit, businesses have faced uncertainties and challenges in complying with UK GDPR regulations. The UK GDPR regulations are basically the UK’s version of the European Union’s GDPR but with some differentiations made after Brexit. They’re all about how personal data should be handled, stored, and kept safe in the UK. These rules exist to protect people’s privacy and give them more control over their own personal information. If companies transfer data between the EU and the UK they must comply with both EU GDPR and UK GDPR regulations.

GDPR today—where are we now?

Since its inception, GDPR has reshaped the way organizations handle personal data, impacted businesses, and changed how marketers work.

Social media

In today’s digital age, data privacy and security online are more important than ever. Mishandling sensitive information can have severe consequences, as demonstrated by Meta’s recent GDPR breach. The tech giant received the biggest ever fine of €1.2 billion from Ireland’s Data Protection Commission (DPC) which enforces personal data protection standards. This was for transferring EU users’ data to the United States without proper consent and security measures.

GDPR fines are relevant to each case.

• For severe GDPR violations, an organization may face a fine of up 20 million euros or, in the case of an undertaking, up to 4 % of its total global turnover of the preceding fiscal year, whichever is higher. 
• For less severe violations, an organization an organization may face a fine of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.

The incident serves as a strong reminder that organizations must prioritize data privacy and transparency to comply with GDPR regulations. This ongoing effort by regulatory bodies to protect individuals’ privacy rights in the tech industry highlights the critical need for companies to commit to responsible data-handling practices. Companies should prioritize trust and loyalty.

Meta is not the only social media platform under scrutiny for Data Protection Act (DPA) compliance. Following TikTok’s recent Congress hearing, the company is facing investigations in France, Australia, and other countries for sharing sensitive data about US citizens. In the digital world, data protection is important as even social media platforms are bound by privacy regulations. So, its significance cannot be underestimated.

Artificial intelligence (AI)

AI technology has created unique GDPR compliance challenges. AI organizations must ensure that they have a legal basis for processing personal data and the necessary safeguards are in place. GDPR requires transparency, meaning AI systems must explain automated decisions clearly.

When companies use AI, they must conduct data protection impact assessments (DPIAs) and put in place proper security measures to safeguard personal data from unauthorized access or breaches. The ultimate goal is to strike a balance between AI’s potential and GDPR privacy rights protection.

GDPR impact on marketers

GDPR has impacted marketing through the rise of preference centers. Preference centers allow subscribers to manage their communication preferences, giving them more control over how marketers use their data. Preference centers allow marketers to demonstrate the value to customers of sharing their data, as it results in a more tailored and improved user experience. 

Using customer data in a way that appeals to the customer helps out brands too. It’s no longer about abiding by the law, but also delivering the best experience. GDPR highlighted that the customer data is first and foremost the customers and it’s to be treated with respect. This has in turn enhanced how we as marketers utilize it.

The rollout of Apple’s mail privacy protection (MPP) in 2021 added another layer of consumer protection. MPP works by having a bot open all emails as soon as they arrive in the recipient’s inbox. This helps maintain privacy by hiding IP addresses and preventing open rates from tracking other online activity or determining the recipient’s location.

As open rates are now unreliable, we recommend shifting your reliance on opens, to instead work with clicks, which is something we’ve enabled in our platform with your eRFM model. 

Brands rely less on data and more on building trust and nurturing relationships with customers through improved data practices. In light of data privacy regulations, marketers need to adapt to this shift in approach and find smarter ways to engage their audiences. 

To survive and thrive in this new world of data collection, you must adopt GDPR-friendly strategies like:

Prioritize zero and first-party data

Direct your attention towards gathering actionable insights from user engagement on your platforms. One way to do this is by collecting zero-party data from your website users by requesting their marketing preferences at the initial point of contact. This will enhance the customer experience as they can select what they want to view or avoid. Or you can leverage first-party data to eliminate third-party cookies and ensure compliance with GDPR standards. Both will save you money and time as you won’t have to invest in email marketing campaigns that don’t interest your customers.

Reinforcing contextual targeting

To promote privacy, focus on showing relevant ads or personalized product recommendations to your customers. This way, you can ensure your content matches your users’ browsing behaviors. This helps to build trust with customers, as they know their data is being used responsibly. It also helps to build customer loyalty, as customers are more likely to stay with a company that respects their privacy.

Using consent insight systems

Integrating a consent insight collection tool into your workflow helps you effortlessly manage and track customer consent and preferences. This approach can help you protect your customers’ personal data which is an important part of maintaining GDPR compliance. You can also implement opt-in and opt-out features on your channels. This will allow users to have complete control over their data and how it’s used.

How Dotdigital can help you with GDPR

Our goal is to help you meet your marketing goals, and deliver an exceptional customer experience while complying with GDPR. As a data processor, we have taken steps to ensure compliance with Article 28 of GDPR. At Dotdigital, we prioritize the security of both your data and ours, which is why we consistently review and update our GDPR measures. We’ve put the necessary measures in place to keep your data safe and secure. We can help you be a responsible marketer by:

Technology that meets your needs

At Dotdigital, we understand the importance of your data and how it is managed. As a business accredited with ISO 27001, you can trust us to handle your data securely. We prioritize data protection and have a range of tools in place to make it convenient for you to do the same. Our Data Watchdog is a distinctive feature that monitors any suspicious or hazardous data. With our strict compliance, you can work efficiently with peace of mind.

Contractual commitments

Our partnerships are backed by contractual commitments that encompass strong security standards, comprehensive support, and timely notifications, all aligned with GDPR requirements. You can trust that we prioritize your data’s security and privacy.

Sharing our experience

We gather insights from reputable sources, including data protection authorities and other trusted organizations. By sharing this knowledge, we empower you with the latest information to navigate the GDPR landscape.

Partner with Dotdigital to ensure your data protection practices align with GDPR regulations. This will give you peace of mind and enable you to focus on your business goals. To understand GDPR better, we recommend reading through our FAQ section.

So, what is ISO 27701?

What does being certified to ISO 27701 mean?

What does this mean for dotdigital customers?

And while those strategies will differ by industry, sophistication, segment, and more – responsible marketers have long understood the value of a direct relationship with their customers, and email has long been the cornerstone of direct customer engagement.

Apple’s recent announcements may seem to impact that direct customer engagement, or at least shake things up. But digging deeper, there is much to celebrate as responsible marketers are rewarded for valuing personal data and building customer trust. What’s more, the announcement is a preview of features set to be released in September 2021. We have time to get ready for any big changes.

What has Apple done?

The iOS 15 update brings with it a range of new privacy features, but there are two which will have a direct impact on marketers, and email marketers in particular. These are:

• Mail Privacy Protection provides anonymity to recipients receiving emails on iOS devices by preventing accurate tracking.
• Hide My Email provides recipients the ability to get emails without sharing their real email address with senders.

Why did they do it?

Privacy is important. We all know this. As consumers, we expect this, so we should expect this as marketers too.

In reality, we’ve seen this coming for a long time. Data protection acts around the world have had a big impact on consumers’ understanding of data and their privacy rights.

While they don’t always understand what happens to their data after they hand over their permissions, it’s a brand’s responsibility to keep them in control and informed. Apple’s update is an opportunity for brands to build trust among its users. It’s helping to increase people’s awareness of data and privacy which, while initially troubling for marketers, will yield better results in the future, driving innovation and stronger customer relationships in the future.

What does it mean for you?

We’re yet to know exactly what the impact will be. However, a well-educated guess implies that short term and from a functional perspective some key data points will be impacted for those recipients you send to using iOS15:

• You will not be able to correctly track what time an email was opened
• Location of email opens will be less accurate
• The number of opens will not be an accurate measure of success

But this is nothing to worry about. There has been a flurry of conversations among marketers about the merits of open rates since the announcement. At Dotdigital, this is nothing new. In essence, open rates are a vanity metric. Recipients flicking through their inbox may count as opens when in actuality they haven’t engaged and may have barely even looked at your email. It offers no insight into whether users are engaging with your marketing.

Open rates will still exist in some capacity, and when combined with clicks, purchase information, account log-ins, and replies this will all add up to a more comprehensive view of customer engagement.

More reliable customer engagement

Over the years, marketers have used different engagement metrics to measure the success of their email marketing. Opens, clicks, complaints, inactivity, and purchases are all available to help paint a picture of how emails are performing. Altogether, these metrics can be used to devise a strategy to maximize return and ensure recipients who want to continue to hear from your brand.

Using this holistic approach to measuring customer engagement ensures your customer privacy is respected, while still providing you with the ability to measure the impact of your email marketing.

Consumers do not want personalization at the sake of their privacy.

Consumers want brands to both earn and maintain their trust, that precious direct relationship. Responsible marketers focused on adding value for their consumers and revenue for their companies have long seen this coming and will continue to lean on technology providers able to provide personalization.

What can you do?

So, how can you be ready for the changes? Or, better yet, how can you use these updates to your advantage to build better, stronger relationships with your customers?

Be open, honest, and transparent

This update is an opportunity. Responsible marketers know the importance of honest, transparent practices. To build a loyal customer base, marketers have to be explicit about how they plan to use customer data. This helps build trust, and the more a customer trusts you, the more time and money they’ll invest in your brand.

When Apple’s update comes into effect, you can explain the benefits of a tailored, personalized experience as you collect consent. Shoppers will be more willing to share their data when you adopt an open and honest approach because they trust you to act responsibly with it.

Adjust your success metrics

Open rates aren’t the be-all and end-all. By adjusting your success metrics to consider clicks, conversions, and ROI you will get a better understanding of customer engagement.

As it requires active engagement with your marketing, these metrics offer more insight than most. You can learn more about what makes email subscribers sit up and pay attention than just looking at open rates alone.

Focus on zero-party data

Zero-party data, as defined by Forrester, refers to explicit data a customer intentionally and proactively shares with you. This is how you should be collecting the bulk of your data. Customers can then choose to tell you what they want you to know.

As well as collecting preferences, you should be asking customers to enrich their own data. Overall, this will help you build a stronger one-to-one relationship with your audience, and give you more reliable and valuable data to base your personalization on.

How will Dotdigital help you through?

At Dotdigital, we’re strong advocates of responsible marketing. As a result, we’ve anticipated the needs of our clients and have built a platform full of the tools to help you engage customers efficiently while building trust.

Consent insight

In anticipation of the introduction of GDPR in 2018, we released a whole host of updates to empower marketers and shoppers to have better control of their data.

Consent insight allows marketers to act responsibly when it comes to managing their contact database. It records all the information you need about a contact’s consent including the date and time they signed up to receive your marketing.

Similarly, to enable marketers to process ‘Right to be Forgotten’ requests, we’ve made it simple to delete contact data with ease.

With the approaching update to Apple’s privacy features, consent insight will be able to store the different consent you hold on every customer. Ultimately this will make it easier to segment, target, and personalize your marketing.

Marketing preferences

You can create an unlimited number of marketing preferences giving you endless opportunities to enrich your customer data. Using surveys, forms, and preference centers, you can easily and regularly collect explicit data from your contacts.

By encouraging shoppers to share as much information as possible with you, they’ll be able to craft their own customized journey. The explicit data they hand over to you can be used to create relevant and targeted segments.

Double opt-in

Double opt-in is an automated confirmation email which asks to confirm that they want to receive your marketing. This ensures that you database is full of engaged contacts.

With the changes about to come into effect with the iOS 15 update, having an automated double opt-in process will ensure subscribers are fully informed about what they’re signing up to receive.

Live chat

Live chat is a vital channel to enforce the connection between you and your customers. As a channel, it promotes two-way conversations that can be used to form stronger connections with your audience. Also, like zero-party data, customers have made the first move, reaching out to you, meaning that they’re in control of the relationship.

SMS

SMS is a marketing channel that has never relied on opens to measure success, and with read rates of 98%, its success is undeniable.

In light of the iOS 15 update, brands should be adding SMS to their marketing mix as a necessity. With country-specific templates, we’ve set you up for success. All the right opt-outs for each region are included to ensure you’re able to get your SMS campaigns up and running quickly and responsibly.

iOS 15: game-changer or opportunity in disguise?

Dotdigital, like Apple, believes that privacy is key for consumer confidence. As such, it’s embedded in our culture of long-term growth, alongside security, sustainability, and trust.

While these changes to customer privacy feel like they’re going to make our lives more difficult, it’s important to see what opportunities lie ahead of us. Clean data, fully informed consent, and additional marketing channels are just some benefits this update will bring.

As we learn more about these changes and what they’ll mean for the many email marketers who work with Dotdigital, we’ll be keeping you up-to-date throughout.

What are Standard Contractual Clauses?

What has happened?

• bring the wording of the SCCs in line with the GDPR;
• address the requirements made in the Schrems II decision; and
• broaden the scope of the situations where these data transfers may take place.

Your data and dotdigital