Security & privacy – Dotdigital https://dotdigital.com Thu, 23 May 2024 14:52:12 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://mkr1en1mksitesap.blob.core.windows.net/staging/2021/11/favicon-61950c71180a3.png Security & privacy – Dotdigital https://dotdigital.com 32 32 Data privacy in marketing: best practices and key considerations for marketers https://dotdigital.com/blog/data-privacy-in-marketing-best-practices-key-considerations/ Tue, 29 Aug 2023 09:43:49 +0000 https://dotdigital.com/?p=60260 Data privacy is a necessity in marketing. This is because as a marketer, you’re collecting data as customers interact with your brand. And now with so much online, there’s more data at your fingertips than you could have imagined before. Emphasizing customer data privacy and integrating it into your marketing strategy can foster trust with your audience while keeping you compliant. 

It’s important to prioritize customer data privacy and make it a central part of your marketing strategy. At Dotdigital, we know that understanding data privacy can be complex and you may have concerns and questions. That’s why we created this blog to explain the key considerations and best practices you should use. By embracing these practices you’ll build trust with your customers and comply with regulations.

What is data privacy?

In a nutshell, data privacy is the protection, and the fair and transparent use of an individual’s personal information, preferences, and activities. With the rise of online customer data, new measures have been developed to protect personally identifiable information (PII) such as full names, dates of birth, email addresses, financial details, and browsing history. 

How governments and organizations are safeguarding customer data privacy

To tackle the pressing concerns surrounding data collection, governments and organizations across the world are taking action to protect personal information. As a marketer, it’s important to be compliant when collecting data. Consider keeping an eye on these regulations:

General Data Protection Regulation (GDPR)

Data privacy regulations like GDPR have made a big impact on marketing. These regulations aim to give people more control over their personal data and make sure businesses ask for clear permission before getting and using their data. Due to this, digital marketers have had to change how they collect data and update their privacy policies to follow the new regulations.

One big challenge for marketers with GDPR is having to be extra clear about how they collect and use data. Companies have to let people know what they’re doing with their data and give them a choice to say yes or no to having their information collected. This makes it more complicated for marketers to target customers and personalize content, as they need to be sure they have the right permission from people before using their data.

Another key part of GDPR is handling requests for people to see or delete their data. Customers can ask companies to show them the data they have on them and request for it to be deleted if they don’t want it stored anymore. Marketers need to be ready to deal with these requests quickly and properly to follow GDPR regulations.

Emerging privacy legalization in the US

As data privacy evolves globally, the United States has started enacting its own privacy laws. Although the country has yet to implement a comprehensive, nationwide data privacy regulation similar to the European Union’s GDPR, individual states have begun stepping up their efforts to protect their citizens’ privacy.

One of the most prominent examples is the California Consumer Privacy Act (CCPA), which came into effect in January 2020. The law grants Californians more control over their personal information by giving them the right to know what data businesses collect, who they share it with, and if desired, they can delete it. Additionally, the CCPA allows consumers to opt out of selling personal information to third parties.

Several states have looked to California’s lead and are creating privacy legislation. Virginia, for instance, passed the Virginia Consumer Data Protection Act (VCDPA) in March 2021, adding yet another layer of privacy protection for its citizens. Similar to the CCPA, the VCDPA gives Virginians more control over their data, offering transparency, access, deletion, and opt-out rights.

Apple’s privacy-focused updates

Marketers continue to face new challenges with Apple’s privacy-focused updates. The MPP (Mail Privacy Protection) feature, introduced in 2021, serves as one example. MPP uses a bot to open incoming emails as soon as they arrive in the recipient’s inbox. This method saves user privacy by hiding IP addresses and preventing open rates from exposing the recipient’s location or tracking their online activity.

In addition to MPP, Apple’s recent iOS 17 privacy updates add another layer of protection for users. These updates have been implemented to safeguard user data and privacy, making it increasingly difficult for marketers to track and measure engagement through traditional methods. For instance, iOS 17 features Link Tracking Protection, which automatically removes tracking parameters from messages, mail, and links, complicating the process of linking an interaction to a specific user.

Despite these challenges, you don’t need to panic. Link tracking remains a useful tool and metric, with only specific link types for certain user cases being affected. For example, Dotdigital customers are expected to see less than a 1% impact on the data they gather from link tracking. By staying informed and adapting to these changes, you can be an ethical marketer and protect your audience’s privacy.

Best practices for responsible data collection

Customers can feel limited when collecting data. If they don’t consent to data collection, their overall experience will be lessened. However, if you’re open and transparent about what data you want and why you want it, you’ll build a relationship based on honesty and integrity. Here are some ways to be ethical when collecting or using personal data: 

  1. Use consent management tools: Don’t leave your customers guessing about the data you’re collecting. Use our consent insight feature at the point of sign-up. With this, you can be transparent about the data you collect, and how it will be used, and offer a fair and easy way for customers to provide (or withhold) their consent.
  2. Build a preference center: Show your customers you respect their choices by providing an easily accessible preference center. Let them easily add or remove information, and include it in every email you send. 
  3. Include a double opt-in: Double opt-in ensures that marketing lists are accurate and high-quality. Make it a standard for any channel you use and your customer engagement will improve.
  4. Offer alternative channels: Different customers have different communication preferences. While some prefer emails, others prefer SMS or WhatsApp. Stick to their preferences by giving them the option to choose their favorite channel to ensure an optimal customer experience. 
  5. Communicate the benefits: Help your customers understand how sharing their data can improve their experience with your brand. Are you offering exclusive deals? Tailoring content to their interests? Let them know what’s in it for them, and they’ll share willingly. Transparency is key. 

How to build trust and transparency

Trust is an important part of being a responsible marketer. Trust is no longer just a nice to have, it’s a necessity. Customers are more aware than ever of the potential risks associated with sharing personal information online. By establishing trust with your customers, you can reassure them that their data will be handled responsibly. This not only helps to build a positive reputation for your company but also ensures that customers feel safe and secure when interacting with you. 

Here are ways to build trust and transparency:

  1. Collect zero and first-party data: To create trust and show respect for privacy, focus on collecting zero-party data by asking customers to share information via a survey or sign-up form. Also, gather first-party data from your customers’ direct actions, like website visits or social media engagements. 
  2. Use data protection tools: Keep customer information safe by using encryption, secure storage systems, two-factor authentication, and safe data transfer methods. This will protect data from breaches. 
  3. Educate your team: Get your team involved in a workshop or training so they can understand data privacy rules and best practices for protecting customer information.
  4. Appoint a Data Protection Officer (DPO): Have a dedicated person, a DPO, in charge of ensuring your company follows data privacy rules. They will also be the main contact between your company and the official authorities.
  5. Regularly check your practices: Review how your company handles data privacy. Look for any weak spots and fix them to keep your practices up-to-date and effective.

Key considerations for marketers

Whether you’re aware of it or not, your data is being collected almost constantly. Regulatory breaches, brands, and buying and selling customers’ data have led to an ethical conundrum for marketers.

To tackle these ethical challenges head-on, consider the following concerns when collecting and using customer data. This will make your decisions more responsible and help maintain the trust of your customers:

  1. Privacy invasion: It’s not right to take personal or sensitive information without your customers’ permission.  This could make them uneasy about their privacy and potentially put your brand at risk of legal consequences.
  2. Data security: You have a responsibility to protect your customer’s data. Data breaches can lead to financial losses and damage the reputation of both your customers and your business.
  3. Informed consent: Your customers should be clearly informed about the information being collected, its intended use, and the reasons for it. Transparency goes a long way in building trust.
  4. Data minimization: Keep it simple, focus on collecting only what’s necessary, rather than keeping extra data. This approach reduces risks and shows respect for your customers’ privacy.
  5. Unwanted communications: It’s not okay to use customer data to send emails, text messages, or make calls without their permission. Doing this can invade their privacy and might even break privacy laws.
  6. Unfair targeting practices: Avoid using personal information like gender, race, or disability to unfairly exclude groups. This can lead to discrimination and unequal treatment.
  7. Misuse of data: Hold off on using customer data without permission. These actions are not only unethical but can also break down customer trust. Marketers have a responsibility to make sure any third parties they work with handle data properly.
  8. Accuracy of data: Double-check and keep customer data accurate, current, and up-to-date. When you use incorrect information it can lead to a negative customer experience.

By sticking to these guidelines, not only will you reduce risk when collecting data, but you’ll also create an environment where your customers feel valued and respected. When your audience knows their privacy is a top priority, you’ll establish a strong foundation of trust that paves the way for more meaningful and long-lasting relationships. In turn, your marketing efforts will flourish as your customers reward you with their loyalty, positive word-of-mouth, and a genuine appreciation for your brand’s commitment to ethical practices.

Future-proof your marketing with Dotdigital

As a marketer, you should use a marketing platform that values data protection and customer trust is essential. Dotdigital, an ISO 27701-certified customer experience and data platform (CXDP), equips you with the tools to stay ahead of the curve and deliver personalized customer experiences. By using these best practices, you’ll stay compliant with data privacy regulations and grow stronger relationships with your audience.

]]>
Watch out America, GDPR is coming for you https://dotdigital.com/blog/watch-out-america-gdpr-is-coming-for-you/ Thu, 17 Aug 2023 08:00:00 +0000 https://dotdigital.com/?p=59536 Back in 2018, I watched (in mild horror) as UK and European businesses scrambled at the last second to become compliant with the General Data Protection Regulation (GDPR). The law came into force on May 25 – a day I still refer to as the GDPRpocalypse. I saw recipient inboxes inundated with last-minute privacy policy update emails – the team and I spent weeks and months working with brands to help them get back out of the spam folder after the reputation damage – and overworked developers battling with bugs in last-minute spit-and-duct-tape integrations.

What’s playing out across the Atlantic in the USA is more of a slow wave than a sudden tsunami, but US businesses are still at risk of being swept away if they leave it last minute to scramble the flood defenses. 

One of the benefits of Dotdigital is we’ve been here before – we’re set up for these legislative changes as a trusted platform that knows how to navigate the waters this type of challenge brings. As you’re reading about what’s to come, remember we’ll keep you updated – we’ve got your back. We’re not your lawyers though – so remember to check with them for any legal advice. 

State legislation: the story so far

California blazed a trail in the USA when the CCPA (California Consumer Privacy Act) went into effect on January 1 2020, granting Californian residents 6 rights that will feel pretty familiar to those of us fluent in GDPR: the right to know what data a company holds on them, the right to request deletion of that data, the right to opt out of sale of that data, making the sale of personal data for consumers under 16 years of age illegal without prior authorization, the right to not be discriminated against for exercising any rights and the right to privately initiate action if their personal data is breached. 

Jan 1 2023 was a busy day. The CPRA (California Privacy Rights Act) amendments to the CCPA came into force, granting a further two rights: the right to amend inaccurate data and the right to say what companies can do with and how much they’re allowed to share sensitive data about Californians. The Virginian VCDPA (Virginia Consumer Data Protection Act) also went into effect for Virginian businesses that meet qualifying criteria.

Just this July, Colorado and my own adopted home state of Connecticut joined the GDPaRty with the CPA (Colorado Privacy Act) and CTDPA (Connecticut Data Privacy Act) respectively coming into effect at the beginning of the month. Colorado has gone further than other states so far by adding the right of portability: to be able to download and move your personal data to another platform.

US EU Adequacy Decision

On July 10 2023, the US EU Adequacy Decision was passed. This means that personal data can flow between the EU and US businesses that comply with a detailed set of privacy obligations – the EU-U.S. Data Privacy Framework. 

This provides safeguarding for personal data about EU citizens from US government intelligence (outside of what is necessary and proportionate for national security). It also preserves rights established by GDPR, such as the right to be able to identify the data controller and how and why data is being collected and processed, and the right to access, correct, and have personal data deleted. Finally, it establishes access to free resolution mechanisms and arbitration if data is handled wrongly.

Where this is going

Utah’s UCPA (Utah Consumer Privacy Act) bill has been signed and is likely to become effective for qualifying businesses at the end of 2023. There are at least 5 more states which are due to have privacy laws come into effect by 2026. And while lobbyists, lawyers, and the FTC are skeptical about federal legislation passing, the writing is on the wall: state by state, more privacy laws are coming.

Targeted advertising is being, well, targeted by existing and upcoming legislation as consumers become increasingly aware of how they’re being tracked and the value of their personal data. Law makers are looking to crack down on the sale and sharing of personal data, including the transfer of data to third parties for monetary or other valuable consideration. The concept of a Universal Opt Out Mechanism (UOOM) – whereby if someone opts out on one device or browser, they’re opted out on all devices and browsers – is well within the realm of possibility.

There’s also increased talk of addressing “dark patterns” within privacy legislation or in separate legislation. A dark pattern is any technique that tries to manipulate people into doing something they would not otherwise have done. Examples include:

  • trick or trap subscription programs, also known as negative option subscriptions; are free or cheap when you enroll, but if you don’t cancel then a fee is charged or the price goes up
  • disguising advertising as editorial content
  • junk or hidden fees
  • manipulating people into sharing unnecessary data e.g. misleading people into selecting the highest data-sharing option
  • uneven weighting on options; having “accept” or “reject” is evenly weighted, offering “accept” or “manage preferences” would be uneven
  • creating a false sense of urgency; fake countdown timers that never hit 00:00, and those products where 99 other people always seem to have this item in their cart

What this means for US businesses 

While the specifics of legislation vary, the themes are the same – and it’s reasonable to expect future legislation to be similar. 

US businesses are going to need to be able to provide data subjects (people they hold personal data about) with ways to:

  • find out what data has been collected
  • find out why their data is being collected and processed
  • obtain a copy of their data
  • amend the data held
  • restrict or opt out of the selling or sharing of some or all of their personal data with third parties
  • restrict or opt out of the use of some or all of their personal data for profiling or targeted advertising
  • request processing of their data be stopped
  • port their data to another platform
  • request the data held to be deleted

Consumers will be able to initiate action against businesses if their personal data is breached or in the case where they’re unable to exercise the above.

US businesses that have a robust opt-in process and where records are kept of explicit consent for data collection and processing are going to be in a much better starting place. In addition to keeping opt-in data, brands that understand what data they collect and process and why, who document their data flows, and who use integrated platforms are going to be better able to fulfill the rights of their contacts and data subjects, as well as more easily implement a UOOM for targeted advertising.

Dark patterns also need to be on your radar; just because something is a common technique in your industry or vertical doesn’t mean that it’s not a dark pattern, and you could be penalized.

How to prepare for the new changes

I love hanging out with our fabulous legal and privacy teams here at Dotdigital, but I understand that talking to your lawyers or DPO might not be your idea of fun. Unfortunately, it’s going to be needed so you can stay on top of the rapidly changing privacy landscape.

If you want to avoid the legal conversations being long ones, then you can always decide to implement best practices when it comes to personal data. Best practices almost always trump the legal minimum. So rather than arduous legalese on what you might be able to get away with, make it a quick conversation where you ask for a review of your best practice plans or implementation to make sure all the boxes are ticked.

 Here’s some homework to do before you go talk legals:

  • get familiar with GDPR; the US legislation looks similar, and having an understanding of some of the terminology and framework will help you understand the new laws. We have some great resources in our GDPR advice center to help you get started.
  • understand what personal data you are collecting/processing – and why. Ask whether the collection and processing are necessary, ensure you have consent, and map out your data flows to include where storage and processing happen.
  • talk to your developers and your vendors’ solutions architects to identify opportunities for integration to improve the flow and oversight of your data. 
  • identify any marketing or advertising strategies that include manipulative techniques that could be identified as a dark pattern, and start investigating best practice alternatives.

Dotdigital can help

We’ve seen the writing on the wall and, having held our UK and European customers’ hands a few years back, we’re in a great place to help our US customers adapt to the changing landscape. We’re ISO 27001 certified in Information Security Management Systems, meaning that you can trust us to do our part when it comes to managing your data safely and securely. Our trust center has more details, as well as contact information for our Security Team who are happy to answer questions. 

Dotdigital customers can also leverage our CXDP superpowers, using our many integrations to connect all your customer data. Our solutions consultants are always happy to discuss your needs and how the Dotdigital platform can help you manage your data effectively. Reach out to your CSM or Dotdigital Support so they can put you in touch.

And, as always, our Deliverability Team is here to help advise you on best practices to stay ahead of the legal curve. Just drop an email to support@dotdigital.com and we’ll get back to you.

]]>
Dotdigital retains its ISO certifications https://dotdigital.com/blog/dotdigital-iso-certifications/ Wed, 28 Jun 2023 08:00:00 +0000 https://dotdigital.com/?p=57750 A successful audit with no non-conformities raised

It gives us enormous pleasure to announce that Dotdigital has retained all three of its ISO certifications after passing eight days of auditing with no non-conformities being raised. Since obtaining our ISO 27001 certification in 2020, we have undergone regular audits. However, this is the first time Alcumus (our external auditors) have assessed all aspects of our three standards (ISO 27001, ISO 14001, and ISO 27701) simultaneously.

Our commitment to ISO standards

Since 2020, Dotdigital has opted to implement 3 ISO standards, underpinning its commitment to the protection of Information, the promotion of sustainability, and positive environmental behaviors. The three standards Dotdigital is certified to are:

  • ISO 27001 – Information Security Management 
  • ISO 27701 – Privacy Information Management 
  • ISO 14001 – Environmental Management 

The global significance of ISO certifications

The International Organisation for Standardization (ISO) is an independent body that sets global standards for safety, security, and quality. As the name suggests, its goal is to define standards for best practices that can be implemented, irrespective of the size, type, or location of an organization. By holding these certifications, we can show global clients and prospects that Dotdigital is the obvious choice for responsible marketers wanting a customer experience and data platform. Not forgetting that we’re also the world’s first carbon-neutral, ISO 14001-certified CXDP.

]]>
GDPR: Five years on and what have we learned? https://dotdigital.com/blog/gdpr-five-years-on-what-have-learned/ Mon, 12 Jun 2023 13:39:15 +0000 https://dotdigital.com/?p=57279 It’s been five years since the General Data Protection Regulation (GDPR) took effect. The law has transformed how organizations handle personal data and has had a lasting impact on businesses around the world. With GDPR having reached a significant milestone, it’s a perfect time to pause and reflect on the valuable lessons we’ve learned. We can also reflect on how it has shaped data protection practices globally.

What is GDPR?

GDPR is a data protection law introduced by the European Union (EU) to safeguard EU citizens’ privacy and personal data. 

Implemented on 25 May 2018, GDPR is a data protection law that ensures individuals have increased control over their personal information. The regulation has also hammered home the importance of transparency in how businesses collect, use, and store user data.

To comply with GDPR, organizations must get permission before using personal and customer data. This can be done by including a consent clause in the terms and conditions during the sign-up process. We’ve seen some hefty fines handed out for GDPR non-compliance and lack of transparency.

Key developments since GDPR

Here are some of the key developments in data protection since GDPR was implemented: 

Increase in data privacy expectations and awareness

GDPR has raised consumer awareness about data privacy and personal data rights. Consumers now demand transparency, accountability, and ethical data practices from organizations, expecting them to handle their personal information responsibly. 

Consumers are no longer willing to compromise their privacy and are more likely to support businesses that align with their values and prioritize data protection. Failure to prioritize data privacy can harm a company’s reputation and reduce consumer trust.

To thrive in today’s data-driven landscape, companies must have a privacy-driven approach and be responsible marketers. This means meeting regulatory responsibilities and putting the customer at the center of everything you do. By managing these expectations, businesses can build lasting customer relationships and gain a competitive edge. 

Data collection and cookies death

GDPR has impacted the digital ecosystem and data collection, especially with the decline of cookie-based tracking. Cookies are small text files that store information about browsing habits and preferences. They can be useful for remembering login details or personalizing online experiences. Now, websites must inform visitors about cookies and seek permission before placing them on devices.

Due to the growing demand for privacy protection, leading companies like Google are responding by phasing out third-party cookies. Essentially the shift in consumer attitudes thanks to GDPR makes old-school cookie-based tracking methods a thing of the past.

National data protection authorities (DPA)

GDPR has brought about notable changes in data protection enforcement in the EU. All EU members have a national data protection authority (DPA). They enforce compliance and handle data breach notifications.

Notably, DPAs have not shied away from imposing substantial fines and penalties on organizations found violating GDPR. These enforcement actions serve as a strong deterrent and send a clear message that non-compliance with data protection regulations will not be tolerated. 

In addition to enforcement efforts, DPAs have also taken a proactive approach by offering guidance and support to organizations. This includes the publication of guidelines, frequently asked questions, and best practice recommendations to assist businesses with GDPR compliance.

Data breach reporting

GDPR has changed the game for data breach reporting. With a strict 72-hour time frame organizations must act swiftly. Organizations are responsible for communicating breaches to their customers if personal data has been compromised. 

Several big companies, such as British Airways, Boots, and the BBC, have suffered cyber security attacks that led to employee personal data exposure. AT&T also experienced a breach in March, affecting 9 million customers. The breach compromised customers’ first names, wireless account numbers, phone numbers, and email addresses.

It has become evident through recent data breaches that companies must clearly outline the nature of the breach. They must address it, and offer advice on safeguarding against future risks.

California Consumer Privacy Act (CCPA)

While reflecting on GDPR, we cannot ignore its undeniable impact on data privacy laws around the world. The CCPA is an example of GDPR’s impact, which took effect on January 1, 2023. The law grants Californian consumers new rights and control over their personal information. The law draws considerable inspiration from GDPR and echoes similar principles aimed at safeguarding user privacy. Even though the law primarily affects businesses in California, it has broader implications across America and around the world.

Brexit

Brexit has significant impacts on data privacy and protection. Post-Brexit, businesses have faced uncertainties and challenges in complying with UK GDPR regulations. The UK GDPR regulations are basically the UK’s version of the European Union’s GDPR but with some differentiations made after Brexit. They’re all about how personal data should be handled, stored, and kept safe in the UK. These rules exist to protect people’s privacy and give them more control over their own personal information. If companies transfer data between the EU and the UK they must comply with both EU GDPR and UK GDPR regulations.

GDPR today—where are we now?

Since its inception, GDPR has reshaped the way organizations handle personal data, impacted businesses, and changed how marketers work.

Social media

In today’s digital age, data privacy and security online are more important than ever. Mishandling sensitive information can have severe consequences, as demonstrated by Meta’s recent GDPR breach. The tech giant received the biggest ever fine of €1.2 billion from Ireland’s Data Protection Commission (DPC) which enforces personal data protection standards. This was for transferring EU users’ data to the United States without proper consent and security measures.

GDPR fines are relevant to each case.

  • For severe GDPR violations, an organization may face a fine of up 20 million euros or, in the case of an undertaking, up to 4 % of its total global turnover of the preceding fiscal year, whichever is higher. 
  • For less severe violations, an organization an organization may face a fine of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.

The incident serves as a strong reminder that organizations must prioritize data privacy and transparency to comply with GDPR regulations. This ongoing effort by regulatory bodies to protect individuals’ privacy rights in the tech industry highlights the critical need for companies to commit to responsible data-handling practices. Companies should prioritize trust and loyalty.

Meta is not the only social media platform under scrutiny for Data Protection Act (DPA) compliance. Following TikTok’s recent Congress hearing, the company is facing investigations in France, Australia, and other countries for sharing sensitive data about US citizens. In the digital world, data protection is important as even social media platforms are bound by privacy regulations. So, its significance cannot be underestimated.

Artificial intelligence (AI)

AI technology has created unique GDPR compliance challenges. AI organizations must ensure that they have a legal basis for processing personal data and the necessary safeguards are in place. GDPR requires transparency, meaning AI systems must explain automated decisions clearly.

When companies use AI, they must conduct data protection impact assessments (DPIAs) and put in place proper security measures to safeguard personal data from unauthorized access or breaches. The ultimate goal is to strike a balance between AI’s potential and GDPR privacy rights protection.

GDPR impact on marketers

GDPR has impacted marketing through the rise of preference centers. Preference centers allow subscribers to manage their communication preferences, giving them more control over how marketers use their data. Preference centers allow marketers to demonstrate the value to customers of sharing their data, as it results in a more tailored and improved user experience. 

Using customer data in a way that appeals to the customer helps out brands too. It’s no longer about abiding by the law, but also delivering the best experience. GDPR highlighted that the customer data is first and foremost the customers and it’s to be treated with respect. This has in turn enhanced how we as marketers utilize it.

The rollout of Apple’s mail privacy protection (MPP) in 2021 added another layer of consumer protection. MPP works by having a bot open all emails as soon as they arrive in the recipient’s inbox. This helps maintain privacy by hiding IP addresses and preventing open rates from tracking other online activity or determining the recipient’s location.

As open rates are now unreliable, we recommend shifting your reliance on opens, to instead work with clicks, which is something we’ve enabled in our platform with your eRFM model

Brands rely less on data and more on building trust and nurturing relationships with customers through improved data practices. In light of data privacy regulations, marketers need to adapt to this shift in approach and find smarter ways to engage their audiences. 

To survive and thrive in this new world of data collection, you must adopt GDPR-friendly strategies like:

Prioritize zero and first-party data

Direct your attention towards gathering actionable insights from user engagement on your platforms. One way to do this is by collecting zero-party data from your website users by requesting their marketing preferences at the initial point of contact. This will enhance the customer experience as they can select what they want to view or avoid. Or you can leverage first-party data to eliminate third-party cookies and ensure compliance with GDPR standards. Both will save you money and time as you won’t have to invest in email marketing campaigns that don’t interest your customers.

Reinforcing contextual targeting

To promote privacy, focus on showing relevant ads or personalized product recommendations to your customers. This way, you can ensure your content matches your users’ browsing behaviors. This helps to build trust with customers, as they know their data is being used responsibly. It also helps to build customer loyalty, as customers are more likely to stay with a company that respects their privacy.

Integrating a consent insight collection tool into your workflow helps you effortlessly manage and track customer consent and preferences. This approach can help you protect your customers’ personal data which is an important part of maintaining GDPR compliance. You can also implement opt-in and opt-out features on your channels. This will allow users to have complete control over their data and how it’s used.

How Dotdigital can help you with GDPR

Our goal is to help you meet your marketing goals, and deliver an exceptional customer experience while complying with GDPR. As a data processor, we have taken steps to ensure compliance with Article 28 of GDPR. At Dotdigital, we prioritize the security of both your data and ours, which is why we consistently review and update our GDPR measures. We’ve put the necessary measures in place to keep your data safe and secure. We can help you be a responsible marketer by:

Technology that meets your needs

At Dotdigital, we understand the importance of your data and how it is managed. As a business accredited with ISO 27001, you can trust us to handle your data securely. We prioritize data protection and have a range of tools in place to make it convenient for you to do the same. Our Data Watchdog is a distinctive feature that monitors any suspicious or hazardous data. With our strict compliance, you can work efficiently with peace of mind.

Contractual commitments

Our partnerships are backed by contractual commitments that encompass strong security standards, comprehensive support, and timely notifications, all aligned with GDPR requirements. You can trust that we prioritize your data’s security and privacy.

Sharing our experience

We gather insights from reputable sources, including data protection authorities and other trusted organizations. By sharing this knowledge, we empower you with the latest information to navigate the GDPR landscape.

Partner with Dotdigital to ensure your data protection practices align with GDPR regulations. This will give you peace of mind and enable you to focus on your business goals. To understand GDPR better, we recommend reading through our FAQ section.

]]>
Third-party cookies: everything marketers need to know https://dotdigital.com/blog/third-party-cookies-everything-marketers-need-to-know/ Wed, 20 Jul 2022 06:45:17 +0000 https://dotdigital.com/?p=38896

Trends briefing

Third-party cookies: everything marketers need to know

young man online marketing working on laptop with smartphone in hand

For a long-time marketers have relied on cookies and website tags to detect and track online activity. But as we prepare for a cookieless future, what can we do to prepare and ensure we can continue to measure and optimize our campaign success? 


What are cookies?

In its simplest form, a cookie is a small file that is downloaded onto your computer when you visit a website. They serve a range of purposes, including remembering preferences, recording items added to shopping carts, and counting the number of people visiting your website.  


What types of cookies are there?

There are three types of cookies:  

  1. First-party cookies. First-party cookies are stored by the domain a browser is visiting. They are typically used to identify which pages users visit, remember preferences, and store shopping carts. Nowadays, every website uses first-party cookies.  
  2. Third-party cookies. Third-party cookies are the opposite of first-party in that they are stored under a different domain to the one a user is visiting. They’re mostly used to track user behavior between websites and display relevant ads, but can also be found in a support chat function provided by a third-party service.  
  3. Second-party cookies. You probably haven’t heard about second-party cookies. That’s because a lot of people say they don’t exist. Generally, second-party data is first-party data shared between partners, so second-party cookies are part of the data related to cookies.  


How do third-party cookies work?

Third-party cookies are cookies tracked by websites other than the one a user is currently visiting. The most common third-party entities are advertisers, marketers, and social media platforms.  

Third-party cookies in action 

The best way to explain how cookies work is to see them in action.  

Let’s use travel companies, as I’m sure we’ve all been re-targeted by a travel brand or two. Imagine last week you decided to look into a holiday in Greece. You browsed a couple of websites and checked out flights, hotels, and top attractions but ultimately, to be able to afford that Santorini holiday of your dreams, you’re going to hold off and save up. Next year will be your year.  

A few days go by, you’ve set yourself a savings goal, then you begin to see ads for Santorini villas on many of the websites you visit.  

Coincidence? I think not.  

You’re seeing these ads because your browser stored a third-party cookie and it is being used to send you targeted marketing.  


Why are third-party cookies bad?

The biggest problem with third-party cookies is that most website visitors don’t realize they’re there or doing what they’re doing. After all, how many of the giant cookie popovers explicitly tell you how and where the cookies you’re ‘consenting’ to will be used.  

What’s more, cookie notifications have become such a nuisance to web browsers that people rarely pay attention to them. With the implementation of CCPA, ePR, and GDPR, the privacy rights of web browsers are increasingly protected.  

Users are now entitled to know what information is being collected about them and with whom it’s being shared. At the same, they have the right to opt-out at any time.  

Pressure has steadily built from regulators and consumers demanding the era of third-party cookies end. Apple’s Safari and Mozilla’s Firefox have blocked third-party cookies by default. Google Chrome is the last of the major players to block third-party cookies. With 67% of the market share and 90% of its revenue generated through advertising, it’s easy to understand why Google has been reluctant to follow suit.  


When will third party cookies be phased out?

Google initially announced its third-party phase-out in February 2020 but it was the brand’s March 2021 announcement that sent marketers’ heads spinning.  

“Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”  

According to Google’s statement, “[it doesn’t] believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long-term investment. Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers.”  

While there has yet to be a specific date set, Google has announced that it will stop using third-party cookies by the end of 2023.  


What does the end of third-party cookies mean?

First things first, the end of third-party cookies is not the end of tracking. Cookies aren’t the only technology marketers have today that can be used for tracking web browsing behavior.  

Just like third-party cookies, these existing technologies track user behavior in the same way:  

  • Local Storage 
  • IndexedDB 
  • Web SQL 

Technologies have already discovered workarounds for users using Safari and Firefox, and they’ll likely find one for Google too. The secret to successful tracking will be compliance.  


What does it mean for marketers?

Tracking technology may be changing, but data protection laws aren’t and they still require end-user consent.  

In some ways, this could end up strengthening tracking. New technologies will ensure a greater level of certainty, fixing issues in tracking precision and ad fraud by bots.  

We’re about to witness is the rise of zero-party data. 

First-party cookies will continue, and thanks to GDPR and emerging laws like CCPA and Brazil’s LGPD, consent will remain as a central requirement. Your website still needs to ask for and obtain explicit consent from users for any data stored, regardless of what technology is being used.  

This means, that as the curtain falls on third-party cookies, marketers will have to work harder to build trust with web browsers to obtain consent. Trust and consent will ensure compliance with the data privacy regulations that have changed the marketing game. In turn, compliance will enable you to innovate how you track and target your customers.  

Luckily, your email marketing, marketing automation, and customer data platforms have been preparing for this for years. Keeping track of consent and managing individual users’ consent via single customer view are just a couple of ways you can rest assured that you’re already more prepared than you thought you were.  

So, as a final note, I think it’s important to change the way we think about the death of third-party cookies. It’s not the end of marketing as we know it. It’s an opportunity to improve and a chance to ensure we – as marketers – are protecting the rights of our customers, whilst providing them with exceptional experiences.  



]]>
What is Apple’s Mail Privacy Protection? A marketer’s guide https://dotdigital.com/blog/what-is-apples-mail-privacy-protection-a-marketers-guide/ Tue, 07 Jun 2022 11:31:51 +0000 https://dotdigital.com/?p=37510

What is Apple’s Mail Privacy Protection? A marketer’s guide

Apple iPhone with Mail app and notifications

Last updated: June 2022 

Around the world, email marketers were sent into a tailspin when Apple announced its Mail Privacy Protection (MPP) feature in July 2021.  

Apple’s Mail Privacy Protection feature is part of a larger initiative to empower Apple Mail users to take control of their data. Launched in September 2021 as part of the iOS 15 updates, Apple explain how great experiences shouldn’t come at the expense of users losing their privacy.  

“Mail Privacy Protection hides your IP address, so senders can’t link it to your other online activity or determine your location. And it prevents senders from seeing if and when you’ve opened their email.”  

Understandably, this caused great debate amongst email marketers speculated about the death of open rates as a metric for marketing success. But is this really the case?  

In this article, we’ll outline everything you need to know about Apple’s MPP, as well as give you our expert advice on how to continue to deliver excellent results from your email marketing campaigns.


What is Apple’s Mail Privacy Protection?

Apple’s MPP was launched as part of the iOS 15 and macOS 12 Monterey updates across Apple devices. The feature allows users to choose whether they would like to protect their privacy online. Users who decide to protect their privacy will enable MPP and hide their IP addresses. 


How does MPP work?

MPP is not a default setting; users have to actively choose to turn on MPP. Whatever choice is made, it is then synced across all devices linked to the same Apple ID.  

When a user chooses to enable MPP, Apple will then route emails through a proxy server to pre-load the contents of the email (including tracking pixels) before sending it on to the recipient. Therefore, all emails are opened, even if your subscriber doesn’t end up reading your email. 

With future updates, Apple will continue to improve MPP, but for now, we expect MPP to work like this:  

  1. Email downloads are triggered when a user opens the Apple Mail app.  
  2. Apple downloads all the images in the email, creating a copy to a new location on the Apple Privacy Cache. This can happen randomly and at any time, i.e., immediately or after a couple of days. The email download is triggered by a proxy server with an IP address that masks their specific geolocation.  
  3. Apple’s caching process requests images, including the open tracking pixel, from an email service provider (ESP) like Dotdigital. This can lead to misleading tracking as the ESP thinks the email has been opened.  
  4. When subscribers do open the email, download requests are triggered, but instead of coming from the sender’s web host or the ESP server, it’s coming from the Apple Cache. This means you won’t be able to track the real open.  


How many subscribers will be affected by Apple’s MPP?

Apple’s MPP affects any email that is opened in the Apple Mail app, regardless of which email service is used (e.g., Gmail or a work account).  

It will not affect other email apps used on Apple devices like the Gmail app.  

According to Litmus, Apple iPhone (iOS Mail), Gmail, and Apple Mail (macOS Mail) continue to be the three most popular email clients, covering over 84% of the market share. Including Apple iPad (iPadOS Mail), Apple has a combined market share of 49.%. 

Since Apple launched its App Tracking Transparency tool, 96% of users took the opportunity to opt-out of ad tracking. Using that as our basis, it would be fair to assume adoption rates for MPP would follow suit and hit the high 90s.  


How does Apple’s Mail Privacy Protection affect email marketing?

MPP prevents email senders from fully understanding email engagement by anonymizing open tracking. That means it will be harder for marketers to measure opens after recipients enable MPP on their accounts. Ultimately, this will make it harder for marketers to identify unengaged contacts or to measure the success of an email marketing campaign.  

However, this doesn’t have to be the case. Click tracking is still possible through MPP, so email marketers will still be able to measure engagement. In fact, click tracking is a better indicator of engagements than opens alone.  

Since the launch of Apple’s MPP, 47% of email marketers have claimed that the impact of the data privacy changes on their email marketing strategy has been neutral while 24% claim it has had a positive impact.  


Is this the end of open rates?

Since the beginning of email marketing, open rates have been the go-to metric for marketers to measure the success of a campaign. The real question is, should it be?  

Open rates have always been a “noisy” metric. For a long time, open rates have been unreliable. Any open – even a two-second peek or accidental click of a mouse – is recorded as an open and therefore an engagement, which is clearly not the case.  

Similarly, comparing open rates between campaigns often doesn’t make sense. You can’t compare the open rate of a welcome email to your general newsletter. One is a triggered program based on customer actions, and the other is an editorial piece designed to appeal to the masses.  

While there is still a place for open rates, Apple’s MPP is the shake-up marketers needed to shift their reliance away from open rates, to more insightful metrics of customer engagement. 


How can marketers adapt to the post-MPP world?

There’s no denying that the MPP feature in the iOS 15 update was a gamechanger, but it’s also an opportunity in disguise.  

Today’s customers believe that trust is the foundation for long-term loyalty. Customers want to do business with brands that understand and respect their privacy and are responsible stewards of their personal data. Brands are already doing a lot of work to engage customers more responsibly and respectfully but here are a couple of our top tips to ensure success in the post-MPP world.  

1. Adjust your success metrics 

It’s not all about opens. After all, what do open rates really tell you about customer engagement? If a customer is not engaged with your marketing or content, you need to shake things up. That’s why it’s vital you think about the alternative ways you can measure your success.  

Choosing your success metrics will depend heavily on your goals. What are you trying to achieve from your email marketing? Website visits? Then look to click rate. Customer engagement? Maybe you focus on the session duration. Increased sales? The ROI is the key metric you need to measure. You can find a breakdown of success metrics in Dotdigital’s ultimate guide to marketing metrics 

2. Test your CTAs 

Clicks are now going to be the easiest way to measure customer engagement with your email marketing. You, therefore, need to make it as enticing as possible to click through. That means making your call to action (CTA) stand out.  

There are many ways to do this – changing the button style, copy, color, etc. – but one thing is essential. You need to test. Customer behavior is unpredictable at the best of times. Just because a CTA worked in one campaign, doesn’t mean it will continue for weeks and months to come. Keep it fresh and never miss an opportunity to test.  

3. Improve your preference center 

One of the benefits of Apple’s MPP is the improved hygiene of your marketing lists. Apple only caches images if the Mail app is running, so you can at least be certain that those email addresses are valid. However, it does make personalization and timely email marketing more challenging.  

Without opens, re-engagement campaigns will be more difficult. This means you need to get smarter with your campaigns. Sending out regular requests to update marketing preferences is a great way to gauge engagement. The more preferences you collect the better you can continue to send personalized and relevant content that converts your email marketing contacts. 

4. Follow deliverability best practice 

With measuring engagement becoming more difficult, you need to ensure you’re getting the basics right. Timely and relevant email campaigns are vital for your success, so it’s essential you’re landing in the inbox. 80% of email delivery issues are caused by poor sender reputation.  

Good deliverability practices like having a clear, transparent, and informed sign-up process and double opt-ins will make sure that the contacts in your database want to receive your marketing, reducing the possibility of you ending up in the junk folder.  



]]>
Dotdigital’s strategy towards protecting its clients from falling victim to the rising SMS scams in Singapore https://dotdigital.com/blog/dotdigitals-strategy-towards-protecting-its-clients-from-falling-victim-to-the-rising-sms-scams-in-singapore/ Mon, 04 Apr 2022 11:26:44 +0000 https://dotdigital.com/?p=33721

Dotdigital’s strategy towards protecting its clients from falling victim to the rising SMS scams in Singapore

Woman sitting at table using SMS on smartphone

Recently, many of you would have noticed the Singapore media outlets flooding with news on businesses/organizations, especially banks getting duped by SMS. The phishing scam has been tricking customers through an SMS that appears to be sent by a legitimate business claiming issues with their credit/debit cards. It prompts the customer to call a number for assistance resulting in scammers getting hold of personal details and gaining access to bank accounts to carry out fraudulent transactions.

In light of this, the Infocomm Media Development Authority (IMDA) has urged more businesses to sign up with a government pilot program launched in August 2021 to allow organizations to register SMS sender IDs they wish to protect.

OCBC Bank has become the latest organization to sign up for the pilot program, joining other companies such as Singapore Post and the ecommerce platform Lazada.


Dotdigital’s umbrella approach

At Dotdigital, client safety is of utmost importance and priority with a zero-tolerance policy for phishing/scams. With the help of our committed and proactive tech team that acts quickly to improvise with changing dynamics, Dotdigital has introduced an array of stringent steps to combat the developing situation.

  • Dotdigital now require its customers sending on behalf of Singapore banks to register any sender ID names they use
  • Messages sent from bank names that are not registered will not be delivered.
  • We have barred sender IDs from the following banks: DBS, UOB, OCBC, Maybank, CIMB, Citi, Standard chartered, and POSB on our platform. Unless any clients speak to the Dotdigital team about sending banking messages from the above sender IDs, these will automatically fail.
  • If a customer on board wants to send on behalf of these banks, they need to register the sender ID and present a Letter of Authorisation from the bank (either directly to our partners or us) copy of the SMS. We will then enable this sender ID for that particular client only).


Leverage the power of SMS while protecting your customers

There’s no denying the dominance of mobile in the marketplace. The device now makes up 60% of global ecommerce spending– representing 6% of total global retail sales and $1.357 trillion in revenue. Those figures are hard to pass over. And it’s not just consumers who favor the phone. 76% of B2B buyers aged 36-51 believe their mobile device is essential to their work, and for millennials, it’s 84%.

Therefore, bringing SMS into your marketing strategy is an essential step in the direction of cross-channel customer experience. SMS is an effective marketing tool that lets you cut through the noise when other channels can’t. But how do you make the most of SMS marketing and keep your customers protected simultaneously? Here are some best practices that will not only protect your customers but also your business:

  • Evaluate the SMS program from a thorough risk and vulnerability perspective – this is imperative
  • Implement a robust two-factor authentication – deploying a layered security framework to mobile messaging applications will ensure security at each stage of development.
  • As more and more customers fall victim to SMS spoofing/ SMiShing, focus on educating your customers on security dos and don’ts.
  • Ensure third-party security – many businesses rely on third parties to operate SMS services. Make sure the third-party vendor has the essential security measures in place to identify / fraudulent use of the SMS services.

The best way to guarantee ROI, mitigate the risks and meet customer expectations is with a best-of-breed marketing provider that offers SMS as part of its core functionality. Check out all you can do with Dotdigital’s decades of experience sending SMS globally here.



]]>
dotdigital is now ISO 27701 certified https://dotdigital.com/blog/dotdigital-is-now-iso-27701-certified/ Fri, 23 Jul 2021 00:00:00 +0000 https://dot.tiltedchair.co/dotdigital-is-now-iso-27701-certified/

So, what is ISO 27701?

The International Organization for Standardization (ISO) is an independent organization that sets global standards in areas such as security, safety, and quality. As the name suggests, its goal is to define standards for best practices that can be implemented, irrespective of an organization’s size, type, or location. ISO 27701 is the international standard-setting out best practice for a Privacy Information Management System (PIMS). It’s an extension to the ISO 27001 standard, which dotdigital became certified to in Summer 2020.  It’s designed to help organizations build, maintain, and continually improve their privacy program in line with international best practices. Being certified against the standard demonstrates that a company meets the requirements and has put in place a comprehensive system to manage data privacy.

What does being certified to ISO 27701 mean?

It means that dotdigital has built a PIMS that complies with the ISO 27701 standard, and that all components of the system have been independently audited by a UKAS accredited certification body – Alcumus ISOQAR. To maintain certification, dotdigital must now commit to ongoing internal auditing; ensuring the management system continues to meet the requirements and drive improvement.  In addition to this, external audits will take place annually.

What does this mean for dotdigital customers?

We recognize our role as custodians of our clients’ data. dotdigital’s privacy program has developed over many years to foster a culture of trust, transparency, and responsibility. We’ve published information on our privacy program in our Trust Centre for some time. We continue to be proactive in updating our clients on the ever-changing privacy landscape globally, not just in outlining our commitments in our DPA, but offering detailed, practical guidance to our clients in the UK & Europe, the US, Singapore, and Australia. Achieving ISO 27701 accredited certification was the next step and reflects dotdigital’s ongoing commitment to ensure the privacy and security of personal data. It demonstrates that we understand how important personal data is, the risks associated with it, and how critical it is that it is protected. What’s more, certification provides evidence that the methods we have put in place to identify and mitigate privacy risks comply with an internationally recognized standard, and that they have been independently verified. We continue to invest in our privacy program as a business and we recognize our huge part to play in securing our customers’ most valuable of assets: their data. Feel free to get in touch with our Security or Privacy teams for more information.]]>
iOS 15: What you need to know https://dotdigital.com/blog/ios-15-what-you-need-to-know/ Mon, 14 Jun 2021 00:00:00 +0000 https://dot.tiltedchair.co/ios-15-what-you-need-to-know/ The breakneck speed of digital transformation this past year has been impressive in not just velocity but in the breadth of impact.  Organizations at every level, are developing new, more agile, digital marketing strategies.

And while those strategies will differ by industry, sophistication, segment, and more – responsible marketers have long understood the value of a direct relationship with their customers, and email has long been the cornerstone of direct customer engagement.

Apple’s recent announcements may seem to impact that direct customer engagement, or at least shake things up. But digging deeper, there is much to celebrate as responsible marketers are rewarded for valuing personal data and building customer trust. What’s more, the announcement is a preview of features set to be released in September 2021. We have time to get ready for any big changes.

What has Apple done?

The iOS 15 update brings with it a range of new privacy features, but there are two which will have a direct impact on marketers, and email marketers in particular. These are:

  • Mail Privacy Protection provides anonymity to recipients receiving emails on iOS devices by preventing accurate tracking.
  • Hide My Email provides recipients the ability to get emails without sharing their real email address with senders.

Why did they do it?

Privacy is important. We all know this. As consumers, we expect this, so we should expect this as marketers too.

In reality, we’ve seen this coming for a long time. Data protection acts around the world have had a big impact on consumers’ understanding of data and their privacy rights.

While they don’t always understand what happens to their data after they hand over their permissions, it’s a brand’s responsibility to keep them in control and informed. Apple’s update is an opportunity for brands to build trust among its users. It’s helping to increase people’s awareness of data and privacy which, while initially troubling for marketers, will yield better results in the future, driving innovation and stronger customer relationships in the future.

What does it mean for you?

We’re yet to know exactly what the impact will be. However, a well-educated guess implies that short term and from a functional perspective some key data points will be impacted for those recipients you send to using iOS15:

  • You will not be able to correctly track what time an email was opened
  • Location of email opens will be less accurate
  • The number of opens will not be an accurate measure of success

But this is nothing to worry about. There has been a flurry of conversations among marketers about the merits of open rates since the announcement. At Dotdigital, this is nothing new. In essence, open rates are a vanity metric. Recipients flicking through their inbox may count as opens when in actuality they haven’t engaged and may have barely even looked at your email. It offers no insight into whether users are engaging with your marketing.

Open rates will still exist in some capacity, and when combined with clicks, purchase information, account log-ins, and replies this will all add up to a more comprehensive view of customer engagement.

More reliable customer engagement

Over the years, marketers have used different engagement metrics to measure the success of their email marketing. Opens, clicks, complaints, inactivity, and purchases are all available to help paint a picture of how emails are performing. Altogether, these metrics can be used to devise a strategy to maximize return and ensure recipients who want to continue to hear from your brand.

Using this holistic approach to measuring customer engagement ensures your customer privacy is respected, while still providing you with the ability to measure the impact of your email marketing.

Consumers do not want personalization at the sake of their privacy.

Consumers want brands to both earn and maintain their trust, that precious direct relationship. Responsible marketers focused on adding value for their consumers and revenue for their companies have long seen this coming and will continue to lean on technology providers able to provide personalization.

What can you do?

So, how can you be ready for the changes? Or, better yet, how can you use these updates to your advantage to build better, stronger relationships with your customers?

Be open, honest, and transparent

This update is an opportunity. Responsible marketers know the importance of honest, transparent practices. To build a loyal customer base, marketers have to be explicit about how they plan to use customer data. This helps build trust, and the more a customer trusts you, the more time and money they’ll invest in your brand.

When Apple’s update comes into effect, you can explain the benefits of a tailored, personalized experience as you collect consent. Shoppers will be more willing to share their data when you adopt an open and honest approach because they trust you to act responsibly with it.

Adjust your success metrics

Open rates aren’t the be-all and end-all. By adjusting your success metrics to consider clicks, conversions, and ROI you will get a better understanding of customer engagement.

As it requires active engagement with your marketing, these metrics offer more insight than most. You can learn more about what makes email subscribers sit up and pay attention than just looking at open rates alone.

Focus on zero-party data

Zero-party data, as defined by Forrester, refers to explicit data a customer intentionally and proactively shares with you. This is how you should be collecting the bulk of your data. Customers can then choose to tell you what they want you to know.

As well as collecting preferences, you should be asking customers to enrich their own data. Overall, this will help you build a stronger one-to-one relationship with your audience, and give you more reliable and valuable data to base your personalization on.

How will Dotdigital help you through?

At Dotdigital, we’re strong advocates of responsible marketing. As a result, we’ve anticipated the needs of our clients and have built a platform full of the tools to help you engage customers efficiently while building trust.

In anticipation of the introduction of GDPR in 2018, we released a whole host of updates to empower marketers and shoppers to have better control of their data.

Consent insight allows marketers to act responsibly when it comes to managing their contact database. It records all the information you need about a contact’s consent including the date and time they signed up to receive your marketing.

Similarly, to enable marketers to process ‘Right to be Forgotten’ requests, we’ve made it simple to delete contact data with ease.

With the approaching update to Apple’s privacy features, consent insight will be able to store the different consent you hold on every customer. Ultimately this will make it easier to segment, target, and personalize your marketing.

Marketing preferences

You can create an unlimited number of marketing preferences giving you endless opportunities to enrich your customer data. Using surveys, forms, and preference centers, you can easily and regularly collect explicit data from your contacts.

By encouraging shoppers to share as much information as possible with you, they’ll be able to craft their own customized journey. The explicit data they hand over to you can be used to create relevant and targeted segments.

Double opt-in

Double opt-in is an automated confirmation email which asks to confirm that they want to receive your marketing. This ensures that you database is full of engaged contacts.

With the changes about to come into effect with the iOS 15 update, having an automated double opt-in process will ensure subscribers are fully informed about what they’re signing up to receive.

Live chat

Live chat is a vital channel to enforce the connection between you and your customers. As a channel, it promotes two-way conversations that can be used to form stronger connections with your audience. Also, like zero-party data, customers have made the first move, reaching out to you, meaning that they’re in control of the relationship.

SMS

SMS is a marketing channel that has never relied on opens to measure success, and with read rates of 98%, its success is undeniable.

In light of the iOS 15 update, brands should be adding SMS to their marketing mix as a necessity. With country-specific templates, we’ve set you up for success. All the right opt-outs for each region are included to ensure you’re able to get your SMS campaigns up and running quickly and responsibly.

iOS 15: game-changer or opportunity in disguise?

Dotdigital, like Apple, believes that privacy is key for consumer confidence. As such, it’s embedded in our culture of long-term growth, alongside security, sustainability, and trust.

While these changes to customer privacy feel like they’re going to make our lives more difficult, it’s important to see what opportunities lie ahead of us. Clean data, fully informed consent, and additional marketing channels are just some benefits this update will bring.

As we learn more about these changes and what they’ll mean for the many email marketers who work with Dotdigital, we’ll be keeping you up-to-date throughout.

]]>
Update: EU Standard Contractual Clauses https://dotdigital.com/blog/update-eu-standard-contractual-clauses/ Mon, 07 Jun 2021 00:00:00 +0000 https://dot.tiltedchair.co/update-eu-standard-contractual-clauses/

What are Standard Contractual Clauses?

Standard Contract Clauses have been around for a long time and are used by companies worldwide to help them transfer personal data from the UK and Europe to other countries in compliance with the principles of European data protection law. Since the introduction of the GDPR (as well as high-profile cases like Schrems II), this mechanism has been under the spotlight as being outdated.

What has happened?

The SCCs have been discussed and much anticipated (by privacy practitioners at least) for some time. At a very high level, the new SCCs have been updated to:
  • bring the wording of the SCCs in line with the GDPR;
  • address the requirements made in the Schrems II decision; and
  • broaden the scope of the situations where these data transfers may take place.
The decision comes into effect on 24 June 2021 and companies can use the previous SCCs for a further three months. After that, companies will have a further 15 months to get the new SCCs to replace the existing SCCs.

Your data and dotdigital

We understand that our clients (particularly their Data Protection Officers and privacy teams) will be keen to understand the impact this will have on your relationship with dotdigital. dotdigital has entered into contracts with the organizations listed on our Trust Center to ensure the safeguarding of personal data, including entering into Data Processing Agreements reflecting the obligations under the EU and UK GDPR and entering into the old SCCs (where relevant) to ensure that all customer data is protected. As a result of the recent update, we will be looking to update these safeguards with the new SCCs. Depending on your location, we may well have entered into the old SCCs with you directly. Similarly, we will be looking to update any existing SCCs with the new SCCs soon. Please note that dotdigital will be analyzing the content of the new SCCs over the coming days and will communicate specific updates and reach out to affected clients directly in due course. No immediate action is required by you.]]>