- Behind the Scenes
GDPR – New Marketing Procedures
By Ben Sebborn
- 06 Jun 2018
- 9 min read
It’s been a while since our last GDPR update, so we thought we’d give you a run down about our new GDPR compliant Checkout and Marketing processes for Promoters.
Until recently, our T&Cs stated that we could share customer details with the event promoter for marketing, as a condition of the sale. This policy was compliant with the then-current Data Protection legislation and common practice.
There are therefore a handful of ways we can collect ‘permission’ from the customer – one being Consent and one being Legitimate Interest.
Legitimate Interest is suitable when a product has been purchased and the customer reasonably expects to receive marketing from the organisation it purchased from. This usually applies when purchasing a product directly from a company without any third parties being involved.
To make this lawful, at the point of data capture, the option must be given to customers to ‘Opt out’ if they don’t wish to receive marketing, and marketing must only be for related products from the same organisation. You must also complete a Legitimate Interest Assessment each time the purpose for collecting data changes (eg for each event)
As you can see already, Legitimate interest is a tightly regulated option and failure to meet all the required steps, or any ambiguity would result in the data collected not being legally usable for marketing.
Consent is the alternative and collects clear, unambiguous permission from the customer. It can be used when the customer would not reasonably expect to receive marketing from you (for example they may not know which underlying organisation promotes the event), or when you wish to have a larger scope for the use of such data for marketing later. It is also seen as a ‘future proof’ option as the consent gained is less ambiguous, and so less likely to fall foul of future regulation updates.
Some organisations have taken Legitimate Interest as a ‘back door’ or shortcut to obtain consent and feel they can ignore both the GDPR and PECR by doing so. We believe they have been misinformed by reading information relating to other ecommerce sectors and applying it to ticketing, which has a different legal arrangement due to 3 parties being involved (the customer, Skiddle and the event organiser).
Our GDPR compliance team, plus external lawyers have spent months investigating which practice is best for our event promoters to give the best access to data for marketing, without overly restricting its use, or risking the data becoming illegal to use in the future.
Initially we pushed to use Legitimate Interest for both ourselves and our event promoters, but it quickly became very apparent than using Legitimate Interest for third parties was not suitable.
The ICO’s opinion on this matter
We contacted the ICO who enforce GDPR in the UK. They informed us that Legitimate interest was not appropriate for obtaining marketing permission when selling for a third party (ie promoter). Collecting data in this manner would likely render the data illegal to use.
Using Consent, and forcing the customer to tick ‘Yes’ or ‘No’ (so they can’t simply skip over the question) has been shown to be a good balance and result in the best outcomes.
Other Ticket Agents Decisions
You may have noticed that other major ticket agents websites are using Consent on their checkouts for promoter marketing, in the same way Skiddle do.
We have also consulted with large event organisers, who have insisted that the Consent model for gaining permission is used, as it gives them the biggest safeguard that their data will be usable in the future.
Next year, the ePrivacy guidelines will be published which will impose further restrictions on the use of data for marketing. As such it’s important that data collected now is done so in a clear and compliant manner, otherwise it may become unusable later as some grey areas are clarified.
When new regulations come into force, it can be easy for a small company to claim they have a ‘backdoor’ to help boost your data collection. But do not be fooled. GDPR is a very tightly regulated law and a lot of guidance has been published.
Please be careful when using other ticket agents and check clearly what their policies and processes are:
- Any ticket agent that does not give the customer a clear option to Opt Out on checkout when using Legitimate Interest means you WILL NOT be able to market via email to these customers.
- When using Consent to gain permission, the Opt In box must not be pre-ticked by default otherwise this is not deemed as fairly collected consent.
- Any ticket agent that does NOT name you as a third party in the checkout means you WILL NOT be able to market to them. By law, you or your company must be named explicitly on the checkout.
- Any ticket agent that does not give a way to opt-out of receiving marketing from 3rd parties, after you have shared data with them means they are in breach of GDPR.
There is no surprise that all major ticket agents have taken a similar route to gain permission from customers. This represents millions of pounds spent on legal research and training.
Ultimately we have your best interests at heart. We do not want you to collect data in an illegal manner which could open you to fines of €20 million or 4% of your turnover (whichever is greatest).
We do realise that changes made for GDPR will result in lower than usual data collection. This is to be expected, but should not be seen as a bad thing. If you are currently receiving a 15% open rate on your emails, that means that 85% of your email list is either not interested, inactive or at worst informing their ISP or the ICO you are spamming them.
By concentrating on marketing to customers who have expressly indicated they are willing to hear from you, your open rates will be expected to increase, the cost of sending mailouts will decrease and overall your marketing should benefit.
We are also of the opinion that email marketing, in general, is becoming less and less effective as the years pass. Email clients filter messages from the inbox and people spend less time reading emails. As such we have invested heavily in alternative methods of communication which future proof you from such issues. For example, our free Artist Alert Push Notifications receive around a 3x higher interaction rate than emails. Re-targeting reaches customers on platforms that they spend the majority of their time on, such as Facebook, Twitter and Google.
We hope this clarifies some of the questions we have recently been receiving, we also hope you will carefully consider the points raised as we want to ensure all event promoters stay on the correct side of the law.