Data privacy is a worldwide concern for many businesses – especially with regulations like the GDPR and POPI (the Protection of Personal Information Act) coming into effect. And direct marketers (like those who contact people directly over email and SMS) will be the most affected. How can you keep your database POPI compliant? Read this.
Marketing Before POPI
Before POPI, it was common for email marketing to be done on an opt-out basis. This means that you were free to email anyone if you gave that person a clear way to opt out of your communications. But this isn’t the case under POPI. Now that the legislation is in effect, everyone on your database must have opted in to keep your database POPI compliant.
But what exactly does this mean?
What it Means to Opt In
Every new contact on your list must have expressly opted in to each messaging thread by checking an opt-in box or filling out a form on your website or landing page. This means two major things:
- If you send different communications for different audiences / purposes, the people in each database will have to have opted in for each one. For instance, just because someone’s opted in for Discovery Vitality emails doesn’t mean that Discovery Insure can send them emails too – Discovery will have to keep two separate databases for these two separate audiences.
- Any bought databases (where the contacts haven’t given their consent to have their data sold) or prechecked / hidden subscriptions is illegal.
But what about the contacts you’ve got on your database from before POPI?
According to Novation Consulting’s Elizabeth De Stadler, the transition to POPI, for most organisations, shouldn’t be a big adjustment. If you follow direct-marketing ethical practices, like sending good content, adding value, limiting the number of messages you deliver, and offering a solid way for contacts to unsubscribe, you should be okay.
This unsubscribe feature is particularly important; it’s what Elizabeth refers to as a soft-opt-in, where the contact has declined the clear and free opportunity to opt out.
Clear About Unsubscribes
For the unsubscribe process on your database to be POPI complaint, it must be clear, easy, free of any penalisation or cost, and in the same channel as the communication. For instance, if you send an email, the opt-out process must also be email or internet-based – it isn’t acceptable to ask them to send an SMS for this.
The same goes for SMSs: opt-outs must be SMS-based. This can get tricky, because opting out also can’t cost the contact anything to process. Luckily, Elizabeth explains that there are SMS short codes you can create that enable contacts to send opt-out messages completely free of charge.
It’s important that you manage unsubscribes regularly and effectively to keep your database POPI compliant – something that can get laborious as your database grows (unless you use Everlytic, of course – the platform manages unsubscribes automatically for you).
Collecting Data with POPI
Consent that keeps your database POPI compliant is clear, ethical, and transparent. To do this, Novation Consulting recommends ensuring your request for consent is:
- Specific: You must collect every piece of information for a specific purpose (like a name and email address for a digital newsletter) – not just in case you need it.
- Informative: You must give the individual enough information about what you’re using their information for before they decide whether to consent to it, including your company’s details and any third parties you’ll be sharing the information with.
- Explicit: The contact must give consent through a clear, specific, and affirmative act (like filling in an online form).
- Distinct: The consent must be distinct from any other action (i.e.: not hidden in a purchasing contract).
- In opt-in format: Steer clear of any pre-ticked boxes or any kind of default consent – they must actively opt in specifically for each list.
- Written in plain language: The kind of language we use to talk to people on the street every day – no legalese or complex jargon.
- Flexible: Give people the ability to consent separately for different purposes and adapt their preferences when it comes to mail frequency and the type of content they receive.
- Transparent: Give contacts access to the data you’ve collected on them.
Follow these guidelines (and the specifics we cover in our 2020 POPIA Guide) and you’ll be set to grow and keep your database POPI compliant.
Raising the Bar in Marketing
POPI and the other international data privacy laws are considered a burden for many organisations, but they also offer an opportunity to raise the bar on digital marketing. And that’s great news for all of us. Can you imagine if all the marketing you received added value to your life instead of just noise? This is another reason why it’s so important to keep your database POPI complaint.
In other words: Level up on your digital marketing. Get creative, add value, strive for excellence, and build ethics and privacy compliance into everything you do. Not only will this attract, engage, and keep the right clients – it’ll establish your reputation as a trusted competitor in the field. And that’s something an illegally bought database can never do.