Expanding into international markets can ensure success and longevity for your business, yet many businesses are reluctant to reach out to international markets for various reasons. Fear of failure to comply with data privacy laws is just one. It is true that data privacy laws are growing increasingly stricter. The good news is there is still plenty of room to advance international marketing initiatives and remain compliant with data privacy laws across the globe.
The Need to Act Now
Now is the time to ensure your marketing is in line with new data privacy laws. The balance between commercial interests and rights to privacy and data protection for data subjects (the person whose information is being collected) is tipping in favor of the data subjects. Enforcement efforts are growing more vigorous as local governmental agencies are given more power to assess heavy fines and penalties. It’s also important to remember that as the laws change in favor of privacy, existing marketing opportunities may disappear or become less cost effective, since compliance will require significant additional resources.
- It should be easy to find.
- It should be written in clear language.
- It should avoid vague and broad phrases regarding how personal information collected by the site will be used.
- It must describe how the data subject can opt in (give consent to collection) and/or opt out (not receive any further emails).
Direct Email Marketing from In-House or Vendor Lists
Use of email marketing lists can be a great way to reach potential consumers in new international markets. There are currently no specific restrictions on the use of such lists, provided that there is a mechanism allowing the recipient to opt out of receiving further emails. Many jurisdictions, including the EU, require that direct mail list participants must have consented to the transfer of their personal information to other commercial businesses. Choosing a reputable direct mail list vendor is of primary importance. Ultimately you will be responsible for the use of the personal information taken from the list.
Direct Marketing from Public Sources
Personal information obtained from publicly available sources may also be used in marketing initiatives, including direct marketing campaigns. Anonymized information —information from which a specific individual cannot be identified (for example targeting an ad to all those people who live in greater London) — may also be integrated into your marketing programs provided it cannot be de-anonymized by combining with other unique identifiers that could then be used to identify a specific person. It is important to update direct mail lists regularly, remove consumers who have made an opt-out selection, and update remaining mail list participants with any new information. Otherwise, local data privacy regulatory bodies may assess fines and penalties.
Any marketing activities that collect protected personal information must include a notice that the information is being collected, the purpose for the collection and, of course, provide a mechanism to opt out of receiving further emails. Include this notice each time direct marketing emails are sent to ensure future compliance, and once again, maintain an updated list, removing those who have made the choice to opt out. When preparing the notice, use clear and easily understandable language to describe the use that will be made of personal information, and avoid broad and overly vague statements. Don’t hide the opt-out choice.
Sending direct marketing to recipients that have made an opt-out choice may cause harm to your brand and reputation. A recent survey indicated that 43% of respondents cite fear of reputational damages to their brand as the major reason for complying with data protection law.
Data Transfer and Privacy Across Borders
Be aware of data protection regulations regarding transfers of personal information across borders. In most cases, transfers of protected personal information are only allowed if a transfer is made to a country with data protection laws that meet minimum requirements set by the country in which the data subject resides and the data subject consents to the collection and the transfer. If you intend to use a cloud provider or other vendor to assist with your marketing efforts, beware that those vendors located in countries with lax data privacy laws will not likely meet the required minimum thresholds.
With a little thought and careful planning, international marketing initiatives can produce successful results regardless of the constraints and compliance measures dictated by data protection laws.