Wizemail provides email marketing software solutions and e-shot HTML templates to a wide variety of clients - SMEs, Corporate and Digital Advertising Agencies alike – all with one common requirement, a dynamic, professional, digital marketing team on hand when required.

At least weekly, one of the Wizemail team will post a tip, trick or general email marketing advice here.

Subscribe now to keep informed.

www.wizemail.co.uk
Color
Background color
Background image
Border Color
Font Type
Font Size
  • Issues with email marketing click-through rates Aug 15, 2018 at 4:05 PM

    Some years ago I paid to attend a problem-solving course. In many ways, it changed my life despite the methods I was taught being all too obvious. I was given a model, with lots of sub-routines, but the main thrust was to break a problem into many smaller ones. The model works for wars as well as email marketing.

    You might think that starting with one problem and ending up with a dozen or so is not a solution but stick with me. Let’s take for example the main point of email marketing; return on investment. You might feel you want more but there are so many things you could change.

    You should divide the process into self-contained sub-routines. Take click-through rates. If a subscriber has opened the email, many of the other processes have already shown their worth, such as the From Line. So you will know that you will have to change something in the email design to modify the CTR and then test it.

    An email design has various aspects that should work together to convince the subscriber to click through to a landing page. First of all, it will be targeted so you will need a segregated email marketing list with say 10% exposed to the change. A comparison will show if there was any improvement.

    Then, one aspect at a time, change the headline, the overall design, the ration between images and text, the tone of voice, become more forceful by use of time limits and words such as ‘Now’. Conversely, become more conversational. Limit what is in the marketing email to just the essentials, emphasise newness or, if you feel that particular email marketing list might respond, go for dependable; in fact, test everything you can think of.

    Don’t exclude anything. It is all up for grabs, even the obvious. Don’t measure your CTR against that of your competitors. There’s no point as there’s no magic figure. Don’t doubt the returns. If they show a 0.2% or 25% improvement on your CTR following a minor change, then believe it.

    One little bit at a time is all you need to change.

    [​IMG]
  • Testing your click-through rate Aug 13, 2018 at 1:33 PM

    There’s only one way of assessing the overall success of an email marketing campaign and that is by the return on investment. It’s the only metric that matters. However, you need to concentrate on the details rather than go for changes to the total.

    The function of a marketing email is to get your subscribers to click through to a landing page. If they don’t, then all your effort is for nothing. The rate alone does not define whether you are performing well. Initially, just view it as a baseline.

    Many companies want to know what the click-through rate from their competitors is but this is of limited value. In fact, it could give a sense of false security as if yours is a little higher you might think you’ve cracked it when, in fact, it is irrelevant as there are too many variables. What is good for them might be dreadful for your specifics. Enjoy the sense of freedom ignoring others gives you.

    If a subscriber does not click through then there’s a reason. You must find out what this is. If they’ve opened it then ignore all other aspects of the email. Just need to test the remaining variables.

    Try the simple things first. Change the voice for instance. If you’ve included phrases such as ‘limited time’ and ‘last chance’, then opt for a more relaxed tone. Although received wisdom is that ‘Now!’ works all the time, there are no certainties in email marketing. Try encouraging rather than directing. Offer a trial if you can. Ask yourself and them what have you got to lose.

    In the same way ‘New’ has a certain attraction for many. Who wouldn’t want to have ‘the latest’? Actually, someone who would prefer ‘tried and tested’ or ‘well developed’. We’re not all the same.

    Have you chosen the right subscribers? If those selected for your segregated email marketing list under a specific metric were less likely to click through, then consider moving them to a different list. It is pointless designing a fabulous marketing email if you fail to offer it to those who will respond the best.

    You might pour over your returns from the email marketing campaign only to be disappointed that your test list gave just a 0.9% improvement in CTR. You might think that you’ve wasted all that time for little return. You would be wrong.

    There are many variables in a marketing email that you can and should test. If you get a 0.9% increase on only five, that’s an improvement of over 4.5%.

    You can go through each individual aspect of a campaign, in the same way, just picking a different cut off points. There’s the completion rate. Ignore everything up to the landing page. Look for a change that will make more subscribers buy.

    Lastly, test and test again. The measure of the quality of the marketing email is the click-through rate. You need to test to see what will increase it. The rates of competitors don’t matter. What you must do is test to improve yours.

    [​IMG]
  • Problems with email marketing solved Jul 13, 2018

    The GDPR is a reasonable bit of legislation if looked at from the point of view of someone on your email marketing list. They have reassurances and more rights. It is ironic, at a time of increased oversight, that after the debacle of Cambridge Analytica and Facebook, the latter a household name, there seems to be an atmosphere of fear regarding the security of personal data.

    It is, I think, fair to say that most people have no real conception of what went on with Facebook and how data was misused if indeed it was. Newspapers, periodicals and online sources explain to an extent, but with the normal contradictions.

    You’ll have lost subscribers from your email marketing lists, particularly those who ignored your ‘please confirm your permissions’ emails. It would seem an opportune time to hunt out more subscribers using the methods previously described on these pages. They worked last time.

    Should you take into consideration the hype surrounding misuse of personal data? It is an old adage on problem-solving courses that if appropriate, the best and most cost-effective solution to a problem can be to ignore it as it will, most likely, resolve itself.

    A possibly effective ploy is to emphasise how much care you take with the personal data of subscribers to your email marketing lists. You could mention this on the sign-up page, boldly across the top a loud typeface. The fact that you have never been prosecuted, warned or advised about security, could be included, and that you are on first names terms with someone at the ICO.

    You know best with regards to your subscribers so only you can say whether this is likely to reassure or put the fear of spam into them. Alternatively, you could be more subtle, with a little box which says you comply with the GDPR and also provide a click through to your security processes.

    Going in forcefully and opting for something less hyper are both reasonable ways of reassuring your customers. However, it might settle down in a few weeks if no other big name is discovered abusing its standing so perhaps waiting is the best option.

    [​IMG]
    Albert Watford likes this.
  • What use are social media shares for email marketing? Jul 13, 2018

    Whilst, as Google tells us, shares on social media do not directly affect SEO ranking, they do have positive effects. Not only that, they can increase your email marketing lists.

    You will see that most blogs and articles on websites have share buttons for social media. You might be wondering what could the benefits possibly be when Google has turned its back on them. In email marketing, if it’s of no use, it goes.

    Whilst it is clear that shares have no direct impact on SEO rankings, the secondary effects are what we need to encourage. For instance, sharing ensures that your copy, or message, is seen by a considerably greater number of people than those who visit your website. It is free advertising, although it comes about only through effort on your behalf.

    These others, who do not frequent your site, will probably be in the same demographic as the person who shared it, who might be on your email marketing list. So it is, in effect, targeted. The hope is that they will click on the source link and become another visitor/customer/subscriber. Even if they do not buy anything on that visit, the increase in numbers will make Google take notice.

    All you need is a good copy. It should be relevant to your products or, better still, a particular product. If you are selling silk scarves then an article on how to care for them, or how they are created, will be of interest to those you directed the marketing email at. Shared on social media, those who are interested will click on the ‘further information’ link and come to your landing page.

    They will be given information and a sales pitch. If they have shown interest in a silk scarf, then show them the other designs, or accessories to complement them.

    Depending on your clientele, they might even create a link to the page on their website. And so it goes on. Whilst Google are not confusing us with spin, and shares on social media have no direct effect on SEO, they do help with ranking, not to mention sales.

    [​IMG]
    Albert Watford likes this.
  • Testing your click-through rate Jul 13, 2018

    There’s only one way of assessing the overall success of an email marketing campaign and that is by the return on investment. It’s the only metric that matters. However, you need to concentrate on the details rather than go for changes to the total.

    The function of a marketing email is to get your subscribers to click through to a landing page. If they don’t, then all your effort is for nothing. The rate alone does not define whether you are performing well. Initially, just view it as a baseline.

    Many companies want to know what the click-through rate from their competitors is but this is of limited value. In fact, it could give a sense of false security as if yours is a little higher you might think you’ve cracked it when, in fact, it is irrelevant as there are too many variables. What is good for them might be dreadful for your specifics. Enjoy the sense of freedom ignoring others gives you.

    If a subscriber does not click through then there’s a reason. You must find out what this is. If they’ve opened it then ignore all other aspects of the email. Just need to test the remaining variables.

    Try the simple things first. Change the voice for instance. If you’ve included phrases such as ‘limited time’ and ‘last chance’, then opt for a more relaxed tone. Although received wisdom is that ‘Now!’ works all the time, there are no certainties in email marketing. Try encouraging rather than directing. Offer a trial if you can. Ask yourself and them what have you got to lose.

    In the same way ‘New’ has a certain attraction for many. Who wouldn’t want to have ‘the latest’? Actually, someone who would prefer ‘tried and tested’ or ‘well developed’. We’re not all the same.

    Have you chosen the right subscribers? If those selected for your segregated email marketing list under a specific metric were less likely to click through, then consider moving them to a different list. It is pointless designing a fabulous marketing email if you fail to offer it to those who will respond the best.

    You might pour over your returns from the email marketing campaign only to be disappointed that your test list gave just a 0.9% improvement in CTR. You might think that you’ve wasted all that time for little return. You would be wrong.

    There are many variables in a marketing email that you can and should test. If you get a 0.9% increase on only five, that’s an improvement of over 4.5%.

    You can go through each individual aspect of a campaign, in the same way, just picking a different cut off points. There’s the completion rate. Ignore everything up to the landing page. Look for a change that will make more subscribers buy.

    Lastly, test and test again. The measure of the quality of the marketing email is the click-through rate. You need to test to see what will increase it. The rates of competitors don’t matter. What you must do is test to improve yours.

    [​IMG]
  • Processing your email marketing lists & GDPR May 21, 2018

    You may have missed the £120,000 fine awarded against the Kensington and Chelsea council for improper disclosure of the personal details of nearly 1000 residents. The illegal act wasn’t deliberate but as a result of ignorance of an individual. If you’ve got email marketing lists then beware.

    For instance, the regulations around portable data are not the easiest to understand if you are not a data controller. There are a number of conditions attached to what you can and cannot supply following an individual’s request for portable data.

    You should provide the personal data in a format that is structured, commonly used and machine-readable. These three standards are explained in the ICO website but unless you have a certain technical knowledge, not required in someone whose role is looking after your email marketing list, you might pass the function onto someone who is a bit of an IT whizz, at least compared to you.

    One would assume that this person, or group, will be trained as to the care of personal data only to a fairly basic level as they process it irregularly. That’s no problem you might think. However, Kensington and Chelsea council might have another opinion.

    The council had received Freedom of Information requests from three newspapers and supplied the information in the form of a ‘pivot table’, a form of Excel worksheet where information can be hidden. However, the recipients could reveal the information at a click of a mouse button.

    The not inconsiderable fine could have been much higher as it was a serious breach of the data protection laws. However, some useful points here: the actions were not deliberate, the council reported the matter to the ICO without delay and put into place systems to ensure there would be no repetition.

    Remedial actions which include methods to reduce the likely penalty makes good sense, but it would be better to ensure there is adequate training for every person involved in processing personal data. You could train a lot of staff for a fraction of the £120,000. Note too that the fine was under the old regulations and not the GDPR with is higher penalties.

    [​IMG]
  • GDPR & permissions for email marketing lists May 21, 2018

    At least, not quite too late. If you haven’t obtained new permissions in order to conform to the GPDR then there’s no time to waste. Don’t panic, but do start now.

    You need to contact all those on your email marketing lists. You could segment them, using the best method of contact as the criterion.

    ‘Best’ needs some explanation. As time is of the essence, the major consideration is how quickly you can contact them. Include a request on all invoices and when they pay online, make sure there’s a box on the landing page.

    Have you got an email marketing campaign about to go live? If so, then this is a great vehicle. Include a request for the recipients to update their permissions. This should be ancillary to the offer and not dominate it. However, that does not necessarily mean leaving it below the fold.

    Be positive. Use words like ‘continue’ and ‘confirm’ rather than ‘sign up’ as most people are reluctant to change. Mention that they have enjoyed the benefits of your email marketing offers for years, or whatever, and they would not want to miss them.

    Many of you will be familiar with such requests from companies that have been a bit quicker off the block.

    Don’t blame anyone. Suggesting that ‘all this is the fault of the government’ is hardly likely to encourage them to sign up. Emphasise the positive, with phrases such as ‘increased security’ and ‘more rights’ there to show that the GDPR is good for everyone.

    Don’t break the current legislation. In other words, sending an unsolicited email to all those on your lists with a request to confirm can get you into trouble with the ICO.

    Don’t cheat either. Producing a campaign where the offer is abysmal just to give an excuse to send an email is likely to put them off. How much better if they find something that is a bargain and then discovers that, unless they tick the box, all this might be gone.

    You’ve left it late if you are only now chasing subscribers. There is no time to waste.

    [​IMG]
  • No time to lose; GDPR and email marketing Apr 30, 2018

    I’ve had some strange emails over the last week or so. Some are ostensibly email marketing, others are newsletters, and most of these have been generated by the need to check my permissions. This is cutting it fine.

    There is a variation of forms of enquiries. One, from a company which I subscribe to their email marketing list, had their normal banner and then a paragraph on the GDPR. It wasn’t a bad summary, covering the basic requirements on permissions in a few sentences.

    There were boxes underneath with a brief description of what one would be signing up for. This was followed by another paragraph of text, extolling the privacy virtues of the company. Finally, right at the bottom, below the fold, was an offer of a reduction on one of their products. I had no use for it so the email was not well targeted.

    It was not the best way to encourage me to sign up. How much better to have been a real bargain.

    The email is unlikely to arouse angst in the corridors of the ICO, but there’s little doubt that it does not conform to the regulations. It made the self-praise regarding concern for privacy open to argument.

    It was not the worst abuse. I had an email asking virtually the same questions but without even the offer at the bottom. This is a step too far as I had not given permission for off the cuff emails. A company has recently been fined for such a breach of privacy by the ICO.

    A newsletter, for which I was on a subscriber’s list, came via email last month which was dedicated entirely to the GDPR apart from the boxes to tick to continue receiving it. It was the only bit of legislation ever to totally dominate their newsletter or even be a major part, so there’s some doubt that it conformed to the provision I signed up for about two years ago.

    One would expect companies which are so far behind their competitors to push the boundaries a bit in order to catch up, but care must be taken. If you have dragged your feet and are only just realising that time is not so much tight as gone, you will be wondering what you can do.

    You need to work out what is the main interface between you and specific customers. If it is the website, then they are home and dry. If it is via emailed invoices then there’s nothing wrong with asking customers to check their permission or just tick a box to continue as a subscriber to an email marketing list.

    Newsletters are a convenient route although what subscribers had signed up for must be taken into account. In the event that the permission was explicit, there’s nothing wrong in including a request, even above the fold, as long as it does not overpower the text.

    Similarly, it is permissible to include a request to check permissions in a marketing email. Ask again on the landing page and in the acknowledgement of the order.

    [​IMG]
  • The go-live date of the GDPR Apr 30, 2018

    Are we there yet?

    Given the considerable amount of information being published each day on the GDPR, anyone with an email marketing list or data on employees might well think that the legislation is live now. Yet we still have weeks to go.

    Or do we?

    There’s a website I use for research that has a page dedicated to the GDPR and its impact on medium to small firms. It is not specific to email marketing but much of what it contains is relevant. On the top of the landing page, just below the banner, is a countdown clock. It currently shows in excess of 50 days before the GDPR is live.

    I don’t think this is helpful. It gives the impression that we have over seven weeks of pre-GDPR freedom. This is far from the truth. To all intents and purposes, the GDPR is now. 25 May is only an indication of the day that penalties start to be of consideration.

    If you receive personal data from another company you will, no doubt, have received an email or letter saying something similar to one I received:

    ‘We are unsure if you have completed the process of becoming GDPR compliant. Under the law, we are unable to work with processors who are not GDPR compliant. Can you confirm that you are compliant or, if not when you expect to be? Until we have confirmation we will be unable to work with you.’

    To many companies, especially those which are compliant, the GDPR is live now. You can understand their reluctance to put their own interests at risk just because a company is not that bothered.

    One way of looking at the current situation is that it is a massive opportunity for a well-run company to put one over the unprofessional ones.

    You can still find offices with poorly maintained servers where the essential patches have not been applied. Their anti-virus is cheap, even free, and they have no firewalls. Personal data is printed off without record and stored on desks for all to see. Staff would know little or nothing about cybersecurity.

    This is not unique to email marketing of course, and is not restricted to medium-sized companies; if anything, just the opposite. I am told that many legal firms operate at this level.

    Whilst the ICO is unlikely to target the smaller companies in the first instance, although don’t quote me on that should the worst happen to you, there is the possibility, likelihood in fact, of civil actions.

    When you receive the email asking if you are compliant then you should be able to state that all your systems comply with the GDPR. Give contact details for your DPO or someone who has responsibility for receiving queries on the Regulations. State that all your staff have been subject to a course on their responsibilities. Be forceful in your preparedness and you will probably stand out from others companies.

    We are there now. In fact, we’ve been there for some time. 25 May is a date of no significance.

    [​IMG]
  • Manage your post-GDPR email marketing lists Apr 13, 2018

    I’ve received a number of emails recently where I’ve been asked to check my permission levels with regards to receiving emails. I’ve had five in three days. Notably, they had, in the main, been from companies whose email marketing lists I’ve subscribed to for some years.

    Why this current fear? A rhetorical question of course and it is the GDPR and, presumably, the threat of swingeing fines for breaching them. 4% of annual worldwide turnover is enough to concentrate the mind.

    I’ve assumed that the relevant companies have checked their permissions and discovered that those from a few years ago no longer stand up to close inspection. If they are challenged, after a complaint perhaps or as a result of some other investigation, they fear that they will not be able to prove that the recipients had agreed.

    It is likely, probable even, that some of these checks on permissions will result in a number unsubscribing from email marketing lists and demands that the companies delete some data. The publicity with regards to the Facebook/Cambridge Analytica collusion has come at the worst time.

    Abuse of trust will be at the forefront of many people’s minds and discussions, ironically on Facebook amongst other social media sites, is full of advice to delete personal data. Whilst you and I know that email marketing differs significantly from Facebook with regards to how data is used, we will be tarred.

    However, there is little doubt that it is advisable to follow the example of these companies. You should be checking that your permissions, perhaps especially of those who have been on your email marketing lists for some time, are up to scrutiny.

    It is important not to build on the fears of your subscribers, but many will draw a link between your checks and the Facebook/CA debacle. Be open to them. Mention the GDPR and, perhaps, a requirement for clearer permissions. Inform them of their rights.

    You will, almost certainly, lose subscribers, probably through no fault of your own. Some will have been cluttering up your email marketing lists and doing nothing so at least you’ll have a bit of a spring clean.

    [​IMG]
  • SEO - do recent changes to Google affect email marketing? Apr 13, 2018

    How did you first find this site? Perhaps you entered something like ‘free email marketing templates’ into a Google search and then, going by the meta description, thought you’d give us a try. It’s the way of the internet world.

    You will be wondering how you can work your way up the rankings to get to page one. After all, it must require a lot of tweaking of your site and that costs. However, there is a simple and straightforward way to ensure you become a Google favourite. First, let’s look at the problems.

    There are always changes to Google algorithms and changes are not good for email marketing. We invest in systems which may no longer be effective with subtle alterations. Old truths become established and despite Google saying, at least broadly, what effect the changes have, it is difficult to know which way to jump. Take links.

    Some time ago there were suggestions from Google that they would punish paid-for links by dropping websites which use them. Now, most commentators suggest that quality links are everything. So should you blow your IT budget on gaining links?

    Links take a long time to build and it is difficult to judge whether they are of sufficient quality or, dread the thought, might incur the wrath of Google. It is a natural response to go for what is easily measured.

    You will probably have received an email or two from whoever manages your site giving information on Secure Sockets Layer (SSL). You might have been told that unless your website is entirely SSL-enabled your ranking will suffer. It would appear that any direct gains are slight so you might feel tempted to let that cost pass. However a significant number of browsers – the percentage varies but stays above 50% – are put off by non-SSL-enabled sites and are reluctant to venture on them. Given how many subscribers to email marketing lists come via a website it would seem, therefore, that there’s a clear benefit to us.

    What influence do alt tags have on rankings? They provide text for those who are visually impaired. Regardless of it being a responsible action, it also encourages them to stay on site. Alt tags are a big subject and deserve a few hundred words on their own but they add to the user experience.

    Are meta descriptions any use in Google rankings? Given that the one for this site probably had an influence on you clicking through that’s got to be positive.

    Keywords are essential to getting potential email marketing list subscribers to your site. But they need help.

    The way to decide on all these questions is to ask what Google wants. It wants a result that searchers find useful so will ask: How many clickthroughs? How long do they stay? Do they visit many pages?

    These are the returns that Google uses. So keywords are still effective as long as they are honest. Inappropriate links are negative. If browsers don’t like non-SSL sites then nor does Google. Quality content encourages people to stay on site.

    You’ve proved that meta descriptions work.

    [​IMG]
  • Targeted imagery in email marketing Apr 13, 2018

    When I was a young, aspiring writer I knew the first names of editors but was frightened of using them. My rejection rate gradually dropped as I fathomed what each one favoured. I was targeting my submissions before email marketing was invented.

    My next step was to predict the style of the image each editor would opt for and I soon knew what type to submit. An over 80% acceptance rate showed I’d got it right.

    The trick I’d discovered was to target images as much as I targeted the copy. An article for servicing your own car would have pictures of oil-stained fingers holding an obscure object. Bright colours were to be avoided apart from the silver of burnished metal. A trip to the seaside for the middle-aged had lots of deck chairs, cornets and bands.

    You will subtly change the wording of each email depending on the nature of the segregated email marketing list. You will think long and hard about the Subject Line, how to address the person and what features to highlight. Yet do you put the same effort into picking the image? If not, you’re missing a trick.

    We all love our self-image being massaged so someone who considers themselves a technical supermind might mind being talked down to. If the item is understood more easily by nerds why not consider a graph or chart? They are easily produced on most office suites.

    It is fair to say that they often look more informative than they actually are, but if those in a segmented email marketing list favour them, then one with lots of wavy lines might be just the thing. Another advantage of a graph is that it is easily scanned, so a customer is not diverted from the pitch.

    If you are building a ‘family’ of subscribers then you may use informal language in the copy. Reflect this in your choice of image. With the vast majority of mobile phones having some form of camera, you could encourage your staff to submit images to feature in a marketing email.

    Discuss your needs for the campaign and let them loose. A little reward might not go amiss. Stock images are often taken by professionals, very few of whom aim to make them appear as if taken by an amateur. On the other hand, an amateur shot normally belies its source.

    Such an image will increase the feeling of family. It must, however, be of high enough definition to look good on screen. An endorsement – ‘Taken by Leslie in HR’ – is the finishing touch.

    Stock images cost. There are few photographs who make a good living from them and prices are normally reasonable. You will know how to refine a search so there’s little time lost. There will be something within your financial reach and of adequate technical quality.

    Look everywhere for images. Remarkably, if you ask to use off a website most owners of the copyright seem only too pleased to agree.

    With images on marketing emails being opened on mobiles, you need to ensure they are targeted and shown at their best.

    [​IMG]
  • Breaches of personal data and the GDPR Mar 9, 2018

    The General Data Protection Regulations (GDPR) has a lot to say about what you should do if you think you have been subject of a personal data breach. You might think that all you have to worry about is the addresses in your email marketing lists, but it goes much further than that.

    The first requirement is that you have to assess the breach to see if you need to report it to the ICO. A breach could be as simple as an employee accidentally deleting personal data, and the ICO generally will not want to know about it, but if the breach might cause distress or loss to an individual then you must tell them.

    Whilst 72 hours is given as the deadline, the requirement is ‘without undue delay’. Whilst you should read the GDPR for the full details required by the ICO, most are rather obvious: the number and types of individuals and the number and type of personal data records, the details of the contact point, normally the data protection officer.

    Your assessment of the likely fall-out from the breach will need to be included together with what steps you have already taken to mitigate the damage. You need to include what further actions are planned.

    We’ve mentioned recently that any company involved in email marketing should have contingency plans in place. These will give you actions to perform immediately and include others to consider.

    Lack of information is no reason not to inform the ICO and the GDPR has provisions which allow you to report information in phases. This brings us onto a new, and vital, aspect of the GDPR; recordings.

    There is a requirement for you to record all your actions in relation to a personal data breach. If you decide that the breach is of such a nature that there is no requirement to inform the ICO you must record your reasons and the actions you took to ascertain its seriousness. If you don’t have all the information to tell the ICO, then record why. If you are doing things correctly, this is simple self-defence.

    Useful link: Guide to the General Data Protection Regulation (GDPR)

    [​IMG]
  • Personal data breach – what to do? Mar 9, 2018

    Email marketing is particularly vulnerable to personal data breaches and as such we must have procedures in place should the worst happen and everyone in your company must know what they should. Failure to conform to the requirements could be more costly than the loss of data.

    We’ve recently covered what a data breach is, and remember it is a bit deeper than just loss or theft of your email marketing lists. There is a requirement under the soon to go live General Data Protection Regulations (GDPR) to follow certain specific actions. If you don’t you can be fined, and heavily.

    The first essential is to have procedures in place. These need to include:

    1/ A plan of action

    You must have processes in place for the quick and effective response to a data breach. This is not a time for crisis management.

    2/ Staff are suitable trained

    All your staff should be able to recognise a data breach and aware of their individual responsibilities in the event of one occurring. Your staff should be confident enough to feel safe when reporting any suspected breach. They should also be aware as to whom they should report and how.

    Consider having dedicated personnel, whether an individual or a team, to manage the breach and your responsibilities. Run test scenarios.

    3/ Ascertain the seriousness of the breach

    The risks to individuals and your company will vary depending on the nature of the breach. You need someone trained to assess how serious one is. They should be able to quickly establish the risks to individuals, your company and the data you hold.

    4/ Know the basics

    a/ The ICO must be informed within 72 hours of you becoming aware of a breach. This does not mean once you have full details but when it is clear there is a breach. If it turns out to be almost inconsequential then it might be of no further interest to the ICO, but you will have fulfilled that requirement if the worst has happened

    b/ The ICO requires certain details. Ensure your team knows what these are. However, lacking full information is not a reason to delay notification.

    c/ You will need to have processes in place to inform individuals, and without undue delay, in certain circumstances. The GDPR stipulates what information should be given.

    d/ Documentation

    There is a new requirement for documentation in the GDPR. We will cover this in a future article although you should have familiarised yourself with the requirements and have developed plans for compliance by now. Mind you, it is something that you should have been doing as a matter of course for some time as it gives a strong element of self-protection.

    In a future article we will cover the possible damage that can be caused to an individual in the event of a breach. This should be your primary concern. The ICO will check what you do. Without being mercenary, one should also remember the value of your email marketing lists.
  • What is a Data Breach? Feb 14, 2018

    Everyone in email marketing should be finalising their procedures to ensure conformity with the requirements of the General Data Protection Regulations (GDPR). The fact that there is much that is common to the regulations it replaces is something to be wary of. The wording is similar, as one would expect given that it comes from the same source, but there are fundamental and significant differences.

    Take a personal data breach. Our email marketing lists are sacrosanct and we all feel we have secured them against unauthorised access, at least as much as we can. However, when we are told there are security flaws in processors of virtually all computers, there can never be certainty.

    The GDPR tells us what to do when there is a personal data breach but that’s not an awful lot of use if we don’t know what one is. It is described as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. In other words, it is a security incident involving personal data which affects its confidentiality, integrity or availability, such as:

    1/ An unauthorised third party gains access

    This would include the much publicised hacking scenario with remote devices. Ransomware, if, for instance, your email marketing lists data is included in the data made unavailable, comes within this heading. The less dramatic but probably more frequent situation where an unauthorised member of staff having access is also included.

    2/ Deliberate or accidental action (or inaction) by a controller or processor

    We are all dependent on the abilities of our staff. The risks can be lowered to a great extent by education – ensuring they are up to date on the GDPR requirements – and oversight. If their procedures are not checked regularly, how are you to decide whether they need more instruction?

    3/ Sending personal data to an incorrect recipient

    It could be a simple mistake, a deliberate act or lack of knowledge. Regardless of which it is, it is a data breach and requires a response.

    4/ Computing devices containing personal data being lost or stolen

    We secure our data behind firewalls and virus checkers but do you ensure your premises are equally secure? If you transport personal data on USB or other drive, do you ensure it is always encrypted? Whilst it won’t stop a data breach if stolen or misplace, it will probably reduce your culpability significantly.

    5/ Alteration of personal data without permission

    This is normally the fault of your established procedures. Ensure each data controller and processor knows precisely what they can and cannot do. This includes seeking authority when required. There must be checks in place.

    6/ Loss of availability of personal data

    If there is a hardware failure or personal data is inadvertently wiped from your records then this may be a data breach. It may also be a disaster for your company so ensure you have back-ups of all personal data which is kept up to date.

    We will cover how you should respond to data breaches in a future article.

    [​IMG]