Five tips for complying with the new EU Cookie Law

EMEA marketers are scratching their heads, wondering how to go about compliance with the EU Privacy Directive that officially became law in the United Kingdom on 25 May 2012. The directive mandates that all companies marketing into the UK obtain consent from website visitors in order to store and retrieve usage information from their computers.

The law has wide-reaching consequences for any business using web tracking and cookies, affecting everything from website analytics to lead generation to email nurturing.

Mark Haviland, managing director at web marketing group Rakuten LinkShare says that while the EU Cookie Directive has given a few online businesses and marketers headaches over the past year, ultimately the conversation about privacy has been productive. “Trust and privacy are paramount and we should all be actively promoting open dialogue and transparent business models,” he says.

“Shoppers are becoming increasingly discerning online, and the debate has encouraged brands, agencies and other online businesses to assess the quality of marketing they serve to audiences, and the respect they show for privacy. It’s a call to action to turn data insights into a better online experience, so that consumers want to opt-in, be it implicit or explicit.” He believes marketers working in the online arena should aim to deliver the tailored and personalised experiences that shoppers increasingly expect. “The proper use of data is essential,” says Haviland. “We need to continue to collaborate as an industry to educate internet users on how cookie information is used and highlight the value of opting in.”

In the meantime how can online customer-facing organisations balance compliance with the new directive with meeting customer expectations and achieving business goals? We have teamed with automated marketing specialist Silverpop to provide five tips to ensure compliance with the new EU cookie law, maintain a good user experience and continue driving revenue for your company.

1. Dust off That Website Privacy Policy

When was the last time you reviewed your website privacy policy? At least annually, marketers should review their privacy policies to ensure they succinctly yet comprehensively describe the ways you track and store data relating to website
visitors and their behaviour. The EU Directive broadly requires “transparency,” which means that marketers must inform their email recipients on the collection, processing and use of data, including any transfers of data to third parties or outside of the EU. Furthermore, the EU Directive specifies that individuals have certain rights concerning their information, such as the notification of the type of data stored, the purpose of the storage, and potential recipients of the data.

Your privacy policy should track the requirements of the EU Directive, including a comprehensive manifest of what cookies are used on your website, what their purpose is, and how long they will be stored on the user’s machine. You can also help consumers by guiding them to additional information on cookies and how they might be able to enable or disable them in their browser.

2. Make Preference Centres Your New Best Friend

Strong preference centres, where contacts can update and provide new information about their interests and how they prefer you communicate with them, are a key part of successful subscriber engagement—and the new EU Directive makes them even more important. Utilise preference centres to obtain specific consents from your email recipients and website visitors with respect to the behaviours you track.

Don’t want to ask for too much information at the start? Use progressive profiling features to obtain those consents over time instead of asking your new opt-ins too many questions right away. Remember that email recipients and website visitors must be able to revoke their previous consents at any time, and you must maintain a record of such requests.

3. Don’t Be a Pack Rat

Today’s marketing automation platforms are powerful tools for tracking multiple types of online behaviours in order to optimise your marketing campaigns. However, one of the key principles of the EU Directive is data minimisation, also called data avoidance. You should aim to collect, process and use as little personal data as possible, and only to the extent specifically required to optimise your marketing campaigns.

That means carefully considering what information you should track. One example is birthdays. Maybe you don’t need the entire birth month, day and year stored in your marketing system in order to power a successful birthday marketing program.

Perhaps day and month would suffice instead. You should also aim to store information in an anonymous fashion wherever possible. When data ceases to be useful, delete it from your online marketing application expeditiously. Finally, certain types of particularly sensitive data (such as political, religious or sexual preferences, or health information)
have special rules under the EU e-Privacy Directive and should not be stored in your marketing automation system.

4 Ensure Airtight Security

The EU e-Privacy Directive requires the implementation of technical measures to protect your email recipients’ data. Step one is double-checking that your marketing platform has the necessary security features to make your online marketing efforts more secure.

However, just like a seat belt, if you don’t actually use the security technology available to you, it will not help to keep you or your recipients safe. That’s why you should check with your current marketing provider to ensure that access to system features and data can be restricted at the user and API levels. Features such as multi-factor authentication and IP restrictions functionality, if implemented, may block unauthorised third parties from accessing your data. Finally, flexible password settings should be configured to enforce stringent, “strong” passwords that can be required to be changed frequently.

5. Foster the People

Human error is the root cause of most security problems. The EU e-Privacy Directive requires firms to take organisational measures to educate their employees and institute policies and procedures to limit the possibility of human error causing privacy breaches. Ensure that your company employs anti-virus software protections. Adopt procedures to promptly terminate access to marketing systems and other business systems when employees leave your firm. Enforce a policy that prohibits the sharing of passwords or logins amongst your users. And finally, store all passwords in a secure, encrypted format.

For more marketing tips and tactics, visit Silverpop’s resources page.

The consumer-oriented website, Performance Marketing Explained, developed by the Internet Advertising Bureau (IAB) is also a valuable resource for online marketers.

Browse our sales jobs today.