Marketing & Media trends

More Articles

Subscribe to industry newsletters

Marketing & Media jobs

MoreSubmit a jobOpen account

Direct marketing for brands and marketing agencies in the privacy-first era

Has the privacy era and the evolving opt-in sensitive culture killed direct marketing as we used to know it?
Direct marketing for brands and marketing agencies in the privacy-first era

Let me start by informing brands and marketing agencies that the glass is indeed half full under the Protection of Personal Information Act (POPIA) changes introduced this year.

Under the current privacy-first legislation, there are two instances in which brands are permitted to directly contact private individuals and process their personal information.

The lawful execution of direct marketing tactics is possible when:
  • brands have obtained consent only once to contact the individual (and only if consent has not been previously withheld); and
  • brands can confirm that the private individual is a customer of the business (and have obtained the data subject’s contact details in the context of the sale of a product or service for the purpose of direct marketing of the brand’s own products or services and if the data subject has been given a reasonable opportunity to object when the contact details were collected).
To simplify, brands are still permitted to make use of direct marketing tactics to communicate with willing customers by electronic means. The evolving opt-in culture need not be a landmine field which brands and marketing agencies find themselves fumbling through while balancing the right to privacy with the right to commercial growth.

POPIA is triggered when brands approach data subjects directly with communication

While we are simplifying, let’s go back to the practical definition of direct marketing. It is the purposeful action by brands to use any form of personalised communication to go to the data subject directly (and not the other way around) for the purpose of selling or creating awareness for the brand’s services or products.

Interestingly, brands should note that telemarketing tactics are excluded under section 69 of POPIA legislation. And it is purposefully designed this way because the legislators acknowledge the contributing role that call centres play in a country’s economic growth.

However, the personal information of customers contacted by call centres may not be profiled for the purposes of direct marketing strategies, such as through social media advertising campaigns. Should this be the case, POPIA’s section 69 is triggered.

There are a few considerations for brands on the privacy-first journey when designing direct marketing tactics:

1. Process personal information for a clear purpose

Under POPIA, customers consent to the privilege for businesses to use their information for specific purposes. Brands and marketing agencies may only store and use the individual’s collected information for the indicated purpose. For instance, during a specific email campaign, to reach out via a monthly newsletter, or during a specific launch campaign.

POPIA now simply gives brands and marketing agencies, including call centres, the responsibility to carefully track, record and manage the data they use and the permissions they have been granted if they’re to stay on the right side of legislation, and maintain ethical customer relations.

2. The right to opt in

The current regulation requires that customers ‘give written consent in a prescribed form’ or ‘in any manner that may be expedient’.

This implies that customers have the right to opt out of direct communication. The implication for brands is to now consider how to best balance the risk between losing a customer from direct marketing, but maintaining compliance.

Marketing in an opt-in culture means leading with an ‘opt-in first’ tone of voice, not a ‘tick-box’ one. We have all seen more similar sounding consent communication in the last year than we care to remember, right? Purposefully immerse messaging and tone in a more authentic customer-friendly voice. The customer must understand his/her right to receive further direct marketing communication from that point onwards, or not.

Try communicating with the customer during an appropriate and natural touch point within the customer experience journey by explaining why the brand chooses a data privacy-first commitment. Then elaborate on what the customer’s individual current direct marketing communication preferences are. Give them an opportunity to easily change and refine their preferences now and perhaps again later during another communication touchpoint opportunity.

There are great ways to holistically achieve a green or amber state database in terms of consent as part of the larger marketing strategy. Red databases signals non-compliance, and this is not acceptable any longer from a legal or public relations perspective.

3. Implement an integrated CRM-driven way and culture to managing customer data

Consider how well the opt-out tracker and implementation systems are working. Many major direct marketing off-the-shelf providers have a ‘do not send’ list that gets automatically processed when customers opt out and integrates this information with a CRM system. The current reality for large organisations is that when a customer wants to opt out of all databases from a holding company with multiple brands, employees need to go into several systems to update the customer’s info and remove from multiple databases. Room for human error is just too significant.

As part of the privacy-first journey, we encourage brands to work closely with technology providers, consultants and marketing agencies (in agreements referred to as ‘operators’) to ensure the brand’s ecosystem complies, and remain compliant, with POPIA.

Digital CRM platforms make compliance an effortless part of daily operations, rather than an onerous task that’s done begrudgingly via multiple databases or Excel spreadsheets. Change management consultants are well-placed to help brands implement a centralised CRM-system into company culture which ultimately delivers one source of truth – a single data set of all customer information, integrated with other systems. If the system supports the day-to-day workflow of team members (as opposed to being perceived as an admin task to keep the system ‘up to date’), then the system is a success.

Brands with a holistic privacy-first strategy finds authentic and inobtrusive ways in which to refer to the brand’s privacy policy during appropriate customer experience touchpoints, such as after an online sale or visit to the physical store. For instance, some brands highlight recent changes in plain language pop-ups on the site, or even by a creative explainer video.

When working with marketing agencies, know that handing over sensitive data is like handing over a baby to a childcare provider. Do considerable due diligence and have operator agreements, policies and procedures in place designed to guard data. Make sure that marketing agencies truly understand their roles and responsibilities along the privacy-first journey.

Giving the customer both transparency and control, helps to build a trusting relationship between brands and their privacy-savvy customer. Compliance is not only a legal requirement. It is a journey that signals to customers that brands care about and respect their needs – needs that have now finally been given the right to be formally guarded by legislation.


More about Kriel & Co:  

Kriel & Co is an IMCSA-accredited management consulting practice specialising in change management, data privacy compliance, digital transformation and mentorship. The practice actively serves clients in a variety of sectors with a proven track-record of delivering innovative, cost-effective and sustainable strategies for digital change. Consultants are primarily retained on a long-term project basis by clients to oversee holistic digital transformation projects and initiatives.  

Get in touch: moc.ocdnaleirk@olleh


About Francois Kriel

Francois Kriel is an IMCSA accredited management consultant. He?is the founder and managing director of consultancy Kriel & Co,?specialising?in digital transformation, change management and data privacy. He is also a member of Privacy Officers Africa?and guest lecturer at Stellenbosch University's department of Business Management.?? ? Francois has extensive knowledge on data privacy (such as POPIA compliance) having established an inter-operable practice with the Technology,?Media?and Telecommunications department at top-tier law firm ENSafrica and advising several of the firm's clients.??? ? Empowered by the most current digital and legal expertise, he confidently advises organisations on practically achieving their organisational goals, data privacy obligations and change management requirements to effectively fulfil the role of CIO.
Kriel  & Co
Francois Kriel is an IMCSA accredited management consultant with change management and digital transformation as specialisation areas. He works full-time as director at Kriel & Co where he leads a dynamic team currently facilitating digital change at several high-profile organisations. Francois also supports Stellenbosch University as guest lecturer to business management honours students. He is an advocate for collaborative leadership, mentorship and LGBTQI+ inclusivity.
Don't miss BizTrends2022 - 7 keynote speakers forecast trends shaping business in our region! Register now!

Let's do Biz