Delivering email at scale is a technically challenging endeavour, and getting it wrong could shut down the entire email communication channel. In fact, this…
Being a small business in this operating environment is not an easy feat; the past 12 months have been extremely challenging for SMEs operating in travel, hospitality, beauty, and food and beverage, among so many other sectors.
In fact, according to a recent survey by SME financier Retail Capital, 31.5% of small businesses are currently running at a loss, while 29,6% are only just breaking even
It is little wonder then that a business owner may try anything to generate new business, whether that is going online and starting an eCommerce store, offering great deals and sales, or putting their marketing into overdrive.
However, while the latter is important, especially as businesses have been advised against going dark (i.e. reducing their advertising) during the pandemic, it has to be done with extreme caution what with POPIA (the Protection of Personal Information Act) coming into effect on 30th June 2021.
“The Act, which is finally being implemented after years of being in draft format, does not offer special treatment to small businesses who do not comply with its rules. Understanding how to procure and use personal information for marketing purposes is essential – or else business owners could be liable for contravening the Act and will need to ensure compliance by 30 June 2021,” says Sián Fields, Intellectual Property and Technology Law Consultant from Reynolds Attorneys, a boutique law firm in Cape Town.
What then does this mean for SMEs who need to reach new prospects to keep their business going?
For starters, the days of sending newsletters out to everyone and sundry, in an effort to gain new customers is over. This form of marketing has been the choice of many SMEs as it’s relatively inexpensive to do and can achieve good results. From July however, newsletters cannot be sent to anyone, without their consent. “This will need to take the form of express and explicit consent to receive electronic direct marketing and someone following you on social, signing up for a competition online or in-store would not qualify. Consent will be a necessity going forward,” advises Fields.
We are also facing a cookie-less future both under the Act and across the world, as the protection of personal information becomes increasingly pertinent. A cookie is a text file that contains small pieces of data – like a username and password. They are used to identify a consumer’s computer as they use a computer network. Cookies are responsible for all that “how did they know I am interested in that product?” online marketing that is experienced on a daily basis. Going forward, this invasive marketing will no longer be allowed without express consent, and consumers will need to give their permission when receiving marketing content.
“Marketing is certainly having to shape up and the old days of spamming people with unsolicited information will be well and truly over. While this is a win for the consumer, it does make life harder for SMEs to generate new leads,” says Fields.
She goes on to say that there are a number of best practices that SMEs need to consider before they market under the new Act:
- Ask whether the personal information you collect about people is really needed. Avoid asking consumers to login, register, or provide personal details unless you need to use them. You can however request this if someone makes an inquiry or wants to do business with you.
- SMEs must make their intentions of acquiring their information very clear, and explain why it is being collected and what it will be used for. Communicating this on your website is highly recommended.
- You are required by law to ensure your customers’ data is secure. As such, ask your IT support on how to encrypt information and only allow those staff who are trained to keep it secure and looked after to access it.
- When using a third party, such as someone who manages your newsletters, give them a written contract to sign to ensure that they too will ensure that your customers’/ prospects’ information is safe at all times.
- If you do use a customer’s information to send them marketing information such as a newsletter, SMEs must be aware of the rules under POPIA. The Information Regulator publishes guidance notes for understanding provisions of POPIA from time to time and is expected to release one on marketing shortly. These can be accessed here: https://www.justice.gov.za/inforeg/docs.html.
- Your website might be used by other brands to market their products or services. So while you’re not legally responsible for this content, consumers may think otherwise. As such, it’s wise to have proper procedures in place if a customer lays a complaint about a particular ad.
- If you don’t need the information that has been collected, then securely get rid of it.
- Consumers have a right to ask if any of their information is being used for marketing purposes. As such ensure that all staff know how to deal with a ‘subject access request’.
- To add to the previous point, make it easy for consumers to check their information that you hold. Do so by allowing them to update or correct any of their records if they are outdated or wrong.
“Being a small business is not easy at the best of times, but this pandemic has seen many sectors lose many of their prospects as they themselves battle financially through these tough times. It may be tempting to market as much as possible, but in a few weeks’ time, this will no longer be possible –without consumers’ consent. SMEs must ensure that they are familiar with POPIA, train their staff where necessary and ensure that all personal information is safe and secure,” concludes Fields.
This article was written by Sián Fields, Intellectual Property and Technology Law Consultant.
Featured image: Sián Fields, Intellectual Property and Technology Law Consultant (Supplied)