Did GDPR Just Kill Abandoned Cart Emails?

Illustration by Pedro Piccinini Abandoned carts

Abandoned carts have long been a prime remarketing opportunity. Users who abandon their online shopping carts before completing their transactions do so for a wide variety of reasons, some of which you have absolutely no control over. But reaching out to those users who simply forgot or got distracted has become a time-tested means of satisfying customers and improving your bottom line.

GDPR threatens to change all that—and if you’re operating an e-commerce site or selling within the European Union, you simply won’t be able to treat abandoned cart emails the same way you used to.

How have things changed? Essentially, can you still continue sending emails to users who have left items in their carts—as long as they want you to, and have given you permission to.

This isn’t such a bad thing, especially if you’re adhering to the spirit of GDPR and not just the letter of the law.

Let’s explore in more detail.

What is GDPR and how does it affect my business?

Before we discuss precisely how GDPR is going to change the way you remarket to users with abandoned carts, it might be useful to provide a little bit of context about these new regulations as a whole.

GDPR stands for General Data Protection Regulation, and it was passed by authorities in the European Union at least in part to help protect user privacy. Implemented in May of 2018, these regulations replace the 1995 EU Data Protection Directive.

You can learn more:

GDPR guidelines are quite sweeping, and it’s likely they affect your business in several profound ways. There are several pieces of information you should keep in mind:

  • These regulations apply to every nation in the European Union and their affiliates.
  • Regulations also apply to foreign entities that do business or set up websites within the European Union.
  • The overall goal of the regulations is to ensure how user data is used is more transparent and to give users more control over what happens to that data.
  • Firms such as Google have already been accused of violating GDPR privacy guidelines for attempting to “trick” users into sharing information.
  • Almost all websites handle user information in some way, so most businesses are taking a comprehensive approach to GDPR compliance.

What does GDPR have to do with abandoned shopping carts?

Data privacy, in principle, sounds like something that’s easy for everyone to agree to. But what does remarketing to users who abandon shopping carts have to do with user data, privacy, and GDPR?

Well, it’s not so much the concept of remarketing that runs into compliance issues, it’s the matter of how you remarket.

Most websites that engage in this practice will simply send an email to the user to remind them that they have “abandoned” items in their shopping cart. That seems harmless enough, sure—but it represents a violation of regulations because you were not open and transparent about how you obtained the user’s email address in the first place. Nor were you clear about how that email address was going to be used.

In other words, under GDPR rules, if a user inputs his or her email into an order form, that does not give you implicit permission to use that email address to contact the user for marketing purposes.

Does this mean abandoned cart emails are done for?

There are plenty who have read the new GDPR documents and concluded that this is the death knell for abandoned cart emails. But there are some ways that business can bring their remarketing practices into compliance with GDPR.

Shredding image of shopping cart

1. Proving a legitimate interest

GDPR guidelines allow businesses to use consumer email data if they can show a legitimate interest on behalf of the user. This is an exception to the primary regulations concerning data governance, but it can be a useful one for businesses looking to deploy abandoned cart emails.

However, this exception is not easy to achieve. In order to avoid enforcement and penalties, you need to prove that your business qualifies for a legitimate interest exception. This kind of proof is usually accumulated during a Legitimate Interest Assessment (or LIA).

An LIA, essentially, will document whether customers would reasonably expect an abandoned cart email after using your website. This assessment would also need to argue that it’s the customer—not the business—who benefits from the arrangement.

Are Legitimate Interest Assessments a reasonable course of action for my business?

Unfortunately, getting an LIA can be a complicated process, so it’s incredibly hard for small businesses (especially those without writers and researchers on staff) to create this kind of comprehensive report. If you decide to pursue this strategy, you should be aware of the following:

  • Legitimate Interest exceptions necessitate a significant paper trail, so be sure to document your assessment every step of the way.
  • There can be significant costs to compiling such a report in a robust way.
  • There is no guarantee that a Legitimate Interest exception will be granted.
  • Enforcement of such exceptions may, therefore, be somewhat arbitrary.

2. Record explicit permission

The second—and probably most reasonable—way to continue sending out abandoned cart emails is to record the permission of the user. This might, at first, seem like quite a hurdle to jump over, but there are some ways you can implement this kind of change to bolster your marketing efforts.

You might be tempted to hide a checkbox and throw in some sneaky fine print, but GDPR goes to great pains to ensure the user must know what he or she is opting into. This means you can’t trick someone into opting into emails and escape compliance issues.

There are a few ways that technology can assist you, however:

  • You can create customized pop-ups that encourage users to opt-in when they hover over the taskbar of the shopping window or appear to move to close out of the window.
  • Create a highly-visible checkbox or opt-in feature that draws the eye of your user as they begin the shopping experience.
  • Create a form the user can fill out early in the shopping process where they can opt-in to receive remarketing emails or emails concerning items in their cart.
  • Market this particular remarketing technique as a feature. For example, when users put items in their cart, tell users they can receive emails when the prices on those items change.
  • Leverage your other forms to provide information and opt-in features related to remarketing and empty-cart emails. For example, when someone signs up for your email newsletter, display a form that also asks if they want to receive abandoned cart-related communications.

Is getting permission a reasonable course of action for my business?

Much of the hand-wringing and worry over GDPR (however reasonable) presupposes that most people don’t actually want to receive these emails. Strategies that rely on documenting user permission to send those remarketing emails simply mean that your job now is to make sure users want these emails.

You can accomplish this in several ways:

  • Give users who sign up for abandoned cart emails a low price guarantee.
  • Offer users discounts and coupons when they sign up for abandoned cart emails.
  • Create an incentive for users signing up for abandoned cart or remarketing emails (maybe they get something for free).
  • Offer free shipping for users who sign up for abandoned cart emails.

This list is only the beginning of what could work for your business. In order for this type of action to really make sense and have a positive impact, it’s usually necessary to offer the customer something he or she already wants.

But if your abandoned cart emails are really that effective (and most are), this is a small price to pay. Because once a user opts into that ecosystem, they usually don’t opt-out unless they have a poor experience.

What if I’m using an automated marketing platform?

Many marketers (wisely) use an automated system to improve their remarketing workflows, and that’s certainly true with abandoned cart emails. These automated systems are often incorporated into your WordPress infrastructure using a plugin.

This can be tricky if you’re trying to make sure that you are being GDPR compliant. So it’s important to remember that for your business to be compliant, your automation tool needs to be GDPR compliant as well. Many tools, including MailPoet, have already moved quickly to provide users with multiple viable options to achieve compliance, so you’ll be able to choose the one that best suits your organization.

That said, if your business isn’t moving fast enough, you may have to put your abandoned cart emails on hold until you can hire a developer or get help to ensure you’re giving customers ample information when asking for an email address.

Does GDPR affect only European businesses?

Because GDPR is a series of rules enacted by the European Union, it stands to reason to think of it as a “mostly Europe” problem. That might have been true with the regulatory framework that GDPR was crafted to replace. But you might want to think twice about taking that attitude with GDPR.

The General Data Protection Regulation is intended to protect EU citizens’ privacy and data, which means that any business around the world that collects information from an EU citizen is technically covered by GDPR.

European Union flag

Where are your customers coming from?

There are some exceptions and limitations to this, of course. If an EU citizen happens to find your website on Google or AdWords, it’s likely they won’t be protected by GDPR. However, if your business actively advertises to European citizens, you might have some compliance issues to think about.

To be clear, a European citizen does not have to be a customer to be protected by GDPR guidelines.

The actual enforcement of GDPR is also somewhat unclear at this point, especially for entities outside the European Union. For the moment, the general rule of thumb is that if a healthy number of visitors to your website reside within the EU, you should have a plan for how you’re going to meet GDPR requirements.

Long live abandoned cart emails!

GDPR is without a doubt changing the way businesses around the world—not just in the EU— are handling user data, including email addresses. This means that your remarketing efforts around abandoned shopping carts also need to change.

But abandoned cart emails are certainly not dead! It may take a little creativity on your part, but with a few tweaks to your site, you should be able to continue sending emails to users who have left items in their carts—as long as they want you to.

Abandoned cart emails are never going to be successful with consumers who are irritated by them. But when you give users the ability to opt-in to your emails in a transparent way, you’re actually helping to establish an irreplaceable trust with the user.