Unless you’ve been living under a particularly large rock, you’ll probably know that the General Data Protection Regulation (GDPR) is new European Union legislation on data protection.
The whole idea is to put the customer back in control of their own data and ensure the law on data protection is unified all across the EU. The new legislation comes in on 25th May 2018, so if you aren’t preparing your business for it yet, you need to put GDPR as a top item on your ‘To do’ list. The EU isn’t kidding around with this one, and the penalties are severe if you don’t comply, with fines of up to 4% of a company’s global annual turnover or €20 million, whichever is greater!
The obvious question is, if it’s EU legislation will the UK still have to comply with it when Brexit is rapidly looming? And the answer is ‘yes’. It’s already been established that the UK will introduce very similar legislation. Not to mention that if you trade with any companies in the EU, you will need to abide by GDPR anyway.
Does this legislation apply to all businesses? Well, Article 30 of the GDPR states that companies with less than 250 employees won’t be bound by the legislation. Having said that, this is a huge trust issue for consumers. They worry about what data is being collected on them and whether it is being securely stored, and the whole idea of the GDPR is to give them answers to that and give them control of their data back. You might not *have* to comply, but how much more will your customers trust you if you do?
You’ll need to appoint a data protection officer who will be in charge of your compliance to GDPR, and every one of your processes that involves customer data will have to be assessed to ensure you comply.
Double opt-in will become the standard, and it’s now going to be on you to prove that consent was given for communication if someone objects and makes a complaint. And those marketing lists that you love? That’s down to you for getting solid consent, too, even if you bought them from a supplier.
• Work out what personal data you have in your business, where it comes from, where it is stored, what you do with it, who has access to it, and if there are any security risks.
• Think about what data you need to keep. While you might reasonably expect to have a customer’s name and email address, unless you’re a restaurant, you have absolutely no need to know of their love of spaghetti! Delete anything you don’t need.
• Ensure you have all of the security measures you need against data breaches, and check that your suppliers do too. Put a plan in place for how you will notify customers and the authorities if there is a data breach as you have to do this within 72 hours.
• Set up procedures for how you will handle, transfer and delete personal data.
So, here’s the nutshell version of marketing under GDPR: Don’t collect more data than you need, don’t cold contact anyone, don’t contact anyone unless they ask you to, don’t assume that people want you to get in touch, and don’t send people information that they didn’t ask for.
If you can stick to those rules, you’ve got a great chance of complying with GDPR.
If you’d like to find out more, there’s a free introductory course available on GDPR from the Virtual College.