The new GDPR (General Data Protection Regulation) law will be implemented in May 2018. It’s easy to think, as I did after working on a compliance project earlier in the year, that it only applies to those holding data on tens of thousands of customers, prospects or suppliers. However, GDPR applies to every organisation that holds any personal data. As EU legislation, it applies to the British Isles and is likely to remain in UK law post-Brexit.
This is a huge piece of regulation and I cannot claim to be an expert. My interest is for my clients – owner managed businesses who hold data primarily for marketing purposes. If you haven’t thought much about GDPR as yet or could do with a checklist to cover your back, this list should be helpful.
Key points around GDPR
- Implementation is May 25 2018
- It is new data protection legislation and applies to every business, no matter what size
- Companies now need to obtain consent in order to use someone’s data for certain purposes, including marketing
- The rule is, seek active consent, not implied consent – ask the question, can we contact you?
- This means reseeking consent for those on your existing database, you need evidence people have opted in
- Send an e-shot that directs to a landing page where contacts can subscribe – the wording needs to have a ‘don’t miss out’ tone
- It is the company’s responsibility to store data safely – encrypt data and store on password protected devices
- Have a statement on your website that is clear about how data is being used. For example: ‘we will never share your details with a third party, we will contact you with offers’.
The key is to have absolute clarity about where your data comes from, how it is stored and how it will be used. It’s best to view it as a positive, a spring clean. Take this chance to re-engage with your audience, identifying those who are really interested in what you have to say and targeting them appropriately.
There’s plenty of information around GDPR if you want to know more; this guide for small businesses is one of the clearest articles I’ve found.