G.D.P.RWhat is all the fuss about & What do you need to know?
Do you use email marketing, send direct mail or make sales calls?
As of May 25th 2018, the GDPR (General Data Protection Regulations) are coming into force and you need to be prepared! Yes, you could wait until May next year, but there are some easy things you should do right now so that you do not run into trouble later on!
The new GDPR law is complex to say the least, it goes well beyond what we can fit into this guide, however, we thought it would be helpful to put together some practical advice to help you start to comply within your business…
(If you did not get a copy of our guide mentioned above – click here)
What data are you collecting about me?
You might be thinking you aren’t collecting any data – if you use any tracking tools on your website such as Google Analytics, then yes, yes you are collecting data!
People have the right to know what personal information you are storing about them and what you might do with the data. The law applies to data which could be traced back to an individual. That even includes things like their computer’s IP address.
Did you let them say no?
As of May you need to have explicitly asked permission to send someone email marketing. They must have opted in.
Good practice, why not start getting consent now. Do not wait for the deadline.
On your website contact forms, registration forms or check out pages, we can add tick boxes if you don’t have them. If you have pre-ticked boxes already, we can re-programme the default setting to comply.
Someone else build your website? Talk to them about how they can help you comply, or speak with us!
When did they say it was ok?
We now know that we have to ask people to opt-in – but is that enough? No!
You need to record when they gave you permission and you need to log exactly what they were shown when they opted in. If you get an email notification when someone registers or checks out, that may be enough to comply. Provided you store the email securely and it clearly shows what the tick box said.
What about my existing customers?
GDPR says, if there is another law that conflicts with it, you should pay attention to that law instead as it will override GDPR. When it comes to email and telephone marketing, PECR legislation takes priority.
PECR allows a ‘soft opt-in’ which is good! They say that if you got someone’s email address when they bought something, or negotiated to buy from you, that it is ok to send marketing about the same kind of thing they were interested in.
However, PECR is being replaced. New stricter ePrivacy law is being debated in parliament. Nobody knows whether the soft opt-in will still be allowed, so it makes sense to get explicit opt-in when you can.