GDPR and what your business should be doing

GDPR and your business

If you haven’t already thought about it, you really need to address the new General Data Protection Regulations that were taken up on 27th April 2016, but will become enforceable from 25th May 2018. Here we take a look at some of the most important areas around the GDPR. If you are seen as being in breach of the regulations, you could see a sizeable fine coming your way, so it really is important to make sure that you are informed and take the right actions accordingly to ensure that your marketing is not damaged by the new data legislation.

Double-Opt In Essential

With the new legislation, it will become essential to have a double-opt in for all communications that you wish to send. You will need to be able to prove that your contacts have opted-in to receive communications from you. This will be similar to B2C practices, where you will need to give people options sign up (via your website for example), then confirm that they have signed up (double opt-in) by sending them an email that they click to confirm their subscription, agreeing to receiving communications from you. However, you will only be allowed to send information on the specific areas that each individual has agreed to.

Reduction in paid-for data lists

The restrictions around paid-for data lists will mean that they will diminish considerably. You will only be able to send to people who have agreed to receiving marketing communications from multiple sources, so it is a good idea to ensure that if you are using purchased lists, as many of those contacts are double-opted in. 

No automatic opt-in

You will no longer have the right to automatically add your customer’s details to your mailing list without their permission or use any hidden opt in boxes on web capture forms. It’s important to add new attributes into your CRM system to accommodate these changes. 

Prove where you got your data

It will be important that you are able to prove where you have got your data from. Data subjects will need to have the right to access and ask why and what sort of data you hold on them. These requests must be met in a timely manner and a business must show why an algorithmic decision was made about them based on their data. It’s important to take note of the date, where the customers data came from, what they’ve specifically signed up to and not to keep any data you don't need longer than you should.

Clear, honest and the right to be forgotten

Organisations will need to be clear and specific with what will happen to your data and what it will be used for. Businesses are no longer allowed to ‘bundle’ a consumer's consent into signing up for every subject of communications at once. These must be separate and clearly labelled, for example: marketing, customer pricing, promotions. Customers will be able to action ‘the right to be forgotten’ this allows all of their data to be wiped off your databases, including data back ups. Unless a genuine reason is expressed such as active customer payment details.

Having a clear and well structured Privacy Policy

Before GDPR comes into enforcement you will need to review and change your privacy policy to adapt for these new data changes. It’s extremely important you do this before as any changes to your privacy policy after GDPR comes into enforcement will mean you will have to inform and have the whole of your database re-optin. This could result in thousands of lost permissions to marketing data

Don’t panic

When applying changes to your business to adapt for GDPR don’t panic. GDPR is designed to protect customers and consumers (just like you) so when applying changes just imagine how you’d like a company to treat your data and what you wouldn't be happy with, add the above points with this data sympathy and you’re set for being compliant come May 2018