I’ve Got To Say It....GDPR :/

GDPR is the hot topic of the moment and of recent months, along with data security. As email marketing is a large part of my business I couldn’t really let the imminent deadline of 25th May 2018 pass without writing a post. So, here’s my view on it, some basic steps you can take to be ready and some links to resources you may find useful.

What is GDPR?

The General Data Protection Regulation (GDPR) is the updated data protection law being implemented on the 25th May 2018. It reflects technological advancements so that people are better able to take control over their personal data. It pretty much impacts all businesses in some way and covers guidelines for the collection and processing of personal information of individuals within the European Union.

It's A Good Thing

You only have to look at the massive amount of emails you receive from businesses that you have had no previous dealings with to see why this needs to happen. Too many emails from companies you couldn’t give a hoot about, selling things you’re not interested in just puts you right off email completely. GDPR encourages businesses to build trust in the correct manner and through the ethical use of personal data. It’s very easy to say “it’s just an email address” but when it’s your email address and you’re getting a load of information every day to wade through it can be too much!  

Added to that, if the recent Facebook data news story tells you anything it’s that rules around personal data have been a little loose and have taken some time to even start to catch up with what’s going on. GDPR is a step in the right direction.


Noise Reduction

A giant email clear out will actually help your message get through to the people that are interested. Without all the other junk in there, they’ll be more inclined to read what you have to say.

A Big List Means Nothing

You need people that are engaged with your business, people that are interested in what you offer, you don’t need numbers. You just need people that have expressed an interest and continue to show an interest. If that happens to be a big number then great, but it’s better to have a smaller list of more engaged subscribers than a big list of uninterested people ignoring you. If your list is smaller and people are actively engaged and interested in receiving information then you’ll have better open rates and ultimately better delivery rates, which means your emails are less likely to be automatically filtered off to the junk folder!

So what actions can small business owners take during the next week…

#1 Lists

GDPR is placing the focus on having a legal basis to contact people, for email marketing this means proving you have consent. You should not be adding people to a marketing list without their consent. Now, you must be able to prove that all your sign-ups gave you consent to send them marketing communications. You’ve got a load of emails on your list and no information about where they came from, email platforms might display this as “admin add”.

Review your lists and if your email software provider does not have this information and is displaying something like ‘admin add’ it will be necessary to send a re-consent email asking contacts to click to continue receiving marketing information. You’ll also need to do this is if your opt-in box was pre-ticked this didn’t allow people to actively choose to receive marketing communications, or you’ve changed your core services or products and you’re now emailing about a subject different to which they signed up to hear about. This will massively reduce your list, but as mentioned, this isn’t necessarily a bad thing.

#2 Emails

Each contact needs to be able to withdraw consent at any time. This is via an unsubscribe link at the bottom of your email, which is generally placed there automatically by email marketing software such as MailChimp. It should be there as this is a pre-existing requirement, however, check you have an unsubscribe link and add it in if needed.

#3 Sign-Up Forms

People can no longer be automatically opted in to marketing materials just because they submitted their details to you for something such as a website enquiry. They need to expressly take a positive action to opt-in to receive marketing communications. This could be ticking a separate checkbox to receive updates and news from your business. In addition to this, there should be a clear explanation of the information they can expect to receive once confirming their opt-in and a link to your privacy policy. Are there changes you need to make to your sign-up forms?

#4 Privacy Policy

Do you have a privacy policy on your website? You’ll need one to link to from your sign-up forms and you need to advise people on details such as - how long you will hold data, what data you hold on individuals, where you store data and your policy for deleting data. It doesn’t need to be long or complicated, in fact, ensuring your privacy policy is clearly written and concise is part of GDPR.

#5 Data Storage

As a small business this doesn’t have to be complicated, we’re talking about electronic and physical data files. Dispose of historical customer information, in line with your privacy policy that you no longer need in order to conduct your business and ensure all data is held securely either in online systems, or physically by ensuring the security of company hardware and devices.

Final Thoughts

The ICO is attempting to protect individuals data, and the recent Facebook data scandal highlights why this is so important and what a big task this is, particularly as rapidly evolving technology is providing new challenges.

My personal feeling around GDPR is it’s not being implemented to catch-out small businesses and I was pleased to hear this confirmed in an interview with the Information Commissioner, Elizabeth Denham, on the BBC on 9th April 2018. She confirmed the focus is not on small businesses. There are bigger fish to fry! However, I often find that small business owners do their utmost to comply and can find this sort of thing quite stressful, as they don’t want to get things wrong, or fall short of any laws or regulations, particularly where a business breaking fine is involved. Nonetheless, this change in data regulation is more aimed at encouraging big businesses to take responsibility and get a grasp on the customer information they hold and share. As a small business you need to take the appropriate steps to work to the regulations and basically treat other people’s data as you would like yours to be treated.

If you’d like to find out more about the GDPR changes coming into effect on 25th May here are some useful links with more comprehensive information on how small businesses can prepare for GDPR