If your business uses email marketing, sends direct mail or makes sales calls, the law is changing what you can and can’t do.
Some things you might do today will no longer be allowed. From 25th May 2018, General Data Protection Regulations – or GDPR – come into force. You’ll hear about this a lot. Because it’s kind of a big deal. It’s tempting to think “I’ll deal with it in May”.
But there’s some easy things you should do right now, which mean you won’t run into trouble later. The new GDPR law is complex and extensive. It goes well beyond what we can fit in this guide. However, we’ve put together some practical advice on things to help you start to comply.
What data are you collecting about me?
You might be thinking, “nah mate, I’m not collecting any data”. If you use any tracking tools on your website, like Google Analytics, then yes. Yes, you are. People have the right to know what personal information you’re storing about them. And what you might do with that data. The law applies to data which could be traced back to an individual. That even includes things like their computer’s IP address.
But did you let them say no?
You need to explicitly ask permission to send someone email marketing. They must opt in.
Start getting consent now. Don’t wait for the deadline.
On your website contact forms, registration forms or check out pages, we can add tick boxes if you don’t have them. Or if you have pre-ticked boxes, we can re-programme the default setting.
If we’ve designed your site already, ask for our Opt-in, tune-up service which starts at £99. If we haven’t, let’s talk about getting your site compliant.
But when did they say it was ok?
So we know we have to ask people to opt-in. Is that enough? No. There’s more. You need to record when they gave you permission. And you need to log exactly what they were shown when they opted in.
If you get an email notification when someone registers or checks out, that may be enough to comply. Provided you store the email securely and it clearly shows what the tick box said. If you’d like to manage consent better, ask us about adding a customer database to your website.
What about my existing customers?
Now here’s the thing. GDPR says, if there’s another law that conflicts with it, you should pay attention to that law instead. When it comes to email and telephone marketing, PECR legislation takes priority. The good news is, PECR allows a thing called‘soft opt-in’.
PECR says, if you got someone’s email address when they bought something, or negotiated to buy from you, then it’s ok to send marketing about the same kind of thing they were interested in. Nice.
The bad news is, PECR is being replaced. New stricter ePrivacy law is being debated in parliament. Nobody knows whether soft opt-in will be allowed. So it makes sense to get explicit opt-in when you can.
Will you just leave me alone?!
People have the right to tell you to stop marketing to them. And you must make it easy for them to opt-out of receiving future marketing. From today, make sure marketing emails tell people how to unsubscribe. That could be saying ‘reply with “unsubscribe” in the subject’. Or make it smarter, with a link to click.
On printed mailers, tell people what to do to stop receiving mailers. Perhaps a number to call, an address to email or a link to visit. Don’t wait until May to do this – make sure your mailers comply when you next reorder. The second – and most important – part, is keeping a ‘do not contact’ list. Once someone has opted out, it’s critical you stop sending stuff. Or face stiff fines from the regulator.
Ask about building an Opt-out landing page for you – these start from £199.