If you use email marketing, direct marketing or make sales calls in your business then you need to read this post. The law is changing in a BIG way and it affects everyone, from small businesses all the way through to large corporations. And you will need to be prepared – whether you market B2C or B2B as heavy fines will be levied for those that do not comply. You need to act now.
From May 25th 2018, General Data Protection Regulations (GDPR) comes into force. Every business will need to review the way they gather, store and use personal data. So, if you want to avoid heavy fines (in some cases as high as 4% of your company’s yearly turnover or 20 million euros, whichever is higher!) and if you have or use any of the following then this affects YOU:
If you hold personal data in a CRM system
If you are collecting personal information on your customers such as an IP address. That includes through website tracking tools such as Google Analytics.
If you use email marketing, direct marketing and/or telesales for your business
If you buy data lists in or collect sign ups through your website’s contact form
GDPR has arisen through the need for the laws to be updated and strengthened with today’s increased digital marketing activity. The GDPR replaces the 1995 Data Protection Directive. Therefore, the Data Protection Act (DPA) 1998 is being revised, as is the Privacy and Electronic Communications (PECR) 2003 which provides the ‘rules’ in relation to electronic communications i.e direct marketing calls, emails and texts and cookies.
What does this mean for you?
The actual document for GDPR is a huge and complicated beast. However, here’s a brief summary of some of the main points.
If you have a CRM: You will need to record on your CRM where the data you hold came from e.g sign up through your website, bought list etc for each record you hold. If necessary you will need to create a extra field on your CRM to be able to record this information. You will also need to record if that person has given their consent to be contacted and when they gave consent for you to hold their data.
If you are collecting personal data through tracking tools such as Google Analytics: You will need to amend your Privacy Policy and use of cookies to ensure that you are compliant when GDPR comes into force. This may mean that you will need to give visitors to your site a way of “opting-out” of being tracked.
If you use email marketing, direct marketing and/or telesales: Under GDPR you cannot assume that you have permission to email people and that they can just “opt-out”. The PECR is currently being revised so will probably no longer allow this. You will no longer be able to have the sneaky “untick this box if you do not wish to be contacted” message on your sign up forms. They must “opt-in” for you to be compliant with GDPR legislation.
Start now. From your next email campaign ensure that you inform people as to how they can unsubscribe from your email communications. This could be in the form of a link to unsubscribe or as simple as noting “To unsubscribe from email communication from <name of your business>, please reply with ‘unsubscribe’ in the subject box” on your emails.
On your printed direct mail you will now also need to have a message printed on it that informs people as to how they can stop receiving mailers. This might be a phone number they can call, an email address or a link on your website to visit.
And then, when someone has opted-out you MUST comply. You MUST keep a log of who does not wish to be contacted, or face a potentially heavy fine from the Information Commissioner’s Office (ICO).
You will need to ensure that you check phone numbers on your telesales call list against the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) before you call. The ICO will now be in charge of issuing fines for those who breach this law. OFCOM used to be responsible for fines, but BEWARE – the ICO are much more stringent and will not hesitate to fine.
If you buy data lists in or collect sign ups through your website’s contact form: you will need to make sure that you buy data lists from a provider who is GDPR compliant. If you are collecting data through your website you must explain in your Privacy Policy how that data will be used and stored and ensure that you have the necessary “opt-in” tick box on your sign up or contact for to allow the individual to give consent for their data to be stored.
The time to act is now. Ensure that your marketing is compliant so that you are ready for May 2018.
If you would like to chat about what this means for your business, then please contact us.
Useful websites:
The Information Commisioner’s Office (ICO): https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
The Telephone Preference Service: www.tpsonline.org.uk
Corporate Telephone Preference Service: http://corporate.ctpsonline.org.uk/
Direct Mail Association: https://dma.org.uk
Comments