Firstly, let’s go through the basics. What is GDPR?
GDPR is the General Data Protection Regulation. The new legislation will be implemented within 28 countries in Europe as of the 25th of May 2018. The new legislation was agreed upon by the European Union, and has been made to create more transparency over the handling of data and improve the effectiveness on data protection. The legislation is supposed to give consumers/customers more control over how their personal data is handled by businesses.
What will it affect?
Your email lists. The new legislation will change how companies collect consent for new, as well as existing, customers that subscribe to your email list and may be stored within CRM (Customer Relationship Management) and other systems.
People managing and controlling data need to make sure that the data is specifically processed lawfully (the consumer/customer has consented to their data being used), transparently and for a specific purpose. Once the data has been used for the specific purpose it then needs to be correctly deleted.
How to show consent…
You should be able to show exactly how the subject (customer or consumer) consented to the process of collecting their data. This means within marketing you need to be recording who gave consent and how. For example, with email lists, consent may be through website sign up.
The customer or consumer should be able to withdraw their consent at any time and this must be shown through a policy of how to withdraw consent, i.e. emails having an unsubscribe button.
Processing the data and consent should be carried out only for the purposes of collection and consent.
If you need the data for a range of purposes then consent will need to be given to every single purpose.
Pre-ticked boxes or inactivity will not count as consent; it needs to be of the users free will, showing that if the user has no free choice that consent cannot be taken.
What should you do?
Make sure that your rules of collecting data are up to scratch to match the new legislation. Use opt-in for e-newsletters and make sure the person has consented for their personal data to be used by you, and continue to do so.
Customers and consumers always have the right to demand that their data is deleted, and if so you must abide by this.
You need to make sure the data you have collected has correct consent procedures and this can be easily proven, or you need to gain correct consent procedures before the legislation takes place.
Even though the UK is leaving the EU, the legislation will still take full effect due to the motion of leaving the EU being filed in March 2017 and set at a 2-year time frame.
Remember not abiding by the legislation and changing your data collection rules to fit with this, can lead to a fine!
Feel free to have a chat with us about how this could effect you..