The new General Data Protection Regulation (GDPR) is the most impactful change to EU privacy law in the last twenty years.
The regulation, which becomes enforceable on May 25th, focuses on the protection of both consumer and businesses personal data. In particular, the change will affect how your business communicates with your client database – in order to ensure your data is still mailable, you need to act now and get GDPR compliant.
If you’re a business who is located within the EU or processes data from EU consumers, you will need to ensure your data is GDPR compliant.
You need to ensure you have strong settings for consent. That means the request needs to be clear and understandable so users know where and what the data will be used for. Gone are the days where you could purchase lists of data, you will need prospects and customers to opt-in to email campaigns with complete transparency. Once they have opted in, you will need to record how they opted in, as well as when, to be GDPR compliant.
You must make it as easy to opt out as it was to opt in, providing customers with the ability to remove themselves from any future marketing campaigns. In order to minimise the amount of opt-outs, try giving your customers a choice as to the type of content they want to receive. If you aren’t already using one, a preference centre will be your best friend.
GDPR compliance also includes data erasure (the right to be forgotten). Customers now have the ability to request that all their data be permanently deleted from your systems. You will need to be able to ensure that you have a process in place that easily allows this request to go through. If somebody requested their data to be deleted, could you confidently know and remove it from every place it’s stored?
Finally, you need to ensure that any customer data is stored appropriately and protected from the start. They will now have the right to request confirmation that you’re processing their data, the reasoning and where it will be stored. How good is your security across marketing channels and do you need to change it?
The steps to take
GDPR doesn’t just apply to the subscribers you receive after 25 May but to all EU subscribers on your email database.
In order to make sure you achieve compliance, you will need to apply new consumer opt-in permissions. This means that if you currently have a pre-ticked opt-in box you will need all your consumers to re-subscribe to your email marketing – it is essential that users actively confirm their consent.
Audit your existing email database. Identify those individuals on your list who have openly provided their consent and where that consent is kept. If current subscribers have already opted in in a way that is GDPR compliant – and you have the data stored somewhere – then you will not need to recollect consent from those individuals.
Obtain transparent consent. You can do this by running a re-permissioning campaign; you can only re-permission individuals who have already given you their consent to email you. This sort of campaign is essentially a mass email to your database asking if they would like to opt in to your email newsletters.
Make your subscriptions varied. Think about giving your database several options for all your marketing channels rather than one single choice - s, for example, they can opt out of emails, SMS or post.
The cost of non-compliance is high. GDPR states that those companies in breach of the regulation will be fined 4% of turnover, or €20m – whichever is greater.
Please note: This post is for information purposes and is not legal advice, we advise you speak to your own legal advisors to find out what impact the GDPR will have on your business and what action you need to take.