GDPR – the countdown

mm

Are you ready?

The marketing world loves acronyms: AIDA, SWOT, CPC, CTA, CRM, COS, PPC, etc. You can’t escape them! Well, here’s another: GDPR. This one is going to be massively important for businesses everywhere, so we thought we’d explore the implications.

What does it stand for?

GDPR isn’t some form of elaborate extension of Gross Domestic Product although that is one way of remembering the order of the letters! No, it stands for General Data Protection Regulation and replaces the Data Protection Directive of 1995.

When will it come into force?

D-Day is 25th May 2018 but don’t leave it until then to take any action. There is much that businesses can be doing right now to get ready for GDPR and to ensure their websites will be compliant. The regulation will apply to all companies, regardless of where they are based, involved in processing the data of people living in Europe. If you’re wondering about Brexit: a) the UK will still be in the EU in May 2018, and b) the government has confirmed on numerous occasions that GDPR will be the data protection regulation anyway for the UK after Brexit.

What will it mean?

GDPR represents the largest change in data protection and privacy rules in more than 20 years. One major shift is that unlike the Data Protection Directive, which just applied to data controllers, GDPR will applies to data processors too. So if you’re holding clients’ details and sending communications out to them, that means you too!

Many of the principles for the Data Protection Directive remain the same but with an added focus on accountability. In the future, you won’t need to just be complying with the rules but will need to show ‘how’ you are complying with them too. The principles in GDPR around personal data stipulate that it should be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not processed in a way that is incompatible with this
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Kept in a form which permits the identification of the data subject for no longer than necessary
  • Processed in a manner that ensures appropriate security for the data

In terms of how it defines the rights of the individual, GDPR will be an evolution rather than a revolution. Most of the rights will stay the same; some will be strengthened and there will be some new ones as well. These include:

  • Being informed about what data is collected, how it will be used and how it will be kept safe
  • Having access to the data stored on them
  • Being able to correct any inaccuracies in the data
  • Being able to erase the data when they don’t want to maintain a relationship with that brand
  • Restricting the processing of their data
  • Being able to object to the processing of their data

What you can do

First of all, you need to need to make sure everyone in your business is aware of the impending approach of GDPR. Ensure the information you distribute to your team is readable and accompanied with training so it’s not just stuck in a drawer and forgotten about.

Secondly, conduct a thorough audit of the way you collect, store and process client data. Consent and privacy are the crucial watchwords to bear in mind.

One key area where you need to take action is around email marketing and the double opt-in process. Consent needs to be seen to be freely given, specific and unambiguous – silence is not a valid option.

The new legislation will mean that double opt-in will become essential. Your prospects will have to fill out a form or tick a box to receive communications and then confirm it was them that made the request in a further email or report it if it is was not. As it is currently, opt out must be available too.

As for your website, you must tell all visitors how the data about them is going to be used. You need to create an appropriate cookie collection practice so that as soon as a user arrives on your website, they see information about it and a way to opt-out. Implied consent is not enough, so lines such as ‘by accessing this site you consent to the use of cookies’ are not sufficient.

Summing Up

GDPR is going to be THE topic of the next few months. Start genning up on it now to make sure you’re compliant by May 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *