General Data Protection Regulation or GDPR will affect almost every business in the coming months. If you haven’t started planning for it, you probably should. It will take effect from May 25th 2018 and is one of the biggest changes in data protection laws since The Data Protection Act 1998. So it’s fair to say, it’s a pretty big deal.
It could present a complex challenge for some businesses, so it's worth understanding what GDPR entails and how you can plan ahead. The more time you invest, smartly, the better.
So, what does GDPR mean?
GDPR has been designed to protect the personal data of all individuals within the European Union. That includes you me, and everyone in the EU. Despite the UK’s upcoming exit from the EU, GDPR will form a part of UK law, meaning the new regulations will continue to apply post-Brexit.
When it comes to processing data, the customer is king. Every individual will need to directly provide consent by explicitly opting in. That means pre-ticked boxes assuming consent will no longer be an option. Data subjects will have the right to access any information collected about them, and data controllers must be able to specify exactly when consent was given.
For businesses, GDPR could mean a full assessment of current processes and updating them in order to comply with the new laws. If a business doesn't comply, they could face a fine of up to 4% of their global turnover.
It might seem complicated, but in reality it’s not as daunting as it sounds.
It’s not all doom and gloom
Although there has been a lot of scaremongering about GDPR, the new laws give individuals strengthened control over their personal data and how it's used by businesses. It’s a practical change for both parties as anyone who provides consent wants to, meaning you’ll acquire more valuable data and your customer receives the communication they signed up for. Win-win, right?
What does it mean for my business?
Managing sensitive data is a reality for most businesses. Whether you collect a small amount or have a database to rival Facebook HQ, you’ll need to make it clear to customers what you plan to do with their information.
- How data is collected and recorded
- Where and how it's stored
- How it can be retrieved and importantly…
- How it will be disclosed as well as erased
Perhaps the most crucial change overall, is that when it comes to email marketing you can no longer assume that you have a customer’s permission. Data subjects must opt in to receive communication, and you’ll need to keep a record of exactly when that consent was given. So people that are OK to email today may become not OK after the changes. Although many of us hate to see the dreaded unsubscribe rate soar, you’ll now need to make it easy for consumers to opt out too. That means clearly signposting how to unsubscribe from email communications.
What about B2B specifically?
Clients will need to know whether you are adhering to GDPR on their behalf, and how the laws could impact their ability to reach their audience. You’ll need to be prepared to answer questions around compliance with GDPR, and how you plan to manage potential data breaches.
Whilst it is a little frustrating, GDPR is a good excuse for any business to update and refine their data processes, which if done well could help you to have an advantage over your competitors. So make a plan and get going!
The key message is that GDPR is a fantastic opportunity for organisations to be more open with their customers. It’s a chance to give a statement about your business’ transparency when it comes to handling their data, and ultimately it’s a change that’s in all of our best interests.
If you’d like to know more about GDPR and how it will affect email marketing processes, our digital team will be happy to discuss the new regulations with you in more detail +44 (0)1202 330 000.