GDPR - what’s it all about?
Welcome to the first in a short series of blogs about the forthcoming General Data Protection Regulation (GDPR).
We’ll start by looking at exactly what GDPR is and why it matters, especially for online data, before moving onto more pragmatic tips and information that can help you in the real world.
So, to this blog’s core question – what is GDPR?
It’s a new European legislation designed to improve the privacy of individuals’ personal data by enforcing rules upon those who collect, use and distribute that data.
What is personal data:
Personal data is classed as ‘Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. If marketing to consumers all data is classed as personal data. The legal status of sole traders and partnerships (non-LLP) also mean that email addresses and phone numbers for these should be classed as personal data as they are easily identifiable. If marketing to a limited company, the address sales@biz.co.uk is not classed as personal data but jack@biz.co.uk would be.
The core premise of GDPR can be summed up as:
Consent to use or share personal data can no longer be presumed. It must be explicitly given.
That means that if someone goes to your website and enters their email address into a field marked “enter your email to download our latest white paper”, that data can only be used for distributing that white paper. Where once that email address would likely end up on a mailing list for future offers or newsletters, that can no longer happen. The rules cover all types of data, so cookies are in the mix too (you’ll need to update your website’s privacy policy, more on that in a subsequent blog).
Damn fine
So why should you adhere to these 90+ articles of law? Well, just as with any other law, there are consequences for non-compliance. In this case it’s a minimum fine of €2m. Ouch. And even if you’re not caught out by authorities, failure to obey the rules can leave your business open to the kind of bad PR or even civil action that nobody wants.
New data
Any new data you acquire – be it from a business card handed over during a networking event to a webform sign-up – needs to be verified. That means a follow-up email, ideally from an automated system to save your sanity, to confirm that they do indeed wish to be added to your mailing list. This is the opportunity for you to a) signal your honest intentions for how you’ll use their data and b) pass on any reassurances you can about how their security and privacy will be respected.
Existing data
Good news! If you already have individuals’ recent consent to email them a newsletter or service updates – and can prove this with evidence – you can continue. If however you have no physical evidence to prove this then you need to re-confirm consent. This means sending an email to your existing contacts clearly stating your intentions for use of their data and asking them to ‘opt in’ in order to confirm their consent. You must also include clear and easy unsubscribe option on all future communications.
Bonfire of the mailing lists?
The reality is that for many businesses, mailing lists are about to shrink. Is some cases dramatically. You cannot just use any old list and you cannot cold email individuals in the future. All mailing lists must be compliant with Personal Electronic Communications Regulations and cleansed against the Mailing Preference Service – you should always check where your mailing lists are obtained.
But that doesn’t have to mean bad news. For starters, you can consider this the ultimate data-cleansing exercise. You know that, once you’ve gone through this period of work, the people remaining on your mailing list really want to hear from you – there’s no more ambiguity there and your email marketing will be far better value for money.
And if you want to keep your database strong, you need to make sure the content you’re offering is of real, legitimate value. That philosophy is at the heart of good content marketing already and we always say the best starting point is to put yourself in the shoes of your ideal customer. What will they want to hear from you about? What content can you offer that can enrich their lives? The important thing is that this isn’t about you telling your audience what you want them to hear, it’s about offering them something they can really use – be it a quality special offer, a genuinely entertaining video or a useful ‘how-to’ blog that can make their lives easier.
So GDPR doesn’t mean the end of direct marketing, it means the beginning of a new dawn in high quality, value added communications with people who really want to hear what you have to say.