Have you heard lots of whispers about GDPR?
GDPR stands for General Data Protection Regulation. It relates to any personal data your company holds and the way this information is used for communication, how it’s processed and where it’s stored. Although the fines being bandied around for non-compliance are huge, don’t panic! The ICO is primarily focusing on companies employing over 250 staff and are obliged to issue a written warning in cases of first, and non-intentional non-compliance. So, if you do get something wrong there should be ample opportunity to correct the error and avoid further action being taken. Phew!
There is also a lot of confusion regarding data protection and security (GDPR) and marketing (covered by PECR, Privacy and Electronic Communications Regulation) where it is acceptable to contact a client, prospect, contact or member where you have a pre-existing relationship or where the communication is of legitimate interest. Which is of course subjective.
So after a lot of reading and research our conclusion is that you simply need to be very clear, concise, transparent and honest about the data you hold and how you use it. And of course make it super, super easy for someone to opt out of receiving marketing communications from you. Remember – Be polite and don’t pester!
Whilst the guidelines from the ICO are still pretty woolly, at this particular point in time, and from a marketing communications point of view, we recommend that you take the following steps to ensure that you as GDPR compliant as possible by the end of April 2018.
Tidy, Check and Manage your data…
- Appoint your own DPO just to be on the safe side (data protection officer) and create an email account so that people can contact a specific contact about their data
- Conduct a data audit and written appraisal / report
- potential, current and past customers, suppliers & employees
- where is the data stored
- why is it retained
- how is the data used
- how long for, if applicable
- Where you can segment the data as much as possible so that each segment is easier to manage and should make marketing more targeted / relevant / of interest
- Check and note on your data lists how consent for each individual was collected, this can be an ongoing task
- Delete any old lists
- Delete any fields in your database that aren’t really necessary
- Conduct regular database cleanses of current data
- Ensure that you have direct access to data lists stored in email marketing systems or on your own website
Bang Anderson can help you comply with GDPR
- Create a dedicated Privacy and GDPR area / page on your website clearly setting out your procedures and DPO contacts
- Create a clear infographic to visually explain your data collection, protection and processes (including who processes & stores your data)
- Ensure that this page is clearly visible on your website within the main and footer navigation, the contact us page and that the page is linked to wherever possible
- Email marketing templates, where we recommend a clear footer is created explaining why the email is being sent and a VERY prominent opt out button.
- Your staff’s email signatures
- Any standard document footers
- Included in proposal or tender templates
- Ensure that all sign up forms either within your website or into an email marketing system include a OPT IN box, clearly state what the visitor is signing up for, for how long and how often. Plus, a link to your dedicated privacy / GDPR page
- Consider having a different form for different databases. EG: If someone signs up to receive information on a specific service or product then you can market to them in a more targeted way, they are likely to be more receptive, and GDPR can clearly see the legitimate interest
- Ensure that any offline application forms include the same information with an opt in box.
- Dedicate a member of staff to update your WordPress site every week or at the very, very least every month – a site scan, delete comments, update plugins, patches, themes and core to ensure that your site is as secure as possible.
- Get an SSL on your website for added security and confidence. Also becoming a part of Google ranking
NB: We are NOT legal or compliance experts and the above is our opinion and interpretation only. We strongly recommend that you take additional and independent legal advice to determine the best way for your particular company to comply fully with GDPR by the time that the legislation comes in mid May 2018, as this impacts HR and other business areas too.
As an example please read Bang Anderson’s Terms and Conditions regarding GDPR as a data owner (controller) and as a processor (working with your data) www.banganderson.co.uk/GDPR