GDPR – Time is running out!
11th September 2017
With the deadline of May 25th getting ever closer, we have put a basic guide together regarding GDPR:
What is it?
The General Data Protection Regulation (GDPR) is a legal framework devised by the European Union to ensure all EU citizens’ personal data is properly protected. With EU member countries having widely varying provisions in this area, GDPR will mean there will be a common approach to the protection of data
When does it come into effect?
Every business will have to comply with the Regulation by 25th May 2018. Although the United Kingdom is currently in the process of leaving the EU, obligations continue so you must ensure that your business is compliant with the regulations. The fine for not complying is 4% of annual turnover!
‘I’m not collecting data so I don’t need to comply’
Are you sure about that? If you use tracking tools such as Google Analytics then you are definitely collecting data and under the GDPR anyone visiting your website has to be informed of that. Whatever the data, if it can be traced back to an individual, the new law will apply.
What do I need to do about this?
No means NO!
If you are sending out email marketing campaigns, your recipients must have asked to receive it. If they haven’t, you are in breach of the GDPR. You cannot assume that a person wants to receive this information. If your current website has pre-tick boxes giving permission, this is no longer allowed. You must enable everyone to opt-in and not opt-out.
Once people have opted in, you must log this information and this includes providing exactly what each person has opted in to, so recording the exact wording is very important. If you are set up to receive an email confirmation, this is great but, again, you must ensure that the emails are saved in a secure fashion and, once again, it clearly states precisely what they have opted in to.
What else do you need to consider?
Even when people opt-in, you have to give them a very easy way to opt-out again. On e-newsletters, you need a clearly marked link that gives people the option to unsubscribe. If you are sending out printed mailers, there has to be a clear section explaining again how they can opt-out. This can be a telephone number, email address or a link on your website.
Another important part of ensuring you are complying with the legislation is to make sure that you keep and maintain a ‘do not disturb’ list. As soon as someone opts out, you must stop contacting them and if you don’t you could face large fines.
‘I just called to say… Would you like to buy something?’
Put the phone down a minute! Is that number registered with the Telephone Preference Service (TPS)? If it is then you must not call it as you will be in breach of the law. And before calling other businesses, you must check if they are registered with the corporate version (CTPS).
You can check the register here: http://www.tpsonline.org.uk
How secure is your website? If you are storing any form of personal data on your website, it is imperative that your site has an SSL certificate. Why? Because this will encrypt the program of data. Without an SSL certificate, your website will be classed as non-secure and anyone visiting your site will be informed of this information and will more than likely prevent people from visiting your website.
Is it just easier to revert to paper mailers to market my business?
Of course, this is a viable option as you don’t need consent to do postal mailers, the only rules you must follow for this are:
- Make a clear statement giving the recipient options on how they can opt-out of any mailings in the future
- Content is relevant to the recipient
Whether you are an existing client or have never previously visited the Greensplash website, we are here to help ensure that your website and marketing campaigns are going to adhere to GDPR legislation; so please contact us, but we strongly suggest that you don’t wait until May to do this; allow us to work together now to make sure your business is ready well in advance of that date.