GDPR – General Data Protection Regulation
GDPR (2016/679) – General Data Protection Regulation was agreed by the European commission in January 2012 after 4 years of deliberations and this is the Data Privacy law which comes in to effect on May 25th 2018 or 9th January for Financial firms. It replaces the 1995 Data Protection Directive. Failure to comply will carry very large fines to be imposed by the Data Protection Commissioner. This is all about personal rights, security and protecting any identifiable persons data, such as email address, name, address, postcode etc, to avoid spamming or abuse or much worse, such as illegal accessing of bank accounts. This ‘personal data’ is also referred to as ‘data subject’.
GDPR governing websites and mailing lists
GDPR – our 10 simple recommendations to keep you compliant
GDPR – 10 Simple ways to keep you compliant and avoid big fines
1. email opt-ins – include a double opt-in so that after signing up, the person gets an email asking them to confirm that they did indeed opt-in to receive your communications. It is a useful protection for you, to show that you were asked to sign this person up. Mailchimp will do it for you, if you have the settings correct. This will cover you going forward.
2. If you have a current list, then offer people the chance to opt out, which will be evidence that you did give people the opportunity to opt-out.
3. Always include the option to ‘unsubscribe’, in your emails.
4. Include your terms and conditions on your website and ensure you refer to how you handle personal data. Are people signing up to a mailing list or just to get a FREE guide or something similar. Provide informed consent.
5. Only ask for the minimum amount of data. What do you really need? Name and email might do, so why ask for address or postcode? Keep it at a minimum. If you need postal addresses or date of birth in order to ship goods, then ensure that you only have this for real customers.
6. Never buy or sell ‘lists’ – it is just wrong.
7. Beware of third party applications such as your CRM to ensure that they are GDPR compliant. They may by default ask for more information than they need for you. Your email programme needs to protect against misuse.
8. Do not make it confusing when asking for information in opt-ins or asking people to opt-in to something, be clear about what is being offered or asked. Be honest.
9. Protect your list data, use some form of security, as you will be held responsible, if your data is hacked. You need to show that you did apply some security. Ask your insurers if you can get some form of cover, if you are worried that your data might be breached.
10. Consider how long you might hold data. If someone buys off you once, are they likely to buy again/ Or if someone buys in 2017, but does not buy again with a set time, say five years, can you decide to cleanse their information from your records. decide on a best before date for this sort of data.
GDPR – Next steps for you
How to ensure GDPR compliance and manage your existing data, without this becoming available to the wrong people.Truth be told, we should not hold any data on people just for the sake of spamming them. We should only market to people who are likely to want to hear from us or people in our industry, who may have a legitimate interest in what we have to say. Now is a good time to delete any personal data held on people who are not current clients or very likely potential clients. Why chase after people who do not want what you have to offer, when you could be focusing on those who do.