Welcome to our August update. Is the summer really nearing its end? Sad times. I hope you’ve had an enjoyable one. I have decided to concentrate this month’s update on four letters that are on everyone’s lips; especially here in Europe: GDPR.
Everywhere you turn there’s guidance and ‘advice’ on GDPR. Some useful, some adding even more confusion. Many people are hoping if we don’t think about it, it’ll just disappear back under a rock. It takes me back to my school days when I knew an exam was coming but I really hoped my teacher would come in one day and tell us it’s been cancelled and we don’t need to worry. Sadly, GDPR is not going anywhere. And for those of us here in the UK, even when we leave the European Union, this legislation won’t be disappearing – there is no escape!
I’m not going to turn this piece into a comprehensive piece that covers every aspect of this upcoming regulation – I’ve included a link to a useful downloadable guide by B2B marketing magazine at the end, which provides far more detailed information – but I felt it was important to cover some high level information of what GDPR is and what you need to start doing, now. And, to just get you thinking.
So what is this GDPR beast? In short, it’s a new regulation that is going to shake up the way we are all required to handle our customer data and it will come into force across the EU on the 25th May 2018. At such time, we must be able to prove that everyone on our databases have given their consent (opted in) to be on there.
If we ignore, we will risk some very hefty fines.
How many people on your database have opted in? Can you prove that is the case?
And in case you say, “they haven’t opted-out” that is not consent. Under the GDPR you’ll only be able to send marketing communications to customers and contacts, if they’ve opted in to receive them (this is a clear narrative set out by the regulation).
The 25th May 2018 is not far away, so what can you do now to protect yourself and get yourself in a position to be compliant and importantly have a credible database in 9 months time?
Carry out an audit on your current database. How are you currently collecting and using information? Where are you storing data? On a CRM or on a dreaded Excel spreadsheet?! What security measures do you have in place?
Raise awareness within your team(s). Most of your people will have some connection to personal data. Ensure they understand changes are coming, and the potential impact this could have on your business – and the potential penalties.
Review your privacy policies and statements. Review what you are currently telling customers and contacts about how you use their data, and assess how far this goes to complying with the GDPR.
Assess other policies and procedures. Do you have a process in place if an individual wants to know what information you hold on them, or if you had a security breach? Ensure you have the right documentation and processes in place.
Get in touch with your technology providers. You may need to make changes/amendments to your CRM system and other technologies with regard to how data is stored or secured. Contact your technology partners to understand what steps they’re taking to become GDPR-compliant.
Start getting your database to opt in now! It must be clear that the individual has given their consent, and you’re able to prove this. Emailing your contacts inviting them to opt in is one effective way, but you need to be realistic that this won’t capture everyone. You will need to be creative in your thinking.
Ensure all your day to day campaigns from now on includes an opt in – but remember having someone complete their details to download a paper is not consent enough and you cannot make the download contingent on them opting in. Consent has to be given freely. An alternative is to include a consent on the Thank you for downloading page, once you have stoked their interest.
Add a footer banner to your email signature inviting people to give consent and direct them to a consent page.
Add pop-ups/overlays to your website. Yes, these can be annoying, but they can be effective.
If you are at a tradeshow or holding a conference/forum/seminar include consent forms in delegate folders.
If you’re holding a webinar, include a consent notice on the registration page and if you send slides or other follow up material afterwards, again include a consent notice.
In essence, take every opportunity to get consent, in a way that consent can be proven.
Is there an opportunity?
There’s no denying it is a mine field but there are upsides. Your database will be much more targeted. You will lose data and contacts, there’s no point avoiding that or glossing over that fact, it’s just something we have to accept, but if they’re not engaging anyway, how much will that matter? A list of individuals who have opted in to your communications should be much more engaged, resulting in higher click-through, open, engagement and conversion rates in your email campaigns.
If you have any GDPR concerns, do give us a call and we’ll do our best to help and support.
Hopefully this is helpful and if nothing else, has got you thinking!