The effects of the regulation will be far reaching, and the penalties for non-compliance simply draconian, with fines up to €20,000,000 or 4% of global turnover, whichever is the greater.
A fundamental principle behind GDPR is that “personal data can only be gathered legally, under strict conditions, for a legitimate purpose.”
This has ramifications for how you collect, store and use data about your prospects, clients and staff.
What is Personal Data?
Personal data is anything that can be identified as belonging to a specific individual. This includes name, email address, notes about meetings with that person, details of their spouse and children and any other information you choose to hold about them.There is also a second level of personal data known as sensitive data. This includes religion, sexual orientation, medical history and similar information.
Collecting Data
Before storing any data about anyone you must ensure you have their express permission to hold and use that data. Even when you’re networking and someone has given you their business card, you cannot just add them to your marketing database without an audit trail to prove they have given you their permission.Where you have an online sign up form, you must enforce a double opt-in process where an individual gives you their details and your automated system sends them an email to click through to confirm they want to be on your list. The automated system will then be the audit trail to prove consent was given.
GDPR also states that the reason for collecting the data must be clear so that your visitors can give ‘informed consent’ knowing what the data will be used for.
When you send out marketing emails there must be an opt-out option on every single email. This is good practice and you should be doing it already. And that opt-out process must work! I have clicked on opt-out links only to be taken to a ‘404 page not found’ page. Following GDPR this will be considered to be a breach of the regulation.
Right to be Forgotten
While your opt-out clause allows your recipients to opt-out of receiving your marketing emails, the right to be forgotten is more than that. GDPR states that any individual can ask to be ‘forgotten’ by your systems and your company, and you must comply. This means deleting all personal data where that data is a) no longer necessary, or b) the person withdraws consent to processing and there is no legitimate ground for processing. Legitimate grounds could be where someone owes you money and you need to retain their information to follow up and get paid.Of course, once someone has been ‘forgotten’ by your systems, you will no longer have the information to not target them. This could mean you accidentally target them as a potential new customer in the future. At present, it is not clear whether suppressing the data will be acceptable rather than deletion.
What do YOU Need to do to Prepare for GDPR?
Review your existing data. Where has it come from? Do you have express permission to contact these people? Is the data still up-to-date and valid? And do you have an audit trail to prove you have permission? If you cannot demonstrate that consent has been positively given then you may be open to fines.Get consent. If your existing data won’t pass the GDPR conditions then consider contacting everyone on your database before 25th May 2018 and ask them to positively confirm their consent. According to the Information Commissioner’s Office “consent cannot be inferred from silence, pre-ticked boxes or inactivity.”
Set up systems for future data collection to ensure explicit consent is given and recorded. Don’t rely on verbal agreement, always put something in writing to the relevant party with the option to opt-out.
How We Can Help
If you have a database of personal data that you haven’t used for a while then it will need data cleansing. We can do this for you, either a simple cleanse to ensure you have the correct address and phone number, and the business is still trading; or a full telemarketing cleanse where we will call everyone on the list to ensure you also have the right contact person at that business.Call us today on 01296 737823 or visit our website (www.enterprisemarketing.co.uk) for more information.
No comments:
Post a Comment