What is GDPR?
GDPR is a supercession of the Data Protection Act 1998, which has been designed to improve and simplify data protection for EU citizens, residents, and businesses. This will come into effect on the 25th May 2018. You may be thinking this will be irrelevant for UK businesses once we leave the EU in 2019, however, it’s likely that many of the new rules will be adopted into UK law and from a marketing perspective, this will have a huge impact.
Is my website GDPR Compliant?
All websites should provide a secure and safe experience for your prospects when they visit your site. If your site is not secure and hasn’t got an SSL certificate, Google will automatically insert a security warning on pages with input fields, such as forms. At the least, this will put people off visiting your site. However, if you are collecting or storing users’ data on your website, you must have an SSL certificate to encrypt this data or you will be non-compliant with the new GDPR regulations and you could face crippling fines. Either way, without an SSL certificate, Google will make it clear to users that your site is untrustworthy to browse or hold their personal information. Google inserts a green padlock before the URL of all secure sites.
User Registration
Register forms are platforms where prospects can voluntarily share their personal details, usually when setting up an account on your website. With this, you have the opportunity to target new prospects with ongoing promotional marketing. It’s widely recognised that the cost to convert an existing customer is far cheaper than the cost of attracting new customers, so offering customers the chance to hear more from your business at checkout is a commonly used online marketing tool. With the new GDPR rules, you need to ensure that any such promotional contact is offered on an explicit opt-in basis. Therefore, default opt-in and double negatives such as ‘if you would not like to refuse contact, tick the box’ will be deemed non-compliant. A simple ‘tick this box, if you would like to receive further information from this company’ will be sufficient, with the box unticked as default.
Consider your Privacy Policy
By the time May 2018 comes around, every business will need a privacy policy, but don’t wait till May to put this in place. This is where you can outline why you are using tracking tools, such as Google Analytics cookies, on your website and what you intend to use that data for. However, do not use your privacy policy to hide information about automatically opting prospects in for email marketing, this breaches the regulation.
Email Subscribers
For email marketing, you will need to provide an explicit opt-in option to retain people’s data and email them, you will no longer be able to include pre-ticked boxes. On top of this, you’ll need to record evidence of when a prospect has given you permission to use that data and what was shown to them about how the data would be used. You could include an “unsubscribe” button in your email, making it easier and more accessible for those who wish for their data to not be saved.
Direct Mail
With mail, letters, brochures and catalogues, you need to include an opt-out message, providing prospects with the option to not be sent anymore printed mail. You could do this by including a number to call, an address to email or a link to visit.
TPS list
Individuals can register to the Telephone Preference Service to stop getting sales calls, so if you do ring anyone on this list, then you could be faced with a fine. It would be worthwhile to maintain a “do not call” list to avoid facing prosecutions.
The best way to make sure you’re covered would be to carry out and install all the correct procedures now, rather than once the regulation is in place, to make sure you’re completely covered and protected. GDPR will affect marketing to new and existing customers and non-compliance can be catastrophic for your business, however, by becoming vigilant and thorough, you can meet the required standards and avoid the hefty fines.
If you would like further information about whether your website and marketing channels are GDPR compliant, please contact us and we will be happy to help you.
Social Media Management