Business Surgery Guest Blog: GDPR - What YOU need to know

Through some work for a new client, KMD Neupart UK, I have recently learned about GDPR and the changes coming next year to data protection laws. If you run an email list or keep any data you need to know about this! 

In this guest blog email marketing experts Winbox give us some guidance.

 GDPR is on its way: a new pan-EU privacy regulation that will have a significant impact on email marketing for small businesses. From May 28, 2018, EU data handling rules are set to change. There will be one set of regulations for every country, requiring written consent (such as an opt-in form) from audiences in order to be able to market to them at all. This consent must also be recorded should any complaints arise, and failure to comply could see firms facing penalties of up to €10m.

You must inform your audience exactly how their personal data will be used before they decide to agree: it’ll be a hard opt-in rather than a soft opt-out process once GDPR comes into effect. It doesn’t only apply to email marketing either - the regulation also covers the use of cookies to track user behaviour on websites. You can read more about what it involves here.

For small businesses, the new ruling has numerous ramifications. For many, it’ll involve a complete overhaul of their existing email marketing operations, changing the way in which they collect and store data. The new regulation will apply not only to future data that’s collected, but also data that’s already held...so while May 2018 may seem like the distant future, there’s no time like the present to start the ball rolling.

This will be one of the biggest shifts in email marketing in recent years: so what can you do to prepare?

Laying the foundations
 

The Information Commissioner’s Office has confirmed that it will publish regular practical GDPR guidance (and signposting guidance created by others), which can be found on their website. In a document entitled “Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now”, first published in March 2016, they stress the importance of acting now to ensure that you gain buy-in from key stakeholders, and put in place any new processes needed for compliance. Their 12 steps include:

  • Raising awareness of GDPR amongst decision-makers

  • Organising an information audit: the data you hold, where it came from and who it’s shared with

  • Checking that your current procedures cover all the data protection rights that individuals have

  • Having the right procedures in place should a data breach happen

It may seem like hard work, but it’s well worth it. By changing your processes early and cleaning up your current mailing lists to comply with GDPR, you’ll not only save yourself a job (and potential fines) down the line, you’ll also ensure that all new data you collect will adhere to the new regulation.

You may worry that adopting this double opt-in process will deplete your mailing list...but remember, good lists are about quality, not quantity. Data from marketing automation software firm CommuniGator shows that opt-in click through rates reach 37%, demonstrating that a more qualified audience is the way forward...and we’re sure you’d far rather have an engaged, relevant database over a €10m fine.

The build-up to the GDPR launch in May 2018 begins now. There’s no time like the present to start building your permission-based opt-in list, adapt the way in which your data is collected and stored, and have a clear plan of action in place. Data has never been more important: it’s time to ensure that everyone in your organisation agrees.