The GDPR and Marketing: What you need to know

Suzanne MacDonald Carr from the Business Coaching, Mentoring & Training Centre breaks down the crucial information businesses need to understand about the General Data Protection Regulations (GDPR) that is in force already with a looming deadline for businesses to be compliant by May 2018.

The first thing to understand is that the GDPR extends and is more rigorous than the Data Protection Act (DPA) and supersede PECR – which regulates electronic marketing which was drafted and implemented before the surge of internet marketing and growth of electronic medium and so it is wildly out of date.

GDPR exists to protect all of your personal data and to prosecute rogue organisations who misuse your data. So if we are using data for business we must make changes to ensure we comply.

So, is electronic marketing dead in the water due to the changes we need to make? Well, like most things in law, it’s about compliance, reasonableness and proportionality. The law applies to data that can be tracked to an individual, so Google analytics and tracking tools that hold IP Account information and addresses are affected.

A common misconception is it only applies to personal data, however, if you sell B2B it applies to you.  Even if you only email corporate addresses the law still applies.

You will not need explicit consent to send a mailer/lumpy mail, letter, brochure or catalogue as long as it is clear how to stop the mailing. Direct mail is allowed under the ‘legitimate interests’ of your business.

Four points about direct mail

• Direct mail has turned full circle. A Market Reach survey says 87% people said they were influenced to make a online purchase as result of direct mail
• A mailer hangs around in a home for an average of 17 days and 29% people said they had shared it with someone else
• 72% of people get less than three pieces of mail a day 70% agreed they get too many emails
• The bigger the mailer the less it is ignored.

Source: SOON it is coming GDPR will  affect us all, Limelightdesignandprint.com, 2017

Take Action between now and May 2018:

• Create a privacy policy on your website and let prospects and customers know you have one. Do not hide it – it must be able to be found and communicated. (Also, part of Data Protection in CSR 26000-2010).
• If you use pre-checked boxes on landing pages, sign up forms then get your IT/Web company to return them to default
• Ask explicitly for permission on website contact forms, emails, check out and registration pages
• Ensure you don’t rely on the soft opt-in option although this is still allowed
• Existing customers: People have a right to ask you to stop marketing to them so make sure all emails tell people how to opt out and unsubscribe/or use reply: UNSUBSCRIBE
• Check telephone numbers with the Telephone Preference Service if you are calling   – https://www.TPSonline.org.uk
• Create and keep a ‘DO NOT CONTACT’ List. Keep records of when they gave permission and what they were shown when they opted in e.g.  an email trail for registrations and checkouts ‘may’ be enough
• Keep email securely so it can be audited
• Web site security – SSL Certificates and Lock Icon are on secure websites.

The BCMT Centre can help you to get your head around GDPR. If you like to discuss, or you have any questions, call 01473 359 248.