GDPR is coming whether you like it or not, so you need to start working towards compliance now.
If you’re still unaware or confused as to what it is, here’s a summary from the official EU GDPR information portal:
“What is GDPR?
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy."
"Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."
"What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR up to €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.”
"What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.” You can read up more, here.
This is also a great GDPR summary from Southerly.
If you are a small business or a freelancer and use your clients’ data for marketing purposes, you need to obtain consent from your customers in order to continue using the data for those and any other purposes. This will mean you need to update your website in order to collect the consent information.
If you need legal support, Suzanne Dibble is a brilliant solicitor for small businesses. She has done an amazing job in making it easy to get ready for GDPR. You can check Suzanne’s work on her Facebook page.
If you are using MailChimp for your email marketing, I have good news for you. They’ve launched new tools for GDPR compliance, which will make your life much easier. MailChimp says you can visit its What’s New Page to stay informed.
Over the last few weeks, I’ve seen some great examples of email marketing on requesting consent from customers. Here are a few examples that I thought they’ve hit the spot:
Finally, my key suggestions for your GDPR email content strategy are:
Choose your subject lines carefully.
Make it easy for customers to give the consent. You’d want your customers to give it right away. If they don’t, you can ask for it again on each visit but at the risk of annoying users that genuinely don’t want to give consent.
Tidy up your data and keep track of the customers that have not given consent, because you wouldn’t want to contact them for marketing purposes after the 25th May 2018. You also could be audited by authorities or solicitors on behalf of customers and you should be able to easily and transparently show the consent collected, what you use the data for and your policies for protecting customer data and an ability to “destroy or transfer” data on request.
If you’d like to learn more and need last-minute support on how to compose and produce the right emails for your customers. I’m offering four consultations (15 min slot) for free. First come first served basis. So hurry. GDPR is coming :)