What’s it all about?
There has been lots of talk about the new regulations that will come into effect in May 2018. The big question has to be who does it affect? Well if you’re a business and you use email marketing or send direct mail, or make sales calls, the law is changing what you can and cannot do. Things you do today may soon not be allowed anymore!
This all happens on the 25th of May 2018, which is really just around the corner in business terms. On that date, the General Data Protection Regulations come into force. The reason you’re hearing so much about it is that it is a big deal, particularly if you get it wrong. I am guessing that one of the big temptations is to leave this until nearer the time. For what its worth I feel that is a mistake and that there are some very simple steps you can take right now!
It is also important to point out that this new law is very detailed and quite complex and I am only just scratching the surface in this article. Its purpose is only to get you thinking in the right way and not a comprehensive guide or how to document, it is merely a few tips to help you start the process of compliance.
The key to all this is for you to understand what data you’re collecting, for example, if you’re using Google Analytics then under the new rules you will be considered to be storing data covered by the GDPR. In essence, the law applies to any data that can be traced back to an individual and people have the right to know what personal information you’re storing about them.
Let the People have their say
If you are sending someone email marketing before you can do it you need to have obtained their explicit permission to do so. You certainly can’t assume you have their permission. They must opt-in! We would suggest this is something you should start sorting out right now and not wait for the changes to come into effect.
Check your contact and registration forms, used for your websites and make sure they have an opt-in tick box. The key is it needs to be opt-in, not preset!
So it’s very clear people need to opt-in, but there is a little more than that to consider too. You are going to need to record when they gave their permission and you need to have a record of what it is they saw when they made the decision to opt-in. One of the easiest solutions perhaps is to have an email notification sent to you for each opt-in but then to fully comply you’ll need to ensure the email clearly states what the tick box said at the time of completion; retain and store securely those emails as part of your audit trail for compliance purposes.
What about other laws?
GDPR seems to be quite explicit in this regard, saying that if there’s another law that conflicts with it, then the other law has the priority. A good example that has been used in the publicity running up to the eventual implementation is that of email and telephone marketing covered by PECR, as this allows for what is called ‘soft opt-in.’ In effect, this means that if you have sold something or negotiated with a client you can send that person. marketing about the same kind of thing they were interested in.
However, it is also worth noting that PECR looks set to be replaced by a new stricter ePrivacy law currently being debated in parliament. At this time it is not clear if ‘soft opt-in’ will remain. With that in mind, you could argue it makes sense to work on explicit opt-in as a matter of standard procedure.
People have the right to say No!
People have the right to stop you sending them marketing. More than that, you must make it easy for them to opt-out of future marketing.
The simplest solution is to ensure all emails of this nature carry with them the ability to opt-out. We would suggest a simple link that allows them to click on opt-out. If you’re using printed mailers they need to clearly tell people how they can stop receiving more of the same.
Once a person has opted out you need to maintain a ‘do not contact list’ and maintain it. If you don’t do this you could be facing some very hefty fines.
What about TPS?
If you make sales call to someone who’s on the TPS list you will be breaking the law. A word of warning times have changed and the current organisation responsible for this, the ICO are much stricter than Ofcom who used to ensure compliance with this regulation. You don’t need explicit permission to make a sales call but you do need to check the TPS list before you make the call. Don’t be fooled into thinking this only applies to individuals at home. There is also the CTPS, the corporate version! Checking numbers is simply a case of going to the website http://www.tpsonline.org.uk
Secure your site
Have you got the little padlock symbol on your browser bar when you are on your website? This icon indicates to the rest of the world that your site has an SSL certificate (Secure Sockets Layer). If you’re storing any personal data on your website, you need to have an SSL. This will ensure that the data is encrypted. Last October Google took this to another level by labelling sites without SSL as non-secure.
This means that even if you’re only using a basic contact form on your site and you don’t have the SSL, you will be marked as insecure! This may well impact on how people feel about visiting your site and so SSL is worth investing in. We have a few good Rainmaker members who can help you with this.
The GDPR Mission
Its all about the protection of personal data and to prosecute organisations who misuse that personal data. As with many compliance-related missions, this will make life a little more difficult for the majority of good honest and decent organisations, who are just working hard to build their contact database and attract more business.
But just a few simple steps mentioned in this short blog can help you navigate through the main points of the new regulations:
1. Have an explicit opt-in for your email marketing (you can still take advantage of soft opt-in for as long as it lasts).
2. Check the telephone preference service list before you make that unsolicited sales call.
3. You don’t need explicit consent for traditional mailers in the form of letters, brochures or catalogues. This is providing that you make it clear how they can stop getting future mailings from you and that the content is relevant. Sending direct mail is ok as it is still seen as a legitimate action in the interests of your business development.
A bit more on direct mail
Direct mail seems to be experiencing a bit of a revival. Direct mail is less common and perhaps that’s why it tends to indicate better results than it has historically? The fact is that most of us are getting less traditional post than we used to and a knock-on effect is that we take a little more time with our traditional mail as a result. So at the very least, this may be worth revisiting, maybe!
If you would like a referral to one of the Rainmakers Club Partner Members who can help you with all things GDPR, marketing and web, you need only ask, use our contact form and ask for help, or use the mobile app, we are here to help you and your business!