GDPR, short for General Data Protection Regulation and as of 25th May 2018 this is a data protection regulation that ALL businesses need to comply to or face financial penalties for any potential breach.
Many business owners will think that these regulations do not apply to them, if this is you then you are wrong. GDPR regulations apply to ‘Controllers’ and ‘Processors’ of personal data; a controller is the one who says how and why personal data is used and the processor is the one who acts on the controllers behalf and ‘processes’ the data.
As a Marketing and Finance business ABL Business are both controllers and processors of personal data and because of this we have been extra careful when it comes to understanding the intricacies of the legislation; whilst trying to simplify it at the same time. Here we share some of the things we have learned that can help you navigate the next 9 months and ensure you and your business are fully aware of the need for GDPR compliance when the 25th May 2018 comes around.
Here are some practical steps you can take to get you started on your GDPR Journey…
First things first, under the data protection act it states that any individual or organisation that processes personal data should be registered with the Information Commissioners Office (ICO) unless they are exempt; you can take a test here to find out if you should be registered.
Next, you need to understand the legislation terms and how they relate to you and your business;
- What constitutes ‘personal data’? - Definition under the GDPR: any information relating to an identified or identifiable natural person. This relates to a series of ‘personal identifiers’ including name, IP addresses that can identify people online and location data such as cookies.
- Know where you stand as a ‘Controller’ and/or ‘Processor’ of data and ensure that you are aware of the level of responsibility you have and your obligations from May 2018. Here is some light bedtime reading from the ICO.
- Start with your marketing database and where personal data is stored (this includes email marketing lists on spreadsheets, CRM systems and email software such as Mailchimp). To avoid confusion in the future you should have ONE master database instead of lots of little individual data stores. The reason for this is when you are asked to ‘remove’ an individual from your lists you need to remove ALL data stored relating to that individual and NOT just opting them out of receiving marketing emails! We use Zoho; it’s fab!
- If you currently have a marketing data list, do you have an audit trail of individuals that have ‘Opted In’ to receive your marketing emails? If not, create one. Send an email to all people that you have on your database and ask them to re-sign up to continue to receive information about your business and services. PLEASE NOTE: DO NOT SEND THESE EMAILS TO CONTACTS THAT HAVE ALREADY OPTED OUT OR UNSUBSCRIBED. This is not cool; as Honda and FlyBe recently found out.
- Simple, but effective; If you have a sign up form on your website, make sure that people who sign up have been asked the questions, Tick here to ‘Opt in ‘ to receive marketing emails? Let’s not assume anything; it makes an ‘Ass of U and Me’.
