The countdown to the new GDPR regulations has begun and come in to effect in May 2018, and it seems the hot topic of the moment. So do you know what GDPR is and more importantly are you aware of what you need to do for your business or organisation?
Firstly a couple of facts
Second, GDPR still applies to paper documents, so don’t go thinking you can dust off the typewriters just yet.
As a marketing and design agency one of the main areas we get asked a lot of questions on is email marketing and the associated data. Email data is still classed as personal data. If you are handing or sending email data, you are what will be known as a data processors.
Everyone on your mailing lists must have opted in or given permission to be part of your list. It not advisable to just add people without their permission in any circumstances.
Ask yourself the following questions:
- Do you store data? If yes, then:
- Where do you store it?
- Is it secure?
- Who has access to it?
- Where did the data come from?
If you know for certain that everyone has opted in, then great. However if you are dealing with historic data or perhaps purchased the data from a third party then we would suggest running a re-engagement campaign, so you can start cleansing your data. This is where you run a specific email marketing campaign to either all of your subscribers or your ‘inactive’ subscribers’ encouraging them to update their preferences. Remember to encourage your audience with an incentive. If you do not hear from them, they have officially not opted in. It might mean you have less subscribers, but at least you know you are compliant.
- Can you recover this data? If no, then we would recommend looking at how you are storing your data.
- Do you pass this data onto anyone for processing? If yes, you will need to make sure you declare this in your terms and conditions
What else can you do to prepare yourself in the short term?
- Appoint a data protection officer – someone in your team who can essentially become the data protection super user and can help to educate your team.
- Prepare a data breach security response document – so if in the event something does happen, similar to Crisis PR, you and your business are prepared to react.
- Educate your teams! Employees are actually the weakest link to data protection. So make sure everyone is clued up.
GDPR needs to be taken seriously by all of us. Your company, business or organisation is liable to any fines, however under the new regulations these fines are in the millions of pounds. It’s important to make yourself and staff aware of the part you all play in data handling and processing, it’s vital you get yourself clued up on what are the proper processes.
We are committed to implementing GDPR and adhering to the new standards both internally and with clients. So keep a look out for more blogs from us on the GDPR regulations and tips to help you stay safe.