Are you GDPR compliant?
What is GDPR?
Unless you have been hiding under a rock you will know that there is a NEW law that came into play on May 25th 2018 which affects EVERY business that has customers (or promotes its products and services to people or businesses) in the UK and the EU.
So even if you are in the USA and you have an online presence, you are not immune!
It is called the General Data Protection Regulation. The European Union (GDPR) directive is considered to be the most comprehensive and far-reaching data privacy initiative of the past 20 years. It contains massive penalties for non-compliance.
Just six in 10 company directors feel their organisation is fully compliant with the incoming GDPR regulations, according to a survey from the Institute of Directors (IoD).
I am not a lawyer, but!
Now I am not a lawyer and do not profess to know all of the ins and outs of the Act but having put the new regulations into place in our own business we do know a fair bit about it.
GDPR in a nutshell is all about good data handling and ironically has been thrust more into the spotlight by Facebook’s recent faux pas with their handling of peoples personal information!
It is tightening up peoples individual rites and restricts businesses in what they can do with the data they collect.
Whether you store emails, customer info, or texts you must comply with GDPR. Basically anything that you hold on file that can identify an individual!
You have to consider how you collect the data and also how it is stored and then how you are going to interact with the individuals afterwards.
If you have buying customers who you do not contact after the sale (believe it or not many businesses actually do this!) then you can store them safely under ‘Legitimate Interest’ as you require the details to be able to fulfill their purchase.
Likewise if you have contracts with suppliers or customers for services you provide you can store that data under the Contractual Necessity premise.
A little known fact
A little known fact is that you must keep your email lists uptodate. You must also set a time limit whereby any subscriber that has not engaged with you after a set period (e.g 1 year) be deleted from your list.
If you already have an email list that you send emails out to, promoting your business etc, you WILL need to look at how you obtained these people. Do all your emails have an Unsubscribe button/link on them? It was first thought that you would need to get re-consent from all your subscribers but this is now NOT the case, as per a recent article from the ICO.
The biggest thing I feel for most companies is getting their opt in forms/pages changed. They also need to add a prominent GDPR compliant Privacy Notice and Cookies Policy to your website.
You will also no longer be able to have pre-filled check boxes on your opt in pages. You have probably seen them where the box is already ticked to receive updates etc. That is a big No-No going forward!
If you have emails for prospects within businesses then it gets even more complicated!
Now you can only send promotional emails to emails that do NOT contain a persons name. E.g email@example.com is a no go area but firstname.lastname@example.org is OK!). Also, you can then only send emails to companies that are a Ltd company. You will no longer be able to promote to sole traders or partnerships!
Their is loads more that you should know but this post would go on for about another hour or two!!
To make life easier for you we have teamed up with our mentor and two of the UK’s leading GDPR experts who work directly with some of the largest organisations in the UK and with the regulatory bodies themselves to break down into simple terms the GDPR regulations
WHY is this so important for your business? … because knowing how to be GDPR compliant is not optional, this is a legal requirement.
Are You GDPR Compliant?