General Data Protection Regulation (GDPR) is a term that you may have heard bandied about quite recently, but what actually is it and what does it mean for your business? Read on for answers to the 7 most common questions we’ve been asked…
#1 – What is GDPR?
GDPR is a new framework that has been designed to harmonise data privacy laws across Europe and allow individuals to have more control over their personal data. Europe was given a two-year notice period, in which businesses can adjust to the new set of rules, meaning GDPR will officially come into force on 25th May 2018.
#2 – Who does it affect?
The data protection act affects both individuals and organisations, but the biggest changes will be for organisations who may have to change their data management to become compliant.
Official terms that you will hear a lot when it comes to GDPR are ‘Controller’ and ‘Processor’. These are not as complicated as they sound. A Controller has responsibility for how and why personal data is used. A Processor obtains, records, adapts or holds personal data. An example of this is a scenario where an organisation uses a third party payroll provider. The organisation is the Controller of the employee payroll data, and the third party payroll company who processes the payroll for the organisation is the Processor.
#3 – What is classed as personal data?
The definition of personal data is basically anything that can highlight the person as an individual, including email addresses, social media posts, names and even IP addresses.
These rules suggest that anything that cannot be constituted as personal data e.g. [email protected] is technically eligible to be contacted, as there is no invasion of privacy or breach of personal data.
#4 – How do I prove I have consent to contact individuals?
Under GDPR rules you will need a double opt-in process to prove that an individual has given you their permission to be contacted, which means having a record of how and when someone gave their consent. All individuals will have the right to request access to their private records and the right to be ‘forgotten’ at any time.
Gone will be the days when receiving a business card at an event means you can enter the contact into your CRM, giving you their business card does not constitute as consent.
#5 – Will it affect my relationship with customers?
GDPR will change the way that you interact with and acquire potential customers, but this also means your marketing efforts will be much more targeted and therefore worthwhile. If someone has given their consent this means they want to be marketed to and have a genuine interest in your business.
Something to note however, is that you are still permitted to send service, transactional and maintenance emails, whether you have consent or not.
#6 – Is there anything I can do to encourage people to opt-in?
This is where you have a chance to be creative! Although you may not obstruct / alter your service if the individual chooses not to sign up their information, you may offer useful assets and enticements to sign up; give them a reason to say yes! This could be by offering discounts or offers to your services/products… think outside the box!
#7 – What happens if I don’t comply?
If your business doesn’t comply with GDPR after 25th May 2018 then it is possible you could face a fine…This could be up to 4% of your annual turnover or 20 million euros; whichever is greater.
Whilst GDPR may seem quite scary, it’s actually a great excuse to start over with your data and make sure you are marketing to people who are really interested in what you have to say!