08 May GDPR in a nutshell
What is GDPR?
Communications make the world go around and, when they work, they make it a better place for us all. However, what happens when we communicate the wrong things to the wrong people at the wrong time? A lot of annoyed people, that’s what.
That’s what the General Data Protection Regulations, or GDPR, is trying to avoid. Pretty much every organisation relies on communicating with people through email marketing, direct mail or sales calls to try and drum up business and encourage loyalty.
That’s all well and good until the communications start to feel a little less than welcome to their audiences. Perhaps they didn’t want to be contacted in the first place, or no longer want to receive updates from a certain company.
Perhaps they are hearing a bit too often from someone and they wish they would back off.
When do I need to act?
From 25 May 2018, the GDPR comes into force. The regulations do pretty much ‘what it says on the tin’, protecting people’s contact personal data, making sure that it is only shared with the individuals and organisations that they want to hear from and deal with.
As an organisation whose business model depends on communicating with people this is a big deal and something you need to look at now. The GDPR laws are complex and extensive. And not that far away.
Necessarily so, as they must cover a wide range of data protection areas. It’s not just personal data or B2C communications that are affected – the GDPR also applies to data shared and collected by organisations selling B2B.
This guide aims to provide an introduction to the GDPR. It is by no means comprehensive, but will hopefully give a good starting point to help you comply.
What is all the fuss about?
You may think that your organisation doesn’t collect any data and so won’t be affected by the GDPR.
Data comes from all sorts of sources, from tracking tools on your website that track IP addresses (such as Google Analytics) to email address lists built from sales enquiries.
You will need to ensure that people know exactly what information you are holding about them, and that they have had the chance to refuse permission for you to hold it.
The right to refuse
One of the most important things that you must do to comply with the GDPR is to make sure that you have got permission from every single person on your mailing lists and other avenues of communication to contact them.
You must not assume that they are happy to hear from you – this permission must be obtained in writing. You can do this relatively simply by providing contact forms, adding tick boxes to websites and online shops and adding the question to your sales call scripts.
Above all, you must record exactly when each person has given their permission, as well as the precise information they were shown when they chose to opt in.
So, make sure you keep all completed forms and emails, and record any conversations as evidence of your organisation’s compliance with this vital stage.
Even existing customers are affected by the GDPR. You will have to ask these guys for their permission as well to carry on receiving your communications.
While this can seem like an irritation, it does give you the chance to make sure your customers really are happy with your services and aren’t getting annoyed by unwanted emails and calls.
After all, we all have the right to be left alone if we choose.
So, how can people opt out of receiving communications from your company, or any other?
It’s simple. The concept of ‘clicking to unsubscribe’ from unwanted emails is already fairly commonplace. It will now be a legal requirement to include details about how to unsubscribe on all emails, or to have your postal address removed from printed marketing materials.
For websites, building an easily navigable, interactive opt-out landing page is an easy and elegant solution.
Then, once you know which of your contacts no longer want to stay in touch, you must keep a list of these people to ensure they are not disturbed – hefty fines from the regulators could follow if you fail to stay away.
Keeping in touch: safety first
The Telephone Preference Service, or TPS has been around for a long time. It is illegal to make a sales call to anyone registered with this service. Now, the regulations are tightening up even further, so it is crucial that you check numbers against this register if you don’t want to break the law.
OnlineWebsites, too should be designed to protect people’s privacy – if you don’t want to out people off visiting your site or entering any personal data or shopping orders, make sure yours shows a little padlock on the browser bar.
This indicates it has got an SSL certificate (Secure Sockets Layer) and that it encrypts data transmission for optimum security. Google now labels websites that are missing this padlock as ‘unsecure’, which could frighten away lucrative customers.
Despite huge technological advances, we all still like sending and receiving things out in the post. Direct mail is more effective as a sales tool than ever before, especially when it contains a little incentive, such as a pen, coaster or catalogue.
So, will the GDPR put a stop to all that? The good news is that organisations can still send out direct mailshots, so long as they are relevant to the business and they include clear instructions about how people can opt out of receiving anything else.
Want to know more?
There’s a lot to take in here, we know that. This guide only scratches the surface of the GDPR. Take a look at the websites below for more details:
Information Commissioner’s Office: www.ico.org.uk– For details on the laws surrounding GDPR
Direct Mail Association: www.dma.org.uk– An industry body that can help marketing people comply with the GDPR
Or call one of our team at Detail Design Consultants today to find out about GDPR complaint marketing communications and how we can help you.
We promise that our communications will be clear, concise and above all, consensual.