Soon is now
The legal stuff we started talking about back in October 2017 comes into force on the 25th May. It’s called GDPR. You may have heard about it. A lot.
But for anyone that has been a little off-grid these past 6 months, GDPR is essentially about revamping data protection laws in Europe.
Although plans were originally announced back in April 2016, ICO published their final guidance on Consent under GDPR on 10th May 2018. The new rules affect all businesses, from Facebook to your village florist.
New privacy policies will be needed for websites and apps. You’ll know all about this, though, as requests to accept these new terms will have been clamouring for your attention.
What about all those opt-in emails?
Ah, yes. In addition to requests to accept documents you’ll never get a chance to read, ‘repermissioning’ emails are also landing in consumer inbox’s in their droves.
Most of those emails are probably unnecessary.
It is a myth to think you need to get NEW permission from your customers to comply with GDPR.
This important guy even said so in his blog post.
Permission isn’t a new thing
In fact, businesses have needed your consent to send marketing messages (and provide a way to opt out) since 2003!
So if they haven’t, then they may have been in breach of PECR rules for quite some time!
And certainly the last thing you should be doing is emailing people (who haven’t given you permission to email them) to ask them whether or not they mind you emailing them.
A point proven last year when ICO fined Flybe and Honda for that exact boo-boo.
However if you do have a database full of soft opt-ins under PECR and you’d like to turn a few of them into explicit consent under GDPR then maybe a ‘let’s be friends’ email isn’t such a bad idea.
In fact, here’s one we made earlier > > >
Spring clean maybe?
Either way, it could be a good time to give your data a once-over.
Can you remember how you first met? Did they make the first move?
If you use email marketing, one option could be to look at segmenting your audience based on their responses and activity.
Who’s opened your emails? Who’s clicked? Who’s bought something?
If someone hasn’t really engaged with your brand other than to lift a finger to hit delete, then maybe you should be doing the same for them.
Left it a bit late?
Better late than never. But you should take action now, before doing anything else.
Bit bamboozled about where to start? Here’s a handy checklist.
It doesn’t cover everything, but is a practical starting point.
The points here apply mostly to your website, and particularly how you ask for consent. For deeper reading, check out our Nettl GDPR Guide, which has links to extended resources at the back.
KISS
You need to use clear, plain language that is easy to understand.
Privacy
Do you have a compliant privacy policy? You’ll need to tell people what you’re going to do with their data.
SSL
Do you have an SSL certificate? Keeping user data secure is no-brainer.
Opt-ins
Do you ask for explicit opt in (no pre-ticked boxes or any other type of default consent).
Evidence
Do you record when they gave you permission? You need to log exactly what they were shown when they opted in.
Opt-outs
Do you make it easy for them to opt out? Once they do, can you ensure nothing else is sent?
Seem like
a lot to do?
If you’re a bit busy for GDPR website compliance right now (and let’s face it, it’s not a fun job), the good news is that we’re here to help. Get in touch with your local studio today. Put a plan in place and you can check this hot potato off your to-do list.
