What is GDPR?
You may have heard the acronym floating around and wondered what it’s all about. GDPR stands for General Data Protection Regulation and is a piece of legislation that will apply in the UK from 25th May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to the processing of data carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.
What’s more, substantial fines and legal action against companies that do not comply with regulations will be substantial.
Information Commissioner Elizabeth Denham suggests there’s no time to delay in preparing for GDPR, it’s “the biggest change to data protection law for a generation”.
How does GDPR affect marketing?
Whilst the GDPR doesn’t solely focus on the use of personal data in marketing, the impact it has on businesses who actively market their products and services for growth and survival has raised major concern.
One element of the GDPR which effects marketing is consent; consent from individuals for their personal information to be used for marketing purposes. This not only relates to their names and email addresses, but even the way their IP addresses are used for marketing purposes.
The days of purchasing data lists and sending mass emails will fizzle out. Businesses need to be more savvy in the way they collect and use data in line with GDPR. This does not mean email marketing will stop, but businesses need to provide evidence that the people on the data list have given consent for their data to be used to receive specific marketing communications.
As part of the new regulation there must be some form of clear affirmative action from individuals. Consent cannot be inferred from silence, presumption or pre-ticked boxes.
Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.
The GDPR standard declares that Opt In options should be specific, granular, clear and prominent. Any opt-in received from an individual should be properly documented by the organisation and withdrawn easily if requested.
If you need, or would like to review your marketing communication processes in line with the GDPR, please get in touch with us to discuss your options. Call us on 01282 504838 or Email firstname.lastname@example.org
GDPR isn’t just about the use of data for marketing. Ensure your business is prepared with the relevant processes and policies. Further information about GDPR can be found at https://ico.org.uk/for-organisations/data-protection-reform/