Remember if you are found to be in breach of GDPR your company can be fined up to 5% of your global turn over.
Here are the main things you need to know about GDPR:
First, it is important that you understand and record what ‘personal data’ you hold as a business, how it was captured, how it is held, how you use it, and where it is going. The GDPR defines 'personal data' as: any information relating to an identifiable person. As well as obvious personal data such as email addresses, phone numbers, addresses etc. GDPR also includes IP addresses, device IDs, location data and genetic/biometric data.
Scenario: Post 25th May 2018 - If you were asked in a court of law to prove how you obtained a customers personal data you should be able to prove this. Did the customer opt in via a website? Did they visit your premises/store and opt-in by signing something? If the customer made a telephone enquiry and left their email, did they consent to joining a mailing list?
Consequences of the GDPR for email marketing: The main thing for email marketers to keep in mind with respect to the GDPR is there is a new definition of providing consent, or to use email marketing parlance: opting in.
Consent to the processing of personal data must be “freely given” in the form of a clear “affirmative action.”
In other words, opting in is to be taken very literally with regards to the GRPR.
Additionally, businesses will have the burden of showing proof that a contact has affirmatively opted in.
Passive opt-ins and opt-outs are no longer allowed.
Following this new definition of opting in, you’re no longer allowed to use email addresses that you collected through a passive opt-in or opt-out process. Consent must be freely and explicitly received from the contact or customer through an affirmative action. This means that you can only legally use lists that are 100% opt-in - and only if you can prove that those contacts actually provided their consent.
Existing DigitalFlare Client? - We are happy to check all forms on your website and advise if you have Passive opt-in or Opt-out forms. In such circumstances, we can change these forms to ensure you conform to GDPR practices.
One of the questions we’ve most commonly been asked in recent months is 'does the GDPR mean we have to get fresh consents from our entire marketing database?' In many cases, the answer is 'no' - though the explanation for this is not all that straightforward. We suggest you read the following articles which offer a greater understanding of this and will allow you to draw your own conclusions:
We always advise you seek your own independent legal advice on such matters as circumstances will be unique to every company. However, if your data has not been collected consistently with post-GDPR requirements then we (DigitalFlare Ltd) would advise you request re-consent from your existing contacts.
Existing DigitalFlare Client? - If you decide that re-consent is the best way forward and you are an existing client, we can help with this process and can send new consents to your database for you.
If you use a mail system such as “MailChimp” or “SendInBlue” to send newsletters and you would like to do this yourself the following articles will help:
BBC Cookie Notice:
GOV.UK Cookie Notice:
On a secondary note, any data that is sent to Google should not contain PII (personally identifiable data) – data you can be track back to an individual. This is best explained here: www.craftedatom.com/is-your-google-analytics-gdpr-compliant/
The above rules also apply to other 3rd party tracking software, not just Analytics.
New data protection rules put more emphasis on online security. Any data that is submitted on your website must be encrypted, which prevents it from being hijacked. An SSL certificate will ensure your site is encrypted, so if you do not have one already, ask your web developer to assist with this. If you are unsure whether or not you have an SSL certificate, take a look at the address bar of your browser when you are visiting your site. There should be a padlock symbol and a message stating that the site is secure and encrypted. If this is not present, get in touch with your web developer.
In addition to SSL, Under GDPR, you must demonstrate that you’re implementing data protection by design and by default. This could change everything from how you design databases to who gets access to data.
Existing DigitalFlare Client? - We can install an SSL certificate on your website if you do not have one. We can also advise you about individual security measures that you have in place on your website and provide details about the security of your hosting package.
Please note: The above points just outline a few of the rules that are required to be GDPR compliant, but remember it isn’t only your website that needs to be compliant.
The content of this web page is a commentary on the GDPR, as DigitalFlare interprets it, as of the date of publication. This content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your company. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.