GDPR And Your Company Part One: An Introduction

The EU General Data Protection Regulations (GDPR) come into effect on 25^th May 2018. However, many businesses are unaware of how these new regulations will affect them – and this lack of knowledge means they risk huge fines for non-compliance.

What Is The GDPR?

The new data protection directive is designed to update older regulations that have not taken into account advances in technology. They are there to improve the customer experience for individuals, and give people greater protection over how their personal data is used by businesses.

For example, previous data protection legislation didn’t consider IP addresses as personal data, but the GDPR does. As such, a company must declare in their privacy policy whether they collect information about IP addresses of their website visitors, and what they do with that information.

What Does ‘Explicit Consent’ Mean?

The main element of the GDPR is that individuals must provide a company with ‘explicit consent’ to be contacted for marketing communications.

This means that you can no longer offer a ‘soft opt-in’ to email lists: you must get individuals to actively tick a box to agree to marketing communications. You also need to provide them with a way to revoke this agreement at any time (which could be as simple as getting them to email you with the word ‘unsubscribe’).

Doesn’t GDPR Only Affect Businesses In The EU?

Nope! The GDPR actually affects any company that has customers based in the EU – so you could be a roofing company in Tahiti but if you contracted a job in Sweden, you’d need to apply these regulations to all personal data handled.

Of course, most of businesses operate locally or nationally within the UK. So, how will Brexit affect the GDPR – do you still need to comply?

Yes! It has already been confirmed that the GDPR will be ratified in UK law once Brexit has happened. That means that you’ll need to comply with the EU GDPR until Brexit, and then continue your data protection practices in the same way after Brexit to comply with British law.

How Will GDPR Affect My Company?

When you’re developing your marketing strategy, it’s important to now take GDPR compliance into account.

For example, where previously you could run a competition to encourage people to sign up to your email newsletter – or to receive exclusive discounts – you no longer can do this. That’s because the GDPR prevents businesses from offering a ‘cash incentive’ (including discounts) that puts those who choose NOT to sign up to an email list at a disadvantage.

Before you think you can no longer use discounts and offers to entice people onto your marketing list, all is not lost!

You can still offer something for those signing up to your list, as long as you are also offering a customer-wide opportunity, too. For example, if you offer 15% off roof safety rails for new customers that sign up to your email list, you should also run a three-for-two website-wide offer for a limited time that anybody can claim. This will give you enough credibility to prove that you are not providing a ‘cash incentive’ for people to sign up to receive your marketing emails.

How Does ‘Legitimate Interest’ Help Me To Find New Customers Under GDPR?

There is more good news for businesses: there is a vague clause in the legislation that’s called ‘legitimate interest’. This means that a company is still allowed to contact people who have not provided explicit consent IF there is a legitimate interest to do so that does not override the individual’s right to privacy.

For example, you could send out flyers to advertise your roof maintenance company to a specific postcode. This would not affect the rules of the GDPR, as you are not using personal data to send these flyers out.

Keep an eye out for Part Two and Part Three coming soon. Part Two will cover how to create a marketing and privacy policy for your business that is GDPR compliant, while Part Three will give you some handy hints on how to generate new business with GDPR-compliant marketing strategies.

Disclaimer: The EU GDPR is a very complex legislation. We have provided a summary of the regulation but this does not constitute legal advice. If you have any questions about how the GDPR may affect your business, contact the Information Commissioner’s Office, handlers of GDPR within the UK.