First off, let’s bust a couple of myths:
The first – Yes GDPR is part of EU regulations. However regardless of Brexit, the U.K. Government has chosen to be part of this, so the new regulations will still be in effect even after we have left the EU Second, GDPR still applies to paper documents, so don’t go thinking you can dust off the typewriters just yet.
The big area for us as a marketing agency and one we get a lot questions on is email data. Email data is still classed as personal data. If you are handing or sending email data, you are what will be known as a data processors. Everyone on your mailing list must and we repeat must have opted in or given permission to be part of your list.
Start by asking yourself the following questions:
Do you store data? If yes, then:
- Where do you store it?
- Is it secure?
- Who has access to it?
Where did the data come from?
If you know for certain that everyone has opted in, then great. However if you are dealing with historic data or perhaps purchased the data from a third party then we would suggest running a re-engagement campaign, so you can start cleansing your data. This is where you run a specific email marketing campaign to either all of your subscribers or your ‘inactive’ subscribers’ encouraging them to update their preferences. Remember to encourage your audience with an incentive. If you do not hear from them, they have officially not opted in. It might mean you have less subscribers, but at least you know you are compliant.
- Can you recover this data? If no, then we would recommend looking at how you are storing your data.
- Do you pass this data onto anyone for processing? If yes, you will need to make sure you declare this in your terms and conditions
So what else can you do to prepare yourself in the short term?
- Appoint a data protection officer – someone in your team who can essentially become the data protection super user and can help to educate your team.
- Prepare a data breach security response document – so if in the event something does happen, similar to Crisis PR, you and your business are prepared to react.
- Educate your teams! A big topic of conversation at the event was that employees are actually the weakest link to data protection. So make sure everyone is clued up.
We all have a part to play in ensuring GDPR is taken seriously. The company or business you work for is liable to any fines, however under the new regulations these fines are in the millions of pounds. So although you might not be taking the hit personally, if the organisation you work for is hit with a million pound fine, will they be able to withstand the hit? If they can’t, what happens to you and your job then? It’s important to make yourself aware of the part you play in data handling and processing and get yourself clued up on what is the proper process. We are committed to implementing GDPR and adhering to the new standards both internally and with clients. So keep a look out for more blogs from us on the GDPR regulations and tips to help you stay safe.