Need Some Help Getting Ready for GDPR?
You may have noticed a flurry of emails in your inbox recently, asking if you still want to hear from this fashion brand or that restaurant chain and asking you to ‘opt in’ if you do.
That’s because there’s new data protection legislation coming into force on 25th May called GDPR. This EU legislation is designed to tighten up loopholes in the existing data rules and will be mandatory for all UK organisations.
It’s a change in the law that has opened the floodgates to lots of misinformation, money-making seminar series and general panic. But for B2B companies, the changes – while still significant and compulsory – are much less onerous than measures required for consumer-facing businesses. The legislation is about personal data so, crucially, if you are contacting another company on a topic that is relevant to their sector, as long as they are a limited or private company rather than a sole trader, you do not require an opt in consent. No opt is required for active customers or employees either, as they also fall under the heading of ‘legitimate interest’.
Based on Marketing Week’s recent webinar, the steps outlined below have been prepared as a quick reference guide to preparing for to ensure you’re compliant by the end of May.
What to do Now:
1.Carry out an Audit
Firstly, you need to establish a baseline. Make sure you understand what data you have and where it’s kept, then you can decide what you need to keep and what can be deleted. It’s important to remember that data is not just held by marketing departments, so an assessment of what data is held and where needs to cut across all commercial functions.Often, however, it is likely to be the marketing department that takes the lead in this housekeeping exercise.
2.Create a Policy
Next, you need to demonstrate that you comply with the new legislation. GDPR is a principles-based regulation, which means each company is responsible for determining the legitimacy of the data it holds.However, all organisations must be accountable for the data they have and how and where they keep it.Once you have done a data audit to establish what data you hold and have deleted anything irrelevant or non-compliant, you can put a policy in place to establish what data you keep, where it is stored and for how long. If you then adhere to your data policy you will be able to demonstrate compliance at any time.
3.Make Your Policy Public
Ensure your policy is available for customers and targets, in the same way that your quality or environmental policy is open for scrutiny. And be thorough.Your data policy should also include how you define legitimate interest and explain that people can object to their data being kept on file and have it removed.
For many businesses, GDPR remains a daunting topic and, with new Privacy and Electronic Communications Regulations (PECR) coming into force next year, there is further data protection compliance on the horizon. However, with more effective and accountable data collection, storage and management processes in place, marketing becomes more effective and targeted, so compliance requirements will have a positive impact for many businesses.
And the good news is, you don’t have to go it alone. We can help you ensure you take the practical steps you need to ensure GDPR compliance and make the most of the data you hold. If you’d like our help or just want an informal chat on GDPR and what it means for your business, why not give us a call on 0151 326 2333 or email us at firstname.lastname@example.org