GDPR is coming. Yep, the world is ending… Only joking!
For those of you who don’t know, firstly where have you been?
GDPR is the new regulation in EU law that covers data protection and privacy of all individuals within the European Union.
Secondly, yes it does still apply to us, even after Brexit (nice try!)
If you have a data breach or if you process data without a lawful basis (consent, legitimate interest etc.) then you could face a hefty fine of €20 million or 4% of your global annual turnover (whichever is higher).
It comes into effect on 25th May 2018, so you need to make every effort possible to ensure your business is compliant.
However, don’t panic – GDPR isn’t going to be apocalyptic and you’ll still be able to market your business. You just need to be transparent.
So, here’s our top GDPR Apocalypse survival tips!
Do your research
I know it may seem like a minefield, but read up as much as you can about GDPR and what it means for your business. There are crazy amounts of information available, but we really recommend checking out the ICO website where there’s everything you need to know:
Audit ALL of your data
Assess what data you hold and how you process it. How did you collect your data? Remember personal data covers anything that can identify someone as a person – name, email, address etc. so this covers employee data too!
What do you do to ensure your data is kept safe? If you keep it on a spreadsheet on your desktop – this is not okay! Invest in a good data management system!
Here’s the ICO’s guide to documentation (including data templates!)
Understand the rights of individuals
Under the GDPR, individuals have lots of rights including the right to be forgotten. They can also contact you to request information about what data you hold on them. All personal information requests must be free of charge and fulfilled within one month of receiving the request.
You can find out more about the rights of individuals here:
Put processes in place
Set up formal processes for things like information requests and data breaches. Give team members training and let them know what’s expected of them. If you’re prepared for every scenario, GDPR will seem less daunting.
The ICO has put together a list of key accountabilities and governance here:
Here’s the ICO’s guide to Privacy Policies:
Collect the correct consent
If you have identified data that you have no idea where it came from, try to obtain the correct consent before the deadline. Going forward, ensure all of your web forms and data capture processes ask for explicit consent such as ticking a box or a double opt-in (and make sure you’re telling them how you will be using the data!)
The ICO has outlined the lawful basis for processing data here:
Whatever you do, cover yourself! Document everything you do from the data audits to the processes you put in place. If any data catastrophes happen, you need to be able to prove that you have taken all of the reasonable steps to be compliant.
Use it as an opportunity!
Although it seems like it’s all doom and gloom, GDPR presents an opportunity to cleanse your lists and build trusting and transparent relationships with your customers.
If you would like to create some lovely, GDPR compliant marketing, get in touch with the Juicy Team today!
Congratulations, you survived the GDPR Apocalypse!
CHECK OUT OUR RELATED POSTS
It’s hard to know what’s going to be effective when it comes to your marketing… inbound, outbound, digital, content, channel, social… just how do you identify the right mix to work for you? The tendency is for businesses – large and small – to overcomplicate things;...
Why it’s important to understand the nuances of what works and what doesn’t! Two ‘polls’ caught our eye here in the Juicy office this week… both an opportunity for people to express their opinion of the tactics deployed and both resulting in an overwhelming NO vote…