Is your small business GDPR ready?

On Friday 25 May 2018 the EU’s General Data Protection Regulation (GDPR) is changing.

 What does GDPR mean for your small business?

It means a new set of rules are being brought in about

  1. The data you collect
  2. The way you use the data
  3. The ways you store the data
  4. The ways you share the data.

These new rules apply online and offline and affect customer data as well as internal data. And, yes, they will apply after Brexit. If your business breaches any of the new rules then be prepared for a hefty fine! No one wants that so the best thing is to make sure your business is ready for the change as soon as possible.

How will GDPR affect marketing?

Relevant Data Collection

Collecting data is an important part of marketing. Think about the ways your business collects personal data, often a sign-up via a pop-up on your website or after purchasing a product. This is still allowed but you need to know exactly what data you require, how you are collecting it and make sure it’s clearly stated why it’s being collected and what it will be used for. It’ll also be important to only collect relevant data, perhaps all you really need is a name and email address rather than collecting and storing postcode, age etc. If your business holds irrelevant data about individuals it must be removed.

Customer Data Access

Individuals have always had the right to ask businesses about the data held on them, however GDPR enhances these rights. If the individual requests at any time that their data should be deleted, the data controller within the business has to comply with that request and confirm the deletion. The individual may also require to view the exact data held about them, again this must be complied with.

Customer Data Permission

Customers must now opt-in to collect personal data (opt-out is no longer an option). This means businesses will now be required to build in privacy settings into their websites. The individual will need to give their consent to that use and the consent needs to be clear, in plain English and “informed, specific, unambiguous, and revocable“.

Data Storage

Businesses can only use data collected and stored by them for specified, explicit, and legitimate purposes. They’re not allowed to use it in any way that would be incompatible with the intended purpose for which it was collected. If they plan to transfer or share the data with another company they must have consent from the individual to do so. Any data held that is out of date or no longer required should be removed.

Marketing Opportunities

As complicated as it sounds it’s not all doom and gloom for your business. There are a few marketing opportunities to take advantage of before the change so your small business is GDPR ready:

  • Now is the time to update that mailing list you’ve been putting off. Make sure anyone who has unsubscribed or not had any interest in any of your communication is removed.
  • Contact current customers and give them the chance to opt-in to a new updated mailing list stating the data being collected and what it will be used for
  • Simplify the data you hold. Think about the data you currently collect – is it necessary ? Has it worked at turning leads into customers?
  • Add a pop-up or mailing list subscription on your website with a clear GDPR compliant privacy policy – encourage followers on social media to land on these pages
Further information

There are loads of publications out there to help advise and give further info on GDPR. Business Gateway has a downloadable PDF ‘GDPR for Business’ which is a comprehensive document of the new rules and regulations. Business Gateway is also running some free GDPR workshops – the one in the Scottish Borders takes place on 20th April, see details here. 

Hubspot is another great resource for information and ideas to make sure your business is ready for the change on 25th May 2018.

The Official GDPR Website is a resource to educate the public about the main elements of the General Data Protection Regulation (GDPR).