If your business (big or small) uses email marketing, sends direct mail or makes sales calls, you need to be aware that the law is changing, and some of the things you might do today will no longer be allowed.

From 25th May 2018, General Data Protection Regulations (GDPR) come into force. Get ready to hear about this a lot over the next year – it’s important.

Whilst it’s tempting to put off thinking about it until May next year, there are some easy steps which you can start to implement right now which will prevent you from running into trouble later on.

Below is CuCo’s practical advice on complying with the new GDPR’s. You’re welcome!

Let’s start with the basics – what is GDPR?

GDPR is the first comprehensive overhaul and replacement of European data protection legislation in over twenty years, and it will impact both your organisation and the way you think about its privacy and security programmes.

What’s it for?

GDPR has been designed to give individuals more control over how businesses are using their data. This is great news for consumers, however it presents a complex challenge for you as a business!

Step 1 – Produce a Privacy Policy

Thinking that your business doesn’t actually collect any private data from consumers? Well if you use any tracking tools on your website (such as Google Analytics) then that assessment is incorrect.

Consumers will soon hold the right to know what personal information you are storing about them – and what you do with that data.

If your website does not have a Privacy Policy, then you need to put one in place ASAP, and that policy needs to inform consumers how you are going to handle private information about them.

Step 2 – Email Marketing

From now on, you need to explicitly ask your consumers permission to send them email marketing, and they MUST opt in.

You must never assume that you have permission. Your Privacy Policy should make it very clear to your consumers that they must opt in to receive updates from your business, and you must never pre-tick a box which they will have to un-tick. Whilst you may have gotten away with this practice in the past, you certainly won’t anymore!

But there’s more. You must also make a record of when they gave you permission and log exactly what they were presented with when they opted in.

How does this work in practice?

An email confirmation of when someone registers/checks out on your website should suffice, as long as you store that notification securely and it clearly shows what the tick box said.

People also have the right to tell you to stop marketing to them, and you must make it easy for them to opt-out.

Take action with this straight away, and make sure that your marketing emails clearly explain to your customers how they can unsubscribe from your list. The most effective way of doing this is to provide a link in your footer to click.

Step 3 – Direct Mail

In the case of printed mailers, you should provide a number to call, an address to email or even a link to visit to unsubscribe.

Do not leave this until May! From today, start keeping a ‘do not contact’ list. Once someone has opted out, it is crucial that you stop contacting them, or you could face stiff fines from the regulator!

The good news is, you don’t need explicit consent to send a mailer, letter, or brochure. Providing you make it clear how they can opt out, and the content is relevant, sending direct mail is allowed under the ‘legitimate interests’ of your business.

Step 4 – Telephone Marketing

Have you heard of the Telephone Preference Service (TPS)? This service has been around for years and allows people to register to stop getting sales calls.

If you make a sales call to someone on the TPS, you are breaking the law, and you are liable to a fine. ICO have taken over the punishment of businesses from Ofcom, and they are much, much stricter.

Whilst the PECR state that you do not need explicit consent to make a sales call, it is critical that you check the TPS list first!

Step 5 – Website Security

If you are storing any kind of personal data on your website, it’s crucial that you have an SSL certificate. SSL certifies that your website is secure, and encrypts transmission of the data.

In October 2017, Google implemented the second part of this plan to label any sites without an SSL certificate as non-secure. So, unless your site has an SSL certificate, it will appear unsafe to any visitors, so again – it’s best to take action on this sooner rather than later!

Here at CuCo, we are ready to help you tackle these new regulations. The new GDPR law is complex and extensive and it goes well beyond the brief points made throughout this blog post. Our experts are here to help! Get in touch today, we would be more than happy to discuss the upcoming changes with you in further detail!