Does your business run direct marketing and/or email marketing campaigns? If so, read on – the laws that surround how businesses can use and store data are about to change and there are big penalties for those who fail to comply!
You’ve probably heard of the General Data Protection Regulation (GDPR) which comes into force in the UK from 25 May 2018, but are you taking steps to ensure you comply? If your business stores any kind of data it’s time to think about whether your data and collection methods will still be legal after May.
Why is GDPR being Introduced?
GDPR replaces the outgoing Data Protection Act 1998 and brings data protection legislation up-to-date, aiming to be a worthy companion for the new and previously unforeseen ways data is used in the digital age. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR’s definition of personal data has a more detailed and expansive definition than the current Data Protection Act and makes it clear that information such as an online identifier (e.g. an IP address) can be personal data. This reflects changes in technology and the way organisations collect information about people.
How will GDPR effect Email Marketing?
Here we look further at how email marketing will be affected. The GDPR sets a high standard for consent, so the Information Commissioner’s Office (IOC), has published a consent checklist to help businesses. It is reproduced below:
When looking at this checklist it is clear that if your current enewsletter list includes people who were added via pre-ticked options or added without active consent (i.e. opting in themselves via your website or ticking a box), they will need to be removed from your list to comply with GDPR. If you currently email groups of people with no opt out option in your emails this is also non-compliant with GDPR since there is no easy opt out method. You will also need to record and manage consent, for which the ICO also have a checklist here.
What happens if I don’t comply?
One of the most significant additions to the GDPR is the accountability principle. The GDPR requires you to show how you comply with the principles. Read more about the accountability principle and how to demonstrate you comply here.
Failure to comply with GDPR legislation could result in a hefty fine. The GDPR states that companies in breach of the rules will be fined 4% of turnover, or up to €20 million, whichever is greater. Individuals can also bring about their own lawsuits and make compensations claims in the event of a data breach. Clearly it’s worth abiding by GDPR to avoid brand damage and a catastrophic fine.
What does the Future Hold for Email Marketing?
For those businesses making every effort to comply with GDPR, the changes are likely to reduce the number of individuals on your email marketing list. However, there is no doubt that the people who are left on your list will be active, interested followers who want to receive your news and updates. Thus it will still remain an important marketing tool that you should continue using as part of your marketing strategy.
If you currently rely heavily on your email marketing to bring in sales and leads it would be worth considering broadening out your marketing activities (e.g. Google AdWords and social media advertising) to counter the fact that compliance with GDPR may diminish the size of your email marketing lists.
With GDPR in mind, we’ll be asking you over the next few months to opt into our monthly Eureka newsletter bulletin, to ensure we comply with the new regulations. To continue getting our enewsletter please sign up here.
Read the ICO’s ‘GDPR checklist’ and ‘12 steps’ information for businesses here .
Please note we do not consider ourselves an authority on GDPR and if you need further advice on the impact of GDPR for your business we recommend contacting local specialists Dept679 who can help you comply with the new data regulations.