For those of you who unsure of what the GDPR is, here’s some quick background information for you. On May 25, 2018 the new General Data Protection Regulations (GDPR) will come into force. It’s a move that will make companies be more accountable for the data they hold.
The regulations themselves have been designed to supercede the Data Protection Act (DPA) of 1998, which was created long before we witnessed the data revolution sparked by the internet reaching the masses. The DPA has rapidly become outdated, unfit for purpose and unable to cope with technological development. As such, the aim of GDPR is to give individuals more control over their personal information as well as simplifying and modernising the protection of data.
Put simply, GDPR is a far reaching set of regulations and, while I can’t comment on the wider subject (which covers everything from medical records to financial information), or give legal advice, I can give you our take on the incoming regulations and how it’s going to affect email marketing as of May 2018.
From our point of view, GDPR should be welcomed and not feared. It’s building on the current regulations (including the Data Protection Act and the Privacy and Electronic Communications Regulations) and bringing more clarity to what one can and can’t do with data.If you’re following best practice at the moment, there will be changes, but not as many there might be if you’re sailing close to (or beyond) the wind.
Just a point to note, the ICO (Information Commissioner’s Office) who are responsible for GDPR in the UK, as of 28/07/17, has not yet published its final interpretation of the regulations for email marketing following the recent consultation period, so I’ll tell you what we know, and we’ll release a follow up article to this once we know more.
It’s also important to remember, every organisation is different – there’s no single, simple way of becoming compliant. We do recommend though, that before the final interpretations are published, audit your data. Find out where it’s stored, where it came from, what you use it for and how you use it. Whether that’s sign ups from your website, transactions from your ecommerce store or email addresses you’ve collected at a trade show, make sure you know what you’ve got and where it came from.
This is what do we know right now about how things will change after May 2018:
The key point here is to gather all of your data, find out what you have got, map it and then do an audit on where it came from when the interpretations are published. Once this is done, make a plan to update your privacy policies, re-opt-in your subscribers and ditch the no-no data.
Watch this space – we’ll keep you in the loop!