As a business owner you will hold and have access to a range of data about your clients. Most respectable and ethical marketers will already be very aware of the current data protection regulations and will always strive to use this data to market to their customers responsibly – and there is already legislation in place to ensure that this is the case. However from May 2018 there will be new General Data Protection Regulations (GDPR) coming into force. These regulations are the new framework for European data protection laws and will really shine a spotlight on how consumer data is used by businesses and how they gain their customers’ permission to send them marketing communications. If your company is found to be in breach of these regulations there can be severe financial repercussions with large fines being issued and you could also face a loss of your brand’s reputation.
Therefore it’s a good idea for any business which uses customer data for marketing purposes to make sure that they are fully aware of what these regulations mean to them and to act now to ensure that they are compliant with them. To help you out we’ve taken a look at the answers to some of the questions we are being asked most frequently by our clients with regards to the GDPR.
Previously data protection regulations applied to the data ‘controllers’. These are the people who determine the means and process of gathering data. However the new regulations mean that now data ‘processors’ who are the people who process the data also have specific legal obligations too. If you process data you will need to maintain records of personal data and processing activities to comply with the regulations. As a small business owner you will be responsible for any breach of the regulations made by your company.
The good news is that you will still be able to run marketing campaigns but you will need to be able to show that the customers that you have marketed to have positively opted in to receive your marketing communications. As well as this, if you are marketing a range of products or services you will need to make sure that they have specifically opted in to receiving information about each one. This means that marketing campaigns will move towards being more specifically tailored for different segments of your customer base depending on which consents they have given.
The regulations are very clear that consent means ‘offering individuals real choice and control’. This means that using underhand techniques to gain consent such as pre-ticked boxes or giving consent by default will not be considered acceptable. You are not able to demand marketing consent as a pre-condition for receiving your services either. Marketing consent should also be made separately from your general terms and conditions.
As a business you need to be very upfront and honest with your customers about what marketing they will be opting to receive. Let them know clearly exactly how you will be using their data for marketing and be specific about the types of marketing that you will be contacting them with. For example when asking for consent you should use specific phrases such as ‘enter your email address to receive details of our new product ranges and regular money off vouchers’ or ‘click here to receive our monthly newsletter’. As stated before you need to be very careful about what you send out as you cannot assume that there is blanket consent given to all marketing activities.
As part of the new regulations you will need to provide evidence that customers have positively opted in to your marketing campaigns. You will need to show when and how they opted in and to keep a record of what they were told by your business when they opted in. It’s also important to provide a way for customers to opt out of your marketing. You’ll need to make this clear to them and to act on it in a timely manner if they do withdraw consent.
Consent is seen as an ongoing process so you should think about how you can review your data regularly to refresh consent approvals and to make sure that people still wish to receive marketing materials from your business.
Yes the new guidelines will need to be applied retrospectively to any data that you already hold. This means that if you feel that your current data processing does not comply with the new regulations you will need to review it and ensure that you have pro-active consent and proof of this consent from all of the customers already on your marketing list.
Whilst the GDPR may mean that you need to take a little time and effort to get your customer database up to date, it could actually have a positive effect on your marketing. It is designed to help build customers’ trust in your brand as they will feel they have far more control over how you use their data. By asking customers to positively opt in to your marketing, and being more specific about informing them how you will be marketing to them, you can also feel confident that your marketing is going to a receptive audience who really do want to hear about your products and services and have a genuine interest in your business.
Whilst this is a brief guide to the regulations you should make sure that you familiarise yourself with them in detail to feel confident about how your business is dealing with customer data when it comes to your marketing strategy. You can find more information and specific checklists on the Information Commissioner’s Office website. We also recommend that you discuss any issues with a legal expert who will be able to answer any questions that you may have in greater depth.