When we give out marketing tips, we usually discuss fun and creative things that we believe will help you develop your marketing activities. The topic of this blog post is not something particularly ‘fun’, but it is something that is vital for all small business owners to be aware of. We have broken it down into more digestible information that can be adapted to every industry.
As the world rapidly evolves into a more digital space, data has become the most valuable asset in the world, overtaking gold and oil. GDPR came into effect in the UK in May 2018, and since then businesses have needed to become much more aware of the data they hold and how they store it. This was further developed with PECR (Privacy and Electronic Communications Regulations) in March 2019.
What is GDPR?
General Data Protection Regulation (GDPR) is the legislation surrounding keeping people’s data safe, ensuring companies cannot abuse it. In simple terms, to store somebody’s data, you must have received permission and you must store is securely. You cannot sell data or send people unsolicited marketing materials.
How can you make sure your business is GDPR compliant?
Making sure that you are complying with any regulations can be worrying, but we have put together a simple checklist to ensure you are collecting and storing data in the best way possible for your business.
Only collect the data you need – Gone are the days where businesses gave you a 2-page long questionnaire to collect information about you that they don’t necessarily need. It’s important to make sure the information you have is relevant to the service you offer to them. Keep it simple – include a name and one or two forms of contact (email address, phone number or address).
Make sure your customer data is secure – If you keep physical paper records, they need to be stored in a locked filing cabinet where only you have access to them. This also includes not leaving customer’s details written down in a diary or calendar. If your data is stored on a computer, it should be password protected and you need to run anti-virus software. The main question to ask yourself is have you taken appropriate actions to ensure sensitive data is secure.
Have a removal process in place – Do you have a process in place to remove a customer’s details from your records if they ask? Have you told your customers that you can do this for them if they wish? It’s important to have a written process in place that you can show customers those details how they can go about having their details removed and who to contact if they want that to happen. This information is usually contained within your privacy policy (both written and on your website). This also includes removing their data from all legacy documents and software and you need to be able to prove to a customer that you have done it.
Customers have to OPT IN – GDPR regulations require a positive action to say an individual is happy to receive communications from a company. You can make it part of your general terms and conditions that you will store customers information for future bookings or communications, and people have to be very aware that they have accepted this. This also refers to your website cookies.
What are the implications of not adhering to GDPR?
The GDPR legislation rules are still being tested through the legal system, as it is still new and evolving. However, there are high penalties being issues for companies found in breach of the new law. However, it is unlikely that small to medium businesses will be investigated in the next 5 years.
These rules are there to protect us, protect our data and make us remember that our details are valuable assets that should be treated with respect. However, as long as you are taking plenty of care to ensure records are relevant, kept secure and you are respectful of people’s personal information you do not need to worry as much as people selling GDPR services will tell you.
If you need any more help or advice on making sure your marketing efforts are GDPR compliant, please get in touch with us here.