When the EU’s General Data Protection Regulations legislation comes into effect on 25 May 2018, it will have an immediate effect on any business-to-consumer enterprise.
The GDPR includes a number of key legislative changes that will affect how you gather your clients’ personal data, and how you market your product or services to your consumers.
It should go without saying that any marketing campaigns will have to be re-examined to confirm that they are compliant with the new legislation before the deadline.
A question of consent
Under GPDR, any marketing options must default to the least intrusive. In other words, clients must now make a conscious decision to opt-in to a mailing list or other marketing tool, rather than opt out.
Therefore, you will no longer be able to have a pre-ticked choice where the client opts in. Likewise, consent has to be unambiguous, and purpose-specific, meaning that you must specify exactly what you are using a customer’s personal data for, be it market research, mailing list purposes, or whatever.
Once a client has opted in, you must provide a way for them to unsubscribe, at any point, and this way must be clearly signposted.
Finally, you must keep a record of how your client’s consent was requested, captured and stored, in a manner that can be audited.
Managing your existing database
A big issue facing B2C businesses is whether they are legally permitted to use the information held in their existing database. Ultimately, it depends on how the original client information and consent to use it was obtained.
You will need to be able to prove that you gained consent for future use in a way that would be compliant under GDPR, even if you gathered that data prior to its implementation.
Fortunately, the GDPR legislation recognises the concept of “legitimate interest” which covers those areas where you do not need to ask for permission to process data that you already hold about your customers. This includes contacting previous customers regarding other products and services you consider to be relevant: this would fall under legitimate interest and not require specific marketing consent, so long as the content is relevant, based on your previous interaction with the customer.
Sign up statements
At the point of email sign-up, individuals should be presented with a statement that clearly outlines what it is that they are subscribing to and how you intend to use their data. The specific wording of such a statement has yet to be agreed upon, but it's doubtless guidance will follow before May 25.
Existing data protection law allows customers to obtain a copy of any personal data a company or organisation holds on them.
An important change under GDPR is that this right is extended to incorporate the correction and deletion of any personal data.
This means that any personal data about that individual must be erased from all your systems and databases, upon their request, so that no link remains that can personally identify the consumer from the data held.
Get ready for May 25 2018
Now is the time to make sure that your existing data and data capture processes are in line with the new regulations in May 2018.
Further reading for GDPR
The Direct Marketing Association (DMA) has a great GDPR section on their website where you can find out all you need to know about how GDPR will affect your business - https://dma.org.uk/gdpr
Also Econsultancy has dedicated a section in their website called - "GDPR for marketers: best practice, tips and case studies" where you can view regularly updated information about GDPR - https://econsultancy.com/hello/gdpr-for-marketers/