GDPR: What it means for businesses

The term GDPR has been talked about constantly over the past year, as businesses all over the UK prepare for the new regulations to come into play on 25 May 2018.

For those of you who are not so familiar with it, GDPR stands for General Data Protection Regulation and it is being rolled out by the European Union to strengthen consumers’ rights surrounding how their personal data (name, date of birth, address) is collected, used and shared, putting them in control of what companies do with their details.

In the PR and marketing industry, it will have a massive affect on how businesses communicate with their customers and completely change the way data is handled going forward.

From the end of May, businesses will need to prove when and how they obtained consent from customers. It will also mean that the collection of data needs to be relevant for the purpose. So if you run a campaign or competition, you can only use the data that was gathered for that activity. Creating another purpose to use that information will need further consent, which means the traditional way of growing databases is no longer acceptable.

Speaking of databases, these will need to be regularly cleansed and reviewed to ensure your organisation can identify if consent has been granted lawfully and fairly – otherwise it will result in hefty fines.

Last year, JD Wetherspoon made the drastic decision to delete its entire customer database to avoid any possible fines in the future. Instead of its monthly newsletters to customers, it will now upload offers and news to its website as well as sharing it on social media.

So should every business follow suit? Whilst not every organisation needs to go to such measures, it is important that these regulations are understood in great detail and every effort is taken to ensure that customer data is carefully looked after.

Here’s some ways you can start preparing for the changes:

  • Begin with auditing your mailing list and remove any record of individuals who haven’t clearly opted-in to receive newsletters. For all new subscribers, why not send an automated email to confirm the subscription so that you have a record of their agreement.
  • Contact your current database and ask whether they still want to hear from your business.
  • Set up a CRM system to keep your database safe and secure.
  • Encourage customers to add themselves to your mailing list by launching a pop up on your website when they visit.
  • Depending on the size of business, recruit someone new or appoint someone within the team to be the data controller. You will need to provide them with the necessary training to ensure they’re managing the data correctly.
  • Finally, look at whether the data you’re collecting is necessary. Are there elements that you don’t need? For future sign-ups, only ask customers for the information you really require.

Although it sounds daunting, if you look at the bigger picture, GDPR should lead to an overall increase in data quality for businesses and as a whole, it’s an opportunity to really find out the needs of your customers and tailor your communications to them, rather than a ‘scattergun approach’.

For more information and advice, contact the team here.

Categories: Blog

Tags: , , , ,