We’re all sick and tired of emails and events about GDPR, but how many of us are actually ready? Here are some handy tips I wrote for the fantastic team at Consider – you can read the original article here. It’s not intended to be legal advice, just a start to get you thinking. If you want to chat a bit more about it, get in touch!
The General Data Protection Regulations (GDPR) come into force on 25th May this year. There’s not long to go! Database marketing people have been talking about these new regulations for a while. But not everyone’s made the changes they should have. If you’re sending regular emails to donors, customers or students, you need to be GDPR-compliant. Here are 5 things you need to check:
1. Know what ‘consent’ now means
You’ve no doubt got used to asking for people’s consent before you send them your marketing communications. But GDPR tightens up the definition of ‘consent’. Here are some quick do’s and don’ts based on the official guidance so far:
- Do be specific about the marketing you’re planning to send – for example, say it’s a newsletter.
- Don’t use a vague call to action such as ‘would you like to hear from us?’.
- Do make sure consent is given freely.
- Don’t enforce compulsory data sharing as part of a process to enter competitions, prize draws or other kinds of incentives.
- Do keep people informed about why their details are being collected, how these details will be used and what they can do if they don’t want to hear from you.
- Do make sure your opt-in statement and verification email messaging is absolutely unambiguous.
- Don’t be unclear (and please don’t think you can continue to use an opt-out statement – you know this, right?).
- Do check people have indicated by a clear affirmative action that they want to hear from you.
- Don’t think that silence equals consent.
2. Review your mailing list
There are probably a fair number of people on your mailing list who gave their consent the old-fashioned way, pre-GDPR. You need to check with them that they’re happy to opt in to receiving your marketing communications.
- Do take the opportunity to ask people if they’d still like to hear from you and what they’d like to hear about. Aim to reignite their interest in your brand.
- Don’t send people a rushed email soliciting their consent under GDPR (a subject line unlikely to inspire much interest).
- Do give people the option to say ‘thanks but no thanks’ on every email and, if they do, delete them from your mailing list. They’re obviously not engaging with your brand anyway.
- Don’t keep on sending people emails if they’ve failed to respond to the first couple you send.
3. Update your forms
- Do make sure your data capture forms and phone scripts meet the new GDPR definition of consent.
4. Check your back-end systems
It’s not just your website marketing messages and call centre scripts you need to check for GDPR compliance. You also need to review the content management systems and databases they are connected to.
- Do make sure your systems are able to record how and when a person responded as well as how they were asked for their consent.
- Don’t think there’s a need to keep a record of each email, phone call, or form entry. All you need is an example of each.
If you’re using marketing automation or client relationship management software such as Marketo, make sure it can accommodate the updates you’re making.
5. Have a crisis communications plan
- Do have a plan for communicating with enquiring customers and the media around how you handle data.
- Don’t think that your organisation will never suffer a data breach and do establish a communications strategy in case this happens.