The new General Data Protection Regulations (GDPR) come into force on May 25th, 2018. These new regulations strengthen the rules on personal privacy and have important implications for businesses large and small. The new regulations also come with teeth, with non-compliance attracting fines of up €20M or 4% of global turnover.
The UK authority responsible for upholding the new regulations is the Information Commissioners Office (ICO), who have an excellent Guide to GDPR for businesses and organisations on their website.
GDPR requires businesses to review all their procedures and policies around individual data privacy. GDPR will impact many areas of marketing including your website, email marketing and how you manage personal information internally, on your CRM system for example.
GDPR and your website
Given that your website is a live, publicly available part of your marketing, getting it ready for the May 25th deadline is important. So here are a few aspects to consider:
- What information is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complain?
For more information please see the privacy notice section of the ICO Guide to GDPR.
2. Update your contact forms
Whenever you are taking personal data you need to make sure you are gaining proper consent. For simple enquiry forms, it’s helpful to include a simple consent statement at the bottom of the form, for example:
If you are planning to send email or SMS marketing then you need to be transparent about your intentions and ensure that you gain freely given, informed, specific and unambiguous consent, for example:
“Would you like to receive free news & insights from us every month by email?
3. Integrate an SSL certificate
As part of GDPR you need to keep all personal data secure, which includes ensuring the information being transferred from your web user’s browser and your website server is unreadable if intercepted, for which you need an SSL certificate (secure sockets layer). There are a couple of other great reasons to have an SSL:
- Google Chrome and other browsers are now displaying ‘insecure site’ warnings for sites without SSL
- Google gives sites with SSL a positive ranking signal to boost search rankings
4. Update your email signup process
If you have an email newsletter signup on your site you will need to update the wording and process to ensure you are gaining GDPR compliant consent. Rather like the update to your contact forms you need to be transparent with your intentions and obtain positive, informed and unambiguous consent to send your marketing. Most good email marketing platforms should have, or be moving towards allowing a GDPR compliant signup process, certainly our email marketing service does. You may also want to consider using a double opt-in as a belt and braces approach.
5. Don’t forget analytics
GDPR is a complex area and will impact many areas of your business. This blog is designed to help you understand the impact of GDPR on your marketing, but it is not designed to be taken as specific recommendations or advice. It is your responsibility to ensure your business is GDPR compliant, for more information on GDPR please see the Information Commissioners Website: