The European Union's General Data Protection Regulation (GDPR) came into force on 25th May 2018 and affects both individuals and businesses within the UK. The framework was designed with the aim of enabling European citizens to control how organisations collect, store and use their personal data – and companies falling foul of the rules can be forced to pay large fines.
The criteria laid out within the GDPR are particularly relevant for businesses carrying out inbound marketing activities. Let's take a closer look at some of the requirements you need to meet.
GDPR – The Basics
Anyone who handles an EU citizens' personal data is required to comply with the GDPR: according to the regulation, that includes anyone classed as a 'data controller' (an entity who determines why and how personal data should be processed) or a 'data processor' (an entity who processes personal data on a controller's behalf).
While these definitions may be confusing, in practice, if you're collecting, storing and using information such as people's names, addresses, telephone numbers or even their IP addresses, you need to abide by the rules. If you're controlling or processing 'special category data', such as information about people's health, race, religion, sexual orientation or political affiliations, you'll be subject to even tighter controls.
What More Do You Need To Know About It?
The framework contains a host of regulations and these can be tricky to interpret, so to ensure that your company is compliant, it's important to take legal advice. However, here are a few of the things that you'll need to consider:
- Is your mailing list compliant? - In order to comply with GDPR, you can only contact people who have clearly and voluntarily expressed their consent. Even contacting your customers to ask for consent retrospectively is a breach of the regulations. If you haven't actively sought their consent and gained it in advance, you'll need to remove their details from your lists. You can't use pre-ticked opt-in boxes on your literature or contact forms either.
- Do you ask for too much personal information? - You can only process personal data for specific purposes, such as to fulfil legal or statutory obligations, or in order to deliver a contractual service to someone. These purposes are listed in the GDPR. This means that you can't simply collect personal data because it may be useful in the future or because other companies ask for it on their online forms. Therefore, you'll need to work out what data you actually need, check that you're allowed to process it, and ensure that you aren't asking for any other information.
Seek Professional Help
If the thought of planning GDPR-compliant marketing activities concerns you, seek expert assistance. JDR can help you to create and implement inbound marketing strategies which comply with the GDPR and other data protection regulations. To discuss your concerns in detail, please call 01332 343281.
Image source: Pixabay