It’s Coming! It’s Here! What’s GDPR? Help!!!
Now take a deep breath and relax. The GDPR is a big deal and it will effect all businesses but there is no reason to panic. While the potential fines for businesses across Sussex and far beyond are massive there is still time to comply. The fact of the matter is that a huge number of businesses are still only just hearing about the GDPR and many will be working towards compliance for months to come.
GDPR For Marketing and Websites
It is important to look at the different aspects of the GDPR because there are a lot of consultancies out there offering a fix all service that may not quite fix all. The GDPR covers the storage and processing of personal data. This means businesses have to comply with regards to the data they hold on their staff as much as they do for the data the hold and collect from customers and potential customers. Here at 427 we have no problem in saying we are not HR experts and are not able to help you with personnel based GDPR compliance however, when it comes to the marketing end and making your website compliant we can do the lot!
We are certified under The Chartered Institute of Marketing to deal with the GDPR compliance around marketing activity. What does this cover?
- Compliant website forms
- Existing E mail database compliance
- Assessing the legal basis for processing
- Data Requests
- Assignment and explanation of Data controllers and Data Processors
- On going data capture
This might all sound quite daunting but it really isn’t. Yes it is a bit of a pain, there is not doubt about that but it will protect us all as individuals of data subjects as we are known under the GDPR.
GDPR Compliance for Small Business Marketing
Existing E mail Lists
This is a really major factor for a lot of businesses. You may have spent years building a massive e mail database you now use to market things to once in a while. You may have only built up a list of 50 but they are all important customers. Are you allowed to use it anymore? Well it depends on a few factors and the legal basis you use to process the data. There are actually a number of reasons you are still allowed to e mail people but in most cases you may need to get in touch with them and get their consent to continue to process their data.
Legal Basis for Data Processing
This is going to be a serious buzzword in the months and years to come. Legitimate Interest is a legal basis for processing data which allows you to contact people without consent. It is the basis where there is a clear reason behind the contact and an understanding that it is in the interest of the data subject to do so. This could perhaps be because their gas fire is due a service and it is in the interest of their health and safety to e mail them and tell them so. However, justifying legitimate interest could be tricky and it is something to be very careful with if you are considering this as a basis for using the data you have.
Using contract as a legal basis for consent is certainly very useful for a lot of businesses. This basically means you can use and store someones data if it is essential to carrying out the service they have requested. An example would be ordering an item on line; You simply have to collect address details etc or you cannot send the item. They key here though is how long you store the data. It should only be stored as long as is needed to fulfil the contract so you can’t then hold the data for years and e mail them once a month about new products. To do that you would need consent or to justify legitimate interest.
Contact Us For Help
Get in touch today for a chat about your existing website and e mail set up and how we can help you become more GDPR compliant. We work with businesses right across Sussex and further afield too. The GDPR doesn’t have to be scary and it doesn’t have to cost you a fortune. You can get your website and marketing processes compliant and still working well with just a little time and investment.