It’s Coming! It’s Here! What’s GDPR? Help!!!
Now take a deep breath and relax. The GDPR is a big deal and it will effect all businesses but there is no reason to panic. While the potential fines for businesses across Sussex and far beyond are massive there is still time to comply. The fact of the matter is that a huge number of businesses are still only just hearing about the GDPR and many will be working towards compliance for months to come.
GDPR For Marketing and Websites
It is important to look at the different aspects of the GDPR because there are a lot of consultancies out there offering a fix all service that may not quite fix all. The GDPR covers the storage and processing of personal data. This means businesses have to comply with regards to the data they hold on their staff as much as they do for the data the hold and collect from customers and potential customers. Here at 427 we have no problem in saying we are not HR experts and are not able to help you with personnel based GDPR compliance however, when it comes to the marketing end and making your website compliant we can do the lot!
We are certified under The Chartered Institute of Marketing to deal with the GDPR compliance around marketing activity. What does this cover?
- Website privacy policy
- Compliant website forms
- Existing E mail database compliance
- Assessing the legal basis for processing
- Data Requests
- Assignment and explanation of Data controllers and Data Processors
- On going data capture
This might all sound quite daunting but it really isn’t. Yes it is a bit of a pain, there is not doubt about that but it will protect us all as individuals of data subjects as we are known under the GDPR.
GDPR Compliance for Small Business Marketing
If you are not sure if you are compliant then you are probably not. There may not be a great deal you need to do but there will be a few things. Compliance is an ongoing process so getting it set up from the start is wise. We are able to help you produce and new privacy policy, set your enquiry forms up correctly and make some clear and simple changes to how people are able to contact you regarding their data. These changes will go a very long way towards showing the ICO you are compliant.
Existing E mail Lists
This is a really major factor for a lot of businesses. You may have spent years building a massive e mail database you now use to market things to once in a while. You may have only built up a list of 50 but they are all important customers. Are you allowed to use it anymore? Well it depends on a few factors and the legal basis you use to process the data. There are actually a number of reasons you are still allowed to e mail people but in most cases you may need to get in touch with them and get their consent to continue to process their data.
Legal Basis for Data Processing
Legitimate Interest
This is going to be a serious buzzword in the months and years to come. Legitimate Interest is a legal basis for processing data which allows you to contact people without consent. It is the basis where there is a clear reason behind the contact and an understanding that it is in the interest of the data subject to do so. This could perhaps be because their gas fire is due a service and it is in the interest of their health and safety to e mail them and tell them so. However, justifying legitimate interest could be tricky and it is something to be very careful with if you are considering this as a basis for using the data you have.
Consent
This is the big one. It is now more important than ever to ask for consent if you intend to use the data for any kind of marketing. The consent must be given freely which means it cannot be a pre requisite of using your service to tick the box. It must be given when the reasons for it being taken are clear and unambiguous. You cannot use auto filled tick boxes or a little note saying ” by typing in your name you agree to everything in our privacy policy” The consent needs to be given not assumed. If you are dealing with any data that falls into the special categories like religion, sexuality or political views then consent must be given explicitly with a statement.
Contractual
Using contract as a legal basis for consent is certainly very useful for a lot of businesses. This basically means you can use and store someones data if it is essential to carrying out the service they have requested. An example would be ordering an item on line; You simply have to collect address details etc or you cannot send the item. They key here though is how long you store the data. It should only be stored as long as is needed to fulfil the contract so you can’t then hold the data for years and e mail them once a month about new products. To do that you would need consent or to justify legitimate interest.
Contact Us For Help
Get in touch today for a chat about your existing website and e mail set up and how we can help you become more GDPR compliant. We work with businesses right across Sussex and further afield too. The GDPR doesn’t have to be scary and it doesn’t have to cost you a fortune. You can get your website and marketing processes compliant and still working well with just a little time and investment.