The new General Data Protection Regulation (GDPR) has been in force in the UK since May 2018. It’s the biggest change to data privacy regulations in 20 years. And it can have a big impact on your small business – particularly on your marketing.
The changes the law introduced are quite complex. So here’s an overview of what the new regulations say and what you need to do in order to comply.
What is GDPR?
GDPR is a law which aims to protect the personal data of EU citizens. It ensures that businesses are using this data in a fair, safe and secure way. As a small business, this means that the way you collect, store, use and share personal data has changed.
GDPR applies to any business worldwide dealing with personal data of EU and UK citizens. That includes sole traders and small businesses like us, all the way up to huge corporations.
The law affects both online and offline data. And it applies to internal communications as well as customer-facing data collection.
The six principles of GDPR
GDPR has six main principles at its heart. These define what personal data is and what responsibility small businesses have for their customers’ data. It also outlines how you can ensure compliance with the new legislation. Let’s have a look:
- Lawfulness, Fairness and Transparency – You need to make customers aware of what their data will be used for. Ensure it is used only in the way you have described, and that it meets the requirements of the GDPR law.
- Purpose Limitations – Personal data can only be obtained for specific and legitimate purposes. It cannot be used further without additional consent.
- Data Minimisation – Only the minimum amount of data required for the specific purpose should be kept.
- Accuracy – Data should be kept up to date, and any inaccurate data should be updated or deleted.
- Storage Limitations – Data should only be kept for as long as it is needed, and anything no longer required should be deleted.
- Integrity and Confidentiality – Personal data should be processed in a secure way that ensures it won’t be lost, destroyed, damaged or unlawfully used.
What does GDPR mean for your marketing?
Marketing is all about connecting with people and using their data to give them the information they want. So GDPR makes it really important to review your marketing and ensure it’s GDPR compliant.
Here are the four main areas where GDPR has an impact on your small business marketing:
There’s no need to panic – collecting data is still absolutely fine. You just need to make sure you’re doing it properly and letting people know how and why you’re using their personal data.
Make sure you know where you collect what kind of data and what for and keep it safe. Take a note of what third-party systems you use to store personal data of your customers and employees.
Additionally, you need to define how long you’re going to keep the data after, for example, the last transaction with a customer. Put a routine in place to regularly clean up data in your small business and make sure it’s always up to date.
2. Double opt-in
Consent is a vital part of the GDPR guidelines. And it means that opt-out consent is no longer an option. When collecting customer data (e.g for your mailing list), people must opt-in and confirm that they give consent for you to store their data. This is known as double opt-in.
You must also be able to prove you have this consent and give customers the option to withdraw their consent at any time. Also, consent must be freely given. That means an exclusive content download cannot be dependent on someone consenting for you to have their email address anymore.
Chances are, you already have an email list full of customers. So ask yourself: Has everyone on the list consented using double opt-in? If you started collecting data a few years ago, probably not.
You also need to make sure customers can easily access their data and remove consent if they wish. For example, this can be as simple as including an unsubscribe link at the bottom of emails.
Or you can add a section on your website which allows people to manage their email and cookie preferences.
Customers have the option to request deletion of all their data from any company and you have to be able to comply within a short period of time. So make sure you always know what data you hold where at any given time.
Don’t forget to have a think about what kind of data you really need to be collecting. In order to keep things simple for yourself, it’s good to collect the bare minimum of data you need. Sometimes a name and email address are all that’s required.
You have to be able to prove you need this data. So make sure it’s actually relevant to your small business. For example, if you’re an online shoe store knowing someone’s shoe size is relevant. If you’re a freelance web designer, not so much!
There are no fast rules in the new regulations which data you can keep and for how long. You simply need to be able to explain why you are storing the data in question. And you’ll better have a good reason for it.
If you think it all sounds a bit complicated, I don’t blame you! There’s a lot to take in but as long as you’re prepared, the new GDPR rules should fit nicely into your small business marketing strategy.
Here are some great resources to help you understand GDPR even better:
- Business Gateway’s Digital Boost GDPR for Business Guide – lots of information about what GDPR is and how it will affect businesses, plus a handy checklist to make sure you’re compliant
- Claire Brotherton’s GDPR Guide on wpmudev – all you need to know about making your website GDPR compliant, including contact forms and third-party plugins
- Purple’s GDPR Toolkit – free download with lots of information about GDPR, particularly relating to how it affects marketing
- ICO’s Guide to GDPR – comprehensive guide from the UK’s data protection authority, including information about the steps you need to take now, and a checklist to make sure your business is compliant
Also, have a look for events and workshops in your local area which can help you understand GDPR further.
To read more about this topic, have a look at these:
5 Tips to Boost Your Small Business With a Newsletter
10 Tips for Growing Your Mailing List
Does Direct Marketing Work for Small Businesses?
7 of the Best Resources for Small Businesses in Edinburgh