Why You And Your Customers Need To Know About These 4 Boring Letters: GDPR
4 letters: GDPR. How boring does that sound?
Boring as it may seem, GDPR (General Data Protection Regulation) is vital for any business owner who has a database of customers’ email addresses and personal details to be aware of. Which I imagine is all of us here reading.
Have you heard about GDPR? If not, read on...
The GDPR is a new piece of EU legislation coming out in May 2018
The legislation says that anyone who lives and trades in the EU and holds customers’ email addresses and other personal data, must abide by new rules coming in May 2018. Or face a fine. Eeek.
Some of you might know about it, but I’ve met quite a few who don’t. So I want to give you an overview about what’s happening.
In short, the GDPR legislation is good for customers who get unwanted, spammy emails.
But for some businesses, it will be a headache
The new legislation dictates that all customers must have given their express consent for their data to be held. That means a business needs to tell a customer precisely what they’re signing up to when they tick a box (e.g. a weekly newsletter with advice and promotional messages). And customers must be free to unsubscribe at any time and have their data removed if they wish.
Customers must not be tricked into giving their email address or any other personal data
The legislation means that companies are not allowed to automatically opt someone in to receive something. Instead, someone must expressly say: ‘I want to sign up to XYZ’. And business owners must always be able to provide evidence of somebody’s express permission to sign up to something.
For companies who haven’t been transparent in the past, this is a problem
It means that they will need to re-contact everyone in their database by email, mail or phone and ask for people’s express permission to go on their list again.
To give you an idea of the challenge this holds for some businesses, I worked with a client who has thousands of names on his database, and who doesn’t think that all the names were obtained in line with the new GDPR legislation. He now faces having to create his list again from the ground up.
So what happens if you don’t follow the GDPR rules?
Well, you could be fined between 2%-4% of your turnover. The ICO fined Honda Motor Europe £13,000 after the company sent emails to thousands of customers in order to clarify their choices for receiving marketing, but did not secure their consent first.
"Honda believed the emails were not classed as marketing, but instead were customer service emails to help the company comply with data protection law," the ICO said. "Honda couldn't provide evidence that the customers had ever given consent to receive this type of email, which is a breach of privacy and electronic communication regulations."
Let’s look at examples of those who are not currently following the rules:
(Image source: Zettasphere.com)
You can see that the company has already ticked the box for you. That’s not good.Pre-ticked boxes are a big no-no. The box should be blank, because it’s the customer who must take the action to decide whether or not they want to tick the box. Unless the customer actively opts themselves in, the legal consent is not there.
In this second example, the question is framed negatively:
(Image source: Zettasphere.com)
Saying “I don’t want to be contacted” and leaving the box empty means that the person is actually automatically opted in if they leave it blank. It’s clever, but it’s also underhand. Instead, the correct option should say: "I do want to be contacted” with an empty box showing. This is clearer and unambiguous.
Take a look at this good example (funnily enough from a company who is giving a free eBook about GDPR):
This company is clear, simple and unambiguous about what they are offering and what people are signing up to. Plus the customer would need to take an active step to tick the opt-in box. This would show that a customer wanted to opt in and is aware of what they have signed up to.
What these examples show is that you have to be utterly transparent, unambiguous, and keep things simple and easy for people.
You have to be clear about what people are signing up to, where their data is held and what they will be receiving. At the end of the day, it’s also just good manners!
But you may be thinking, won't all this kill the speed at which my email database will grow?
It may initially, but would you rather grow your database rapidly without abiding by the GDPR rules, only to have to start again? Or would you rather grow more slowly in the correct, legal way, where you’ll have quality email addresses from people who are actually interested in your business? Who knows, your open and response rates might get stronger as a result!
This topic is too deep a rabbit hole to be covered fully in this post, so I’ve put a link here to a PDF explaining the GDPR in more detail for you.
Good luck, and email me if you have any questions about it.
So remember: May 2018, GDPR. Perhaps not so boring after all!
Simon | The Chief Apricot | thebigapricot.com