The General Data Protection Regulation (GDPR) will affect every organisation that collects and handles customer data.
Most businesses are well aware that a new data protection law is coming into force on 25th May 2018.
The General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 and will affect every business and organisation that collects and handles customer data.
The Greater Lincolnshire LEP is currently going through a process to ensure compliance with GDPR. If you are subscribed to receive communications from us, look out for our email asking you to opt in to make sure you don't miss out on the latest news and invitations to events and workshops.
In the meantime, what do you need to do to make sure that your business complies with the new regulation? Here’s a rundown of the actions you ought to be considering…
Provide an ‘opt in’ function for your communications
GDPR means you need to change the way you collect personal data. Whether you’re asking people to sign up to a newsletter on your website or using data collected over many years, you’ll now need to ask all of those people to ‘opt in’ to receive communications from you. You must also ensure that you’re now keeping a record of these permissions too. The principle is that if you can’t evidence these permissions, you can’t use the data.
Give people the option to opt out
People on your mailing list must be able to remove themselves at any point should they wish to. A simple way of doing this is to add an unsubscribe link to your email communications, but you must act on replies to email communications promptly and remove people immediately.
Under GDPR you will no longer able to automatically opt people in to receive communications. ‘Check this box if you do not want to hear from us’ is no longer an option!
Don’t collect personal data you don’t need
Only collect the data you need for your organisation. If you don’t sell clothes, don’t ask for a person’s dress or shoe size.
Privacy policy
This policy should be published on your website and should cover why you’re collecting the data, what data you’ll ask for and who you’ll share it with. It should explain how people can remove themselves from your database and what you’ll use their information for.
Give people confidence that their data is secure
Your website host or provider can help secure your site by installing an SSL certificate. It’s simple to do and your website will display a padlock or green bar in the browser once it’s complete, giving visitors confidence that their data is secure.
An opportunity, not a threat
GDPR might seem daunting, but it does provide an opportunity to improve your communications and make them more targeted than ever. Once your business is compliant you will be certain that your contacts want to hear from you as they will have actively opted in to receive communications from you. In theory, this means your audience should be more receptive and engaged with your business than ever before. You should notice an increase in open and click-through rates on your email communications and a reduction in the bounce rate for your website - that is, the number of people who click on a link but leave after interacting with only one page.
GDPR provides an opportunity to find out what your contacts are interested in, so rather than giving a basic ‘yes or no’ option when asking people to opt in, you can now provide them with a list of options so they can pick and choose what sort of communications they want to receive.
Just remember to ask for permission and keep a record of when and how that permission was given.
By complying with GPDR, your business is being transparent with your stakeholders. People do business with people that they know, like and trust, and building trust involves doing just that. If you can demonstrate that you have your contacts’ best interests at heart, by treating their data with respect and storing it securely, then you will be well on your way to strengthening trust and engagement with them.
What you should do next…
The Information Commissioner’s website is a good place to get more information on GDPR: https://ico.org.uk. The ICO also recommends 12 steps that businesses should take immediately. Look at this as an opportunity to start afresh and have confidence in the legality and robustness of the data you hold.
There are a number of free GDPR events for businesses hosted by the Business Lincolnshire Growth Hub, and you can register via Eventbrite. Use this link to find sessions in your area: http://www.businesslincolnshire.com/events.