GDPR - 10 Things You Must Know –

Uploaded on 2017-09-05 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

GDPR - 10 Things You Must Know If you email your customers. On 25th May 2018, the new General Data Protection Regulations (officially (EU) 2016/679) comes into action. Remember the date: 25th May 2018 

This is kind of a big deal for all companies who send emails to their customers with news, offers, events, promos – well, any sort of email communication!

It’s pretty serious too, maximum fines for non-compliance with the GDPR is 20 Million Euros or up to 4% of a business’s annual worldwide turnover, whichever is the greater.
 

So, you’ll agree that it’s worth making sure that your business is GDPR complaint when it comes to communication to your customers via email, right!?

Where to start!
If you’ve already started looking into this in preparation for next May, well done you! If like us, you started off by looking at the content on the Information Commissioner’s Office (ICO) website then you probably curled up in a ball and hoped you were having a nightmare! Yes, it’s not exactly light reading is it!
So, after trawling the net and reading some excellent third-party resources, we’ve put together, in our opinion, the most important 10 things you need to know about GDPR relating to emailing your customers and contacts.

1. Your email contacts must of double opted-in to your lists – oh yes!
Under the new GDPR regulation, all the contacts you have in your email database for communication and marketing MUST have double opted-in to your lists. 
So, that means they actively ticked a box or selected an option and then, checked their email and clicked on a link to confirm (that’s the double bit…). 
This then ensures that the owner of the email address absolutely 100% wants to receive emails from your company, no question.

2. You need tell subscribers what they are signing up for and what they will be receiving
This is important! You need to let people know what you will be sending them and how often this is likely to be. Be as clear and transparent as you can. Give people as much control as possible when they sign-up to your marketing list. Perhaps you send customers offers, news and event promos, why not let people choose what they do and don’t want to receive when they sign up – give them full control!

3. You have to keep a record of consent from the email contacts you have on your database
This is a biggie! So, under new GDPR rules you need to be able to prove that you have had consent from each person to use their email address, and, this needs to include a statement that explains to them what you will be using their email address for. Key data to collect here would be Name, Permission Statement, Date, Time and IP Address, but, the more the better. Make sure that this data is not only collected but is securely stored and can easily be called upon if/when needed.

4. GDPR also applies to existing data. 
OK, so if you thought you can continue to use the data that you’ve already got and that you just need to play by the book form now on, nope. If you have email addresses in your database for which permissions have not been collected according to the GDPR’s rule book, or if you can’t provide any firm evidence of consent for your contacts, then you can’t use them. To repeat that, you can’t use them.

5. You need to make sure your Privacy notice is GDPR compliant
So, you’ll need to make sure that when a user signs up to your website, blog, offers page or whatever they are interested in – you need to be telling them exactly what you are going to be sending them, what you are using the data for, how you are storing the data etc (there is lots to include).

6. Permission to use an email address for marketing cannot be inferred from silence, pre-ticked boxes or inactivity
No more, sneaky tricks to get people subscribed to your email database. We need to be clear, transparent and put the control 100% into the hands of the email address owner. So for example, tick boxes for email newsletter sign-ups can’t be pre-ticked and we can’t just ‘assume’ they want to receive emails because they’ve bought loads of products from our shop or given us a nice review.

7. Make sure you have a procedure in place to detect, report and investigate any breaches in personal data that you hold
Do a review of the contact data that your company holds and make sure that if someone complains about the misuse of their data that you can quickly find out why this happened and importantly, quickly resolve the issue to make sure it never happens again.

8. You can’t hide data collection and privacy policy information in your main terms and conditions
When providing people with sign-ups to your mailing lists, you can’t just hide this information in your general terms and conditions any more – you need to make sure you have a separate statement specifically for how you are going to use their email address.

9. Get it right, as it’s not worth the risk. Fines could reach 20 Million Euros!
Although, in our opinion, GDPR will only really hit the ‘big boys’ if they don’t follow the rules, it’s important to make sure you have a legal and responsible email delivery procedure at your business, after all, it’s going to be EU Law from May 2018!

10. There is still time – what are you waiting for?
Don’t panic – we’ve still got time to get our email data up to scratch and legal. Why not start with a new ‘Email Consent’ campaign to target all your contacts (whilst you still can) and ask them to sign-up and double-opt in to continue to receive awesome emails from your business.

You should give them as many options as possible, including an option to opt-out… you may as well, after all, this is the whole point of new GDPR regulation. If people don’t want to receive emails from you – they shouldn’t have to! 

Summary
At the end of the day, if you’ve got a sound database of contacts that do want to hear from you, you’ve got nothing to worry about, right?  It’s only those contacts who don’t want to hear from you that you’ll lose, and to be honest, if they don’t want to know what you’re up to, the marketing impact on those people will be minimal. 

LinkedIn Pulse: 

Matt O'Byrne is Managing Director of Dolia Design Ltd
 

 

« Russia's US Election Hacks More Persistent Than First Thought
Cybersecurity Rules For Autonomous Vehicles »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.