The new General Data Protection Regulations (GDPR) come into effect next month on May 25th. They are designed to give individuals more control over their data and how it is used.
From a small business point of view this should be seen as good news. For two reasons:
- You will no longer receive annoying emails from people who met you briefly at a networking event and then added you to their email list without asking you first.
- If you use email as part of your marketing mix, GDPR gives you an incentive to review your list and make sure that you are using it in the best way.
Email Marketing and GDPR
If you send marketing emails to clients and prospective clients you need to be aware that under GDPR there are two main criteria among others (6 in total) under which it is acceptable to hold personal data for e-marketing purposes:
- Legitimate interest – holding the personal details of past and present clients should fall into this category. As long as your emails are related to the product or service they have bought from you.
- Consent – it is OK to hold the details of individuals or companies who have given you their explicit consent. You need to be able to prove this. If you are using an email marketing system, such as Mailchimp, this should be stored and accessible on your account. If you have added people to that list without their consent, or if you are not using an email marketing system, you should contact those subscribers and confirm they are happy to continue to be on your mailing list.
Two further important points:
Anyone on your mailing list must be able to unsubscribe easily.
If your mailing list has evolved over time and you’re not sure how some of the names on it came to be there, GDPR is the event you need to carry out a tidy up. Use this as an opportunity to reconnect with potential clients, and to stop emailing people who are no longer interested. See it as a way of giving your mailing list a Spring Clean!
If you are using a recognised email system, and all your subscribers have actively opted into it, you shouldn’t have anything to worry about. GDPR is simply enforcing an ethical approach to email marketing which we should all welcome.
If you hold personal data for reasons other than email marketing a Data Audit is advisable. For example, if you employ staff there are other considerations regarding holding personal data which you need to check out with a HR specialist.
The Information Commissioners Office (ICO) website has all the information about GDPR. If you have any worries or need further help and advice speak to a legal professional.