Posted by Ryan Pascoe
25 April, 2018

You’ve probably heard of GDPR, but much of the official guidance is vague and jam-packed with jargon. Here, we cover what GDPR is and what you need to do to comply with it in practical, straightforward terms.

What is GDPR?

The snappily named General Data Protection Regulation (GDPR) is a change in data-protection law. It’s designed to safeguard the personal data of all individuals from within the EU. In this context, ‘personal data’ means any information relating to an individual, including their name, address and email address, as well as other data such as their IP address and behavioural habits.

How could it affect you?

If you have a newsletter subscriber base, much of the information you’ve carefully collected about your contacts will now be considered personal data. This means that under the GDPR you’ll need to comply with the new regulations.

Under the regulations, individuals have five key rights relating to personal data.

  • The right to be forgotten: they may request that you delete all their data without delay or charge.
  • The right to object: they may prohibit use of their data for specific reasons.
  • The right to rectification: they may request that incorrect data is corrected or incomplete data is added.
  • The right of access: they have the right to know what data you hold and it must be easy to get in touch with you to find out this information.
  • The right of portability: they may request that personal data held by one organisation be transferred to another.

What do you need to do?

There are a number of steps you can take to comply with the new regulations, both on your website and in your printed and email marketing campaigns.

Update your privacy policy

Your website’s privacy policy should outline what data you collect and store, where it is held (e.g. the name of your newsletter system), and how users can contact you to access any information held about them. 

Make sure your website is secure

If you store any data within your website, such as through forms or sign-ups, you need to make sure that this data is secure.

Update thank you and preferences pages

You’ll also need to update any thank you and preference pages so that they give the users the relevant data-protection information, perhaps linking through to your privacy policy.

Send a reconfirmation email

If you’re not sure whether the data you hold complies with GDPR, you’ll need to run an opt-in campaign to all current newsletter subscribers, with a clear choice to opt into further communication. You can also give people the option to remain on your list but update their preferences.

Once you’ve run this campaign you’ll need to delete any subscribers who don’t respond. It may seem a little scary to lose valuable contacts, but it’s shown that removing ‘zombie’ leads increases marketing engagement and reduces cost.

Remove pre-ticked boxes

Pre-ticked boxes, silence and inactivity are no longer considered consent, so make sure you update any pre-ticked boxes on your website. The way in which the user opts in needs to be prominent, and they must be active in, and aware of, consenting to the storage, use and management of their personal data.

Clearly state how you might use the data you collect

You need to detail how you’ll use the data you’re collecting in a way that’s easy to understand. Make sure this message is prominent on forms or sign-up pages and written in clear language. You also have to get separate consent for different processing activities, and you must highlight this when getting consent, so it’s important that you include all the possible ways you might use the information you’re collecting. For example, when asking for a date of birth for a birthday email campaign, or a postcode for a location-based campaign, you must be clear that the subscriber should expect this type of automated content and they must agree to it.

Make it easy for subscribers to remove or update information

You need to make it clear how subscribers can get in touch with you to remove or update the data you hold. Make sure you have links in the footers of all email campaigns that allow subscribers to unsubscribe or update their preferences. You’ll also need to add similar information to printed mailers, with details on how the recipient can opt out of future marketing. 

Be ready to update data

Under the new regulation, requests to update or remove data must be handled within 30 days. Make sure you’ve got a process in place whereby you can quickly action any amends or deletions.

When is the deadline?

The GDPR comes into effect on 25 May 2018, and by this date you must have updated all your policies and reconfirmed your newsletter subscribers. However, it’s better to be prepared in advance – it’s likely that people will be bombarded with reconfirmation emails around the deadline, so don’t let yours get lost at the bottom of the heap. 

How can we help?

If we already work with you on newsletters or a website, we should have been in touch with information and templates to help. If you’re not already a Nixon client, but would like some guidance on complying with GDPR or help updating your policies, feel free to get in touch or call us on 01736 758600.

You can also see our full list of digital services, from web development to email marketing, here.