General Data Protection Made Simple

What is the GDPR?

We all need to stay ahead of the new General Data Protection Regulation (GDPR). It’s a new European legislation that strengthens the control individuals have over their personal information. But what does that mean for those of us in marketing and advertising?

The Headlines

Everyone holding or sharing customer data will need to comply with the new GDPR – or face the possibility of penalties.

Yes, it’s true, a double opt-in system may well reduce your sign-up from e-marketing campaigns and it will pose a challenge for our industry. But actually, contacts who choose to sign up will be more engaged and are more likely to respond positively to future marketing. If anything, we think it will prevent frivolous and unproductive data collection and mean the ROI of your marketing activities will be more valuable in the long run.

How to Stay on Their Subscriber Lists In 2018

We’ve dug into the details and the changes aren’t as scary as you might think. The biggest change for marketers is that the GDPR mandates that consent to data collection must be ‘freely given, specific, informed, and unambiguous’, and shown by a ‘clear affirmative action’. So that means no more pre-ticked consent boxes! Personal data can be anything relating to an individual within their private, personal or public life. This includes names, photos, posts on social media sites or a computer’s IP address.

  • Collecting Data
    • It’s important to keep in mind that you can’t assume consent based on inactivity. You’ve got to request consent and document it. If you currently use a pre-ticked opt-in box on marketing materials you will need to change it. Ask for consent with an un-ticked box. And be specific about how you’ll use their data.
    • The contact MUST agree to their data being used and that they can be contacted again.
    • Using double opt-in process for email subscribers is the best and safest approach. This means contacts complete a form, or click a consent box, and then confirm their instruction by clicking a link in a follow-up email.
    • You must also ask how a person wants to be contacted. If you currently engage online and by post, you need to be mindful that consent for e-marketing no longer gives you permission to send direct mail.
  • Recording Data There’s no getting round it. It’s time to audit the information you hold, where it came from and who you share it with. Tracking consent is now mandatory. You must be able to demonstrate a fair reason to use and process customer data.
  • Sharing Data As well as telling your customer how you’ll use their information, you must be clear who you share their details with.
  • Storing Data Privacy and safety is paramount. You’ll have to report any breaches to the Information Commissioner’s Office (ICO) and, in some cases, to the individuals affected. You’ll need to inform people about their data – see the ICO code of practice.
  • Accessing Data Individuals have the right to the information you hold and a “right to explanation” of how you’ll use it. You cannot charge for this service and must comply within 30 days.
  • Deleting Data Individuals have the right to “be forgotten” and have their information erased by you and any third party you’ve shared their data with.
  • Managing Data For some data types, you must appoint a data protection officer to ensure your organisation is, and remains, compliant. We’re happy to talk through what GDPR means for your business. Or for more information about GDPR compliance visit the ICO.

Are You GDPR Ready - Stay on Your Customers’ Subscriber Lists With the Help of the Ico

For more information about GDPR compliance visit