It’s coming! The GDPR has been finalised and is set to come into force in Q1 2018.
We won’t be able to cover all of the rules and regulations in this newsletter but if you want more information just give us a call. There is a risk of huge fines if you don’t comply so it is a good idea to start equipping yourself with the knowledge you need now.
Companies will need to obtain explicit consent for any direct marketing, consumers will have the right to be forgotten and you’ll need to ensure you use clear language to avoid any dubiousness.
The law states that consent must be explicit, specified and informed. You need to ensure that you are only collecting the data you need and that you are being very clear about what data ayou are collecting and how you are using it. You should give the customer options so that they can choose the type of messaging they want to receive. Give them the option to complete a purchase anonymously. Clearly you will still need certain data in order to deliver the purchase but allow them to choose whether they create an account with you or not but be clear about how you are using this data. If the customer chooses to check out anonymously then you should only use the data in relation to this one purchase. We would recommend thinking about your current offering and operations so you can outline what data you need to collect and what data you would like to collect and then think about how you would use it in the future. Start asking your customers now what data they are happy for you to collect and use in the future.
Individuals now have the right to be forgotten. This means that if they choose this option then you would need to either delete or anonymise their personal information. The law states that the data can only be used for a reasonable amount of time. This is open to interpretation but you should be able to demonstrate clearly what this length of time is and why it is relevant. Think about your offering and how long a customers information should be kept. For example if you are providing a 10 year guarantee on products then it is reasonable that you can keep that information for up to 10 years. If a customer is engaged in a loyalty programme that has set time periods e.g. you are on particular tier for a set period of time then you should keep the information for that period. To ensure you can keep using your customers data you should ask individuals to update their preferences periodically. Remember be clear on why you need the data and how it will be used. You shouldn’t be afraid to delete inactive, out of date or invalid data. All it is actually doing is skewing your reporting. By deleting this data you will get a true picture of your engaged customer base. Give inactive customers two chances to re-engage with you and then let them know that if you haven’t heard back from them in this time period then you will delete their data from your systems. This shows that you respect the individuals and their preferences to remain outside of your network.
The law states that use shouldn’t be excessive in relation to the reason data was originally given. This means that if your customer only gave consent to use their data for their order then the data should be removed after the order is complete and passed its returns or cancellation dates. If you want to use customer data for marketing or profiling you need to ask. This is the most important thing to remember, ask your customers if they are happy for you to use their data and let them know what the benefits to them are. Make sure you are storing customers consent in an easily accessible format.
The law also applies to B2B customers in the same way as it does to consumers. It will be much harder to buy third party lists for marketing use as it will have been difficult for a customer to explicitly consent for their information to be used by multiple, unknown companies for marketing purposes.
Companies will have 2 years to comply with the new regulations and this isn’t as long as it seems.
An Action Plan
- Audit your data collection and storage practices
- Outline what data you currently hold on your customers and prospects and how much of it is used and how often
- Outline what data you need to hold and what data you would like to hold
- Hold an internal briefing session so that everyone who could connect with your customers either face to face, over the phone, digitally or through marketing is aware of the new regulations
- Confirm how you are going to use personal data now and in the future
- Confirm what a reasonable length of time is for your company to use and store data
- Send communications to all your contacts asking them to explicitly opt in
- Prepare to delete inactive, out of date or invalid data at the end of the 2 year compliance period. If you still want to keep a history then anonymise the data and transform it into charts or reports
- Prepare to be able to offer customers the ability to remain anonymous
- Prepare to be able to offer customers the right to be forgotten