Five years since GDPR came into force, and every week clients still ask us whether something they are doing is GDPR compliant. This wacky little law started in April 2016 and businesses are still unclear as to what it means, so here we go – the quick and dirty guide to GDPR.
What it is
It is a law that tells us how we use and save our customers’ data.
What it says
- You have to be honest and transparent about how you collect and use client data.
- You can only use it for the purpose it was collected for – nothing more.
- You can only ask for the data you need – nothing more. If you don’t need their phone number, don’t ask for it.
- You have to take steps to keep that data up to date.
- You cannot store the data for longer than you need it.
- You have to keep the data safe and secure.
- You have to take responsibility for what you do with the personal data – this is known as the Accountability clause.
What it means
So you have customers’ emails. Maybe they got in touch through your contact form; maybe they attended a training course; maybe you found an old client list in an archived file – so can you market to them? No, you cannot add them to your newsletter list unless they asked you to.
You have to tell people how you’ll use their data when you collect it, so unless you told them you would be marketing to them before they gave you their data, then you cannot market to them. You need to contact them and ask if they want to be marketed to before you can email, call, or text them.
I know this is frustrating. I know that it is hard to accept after years of being able to buy data off eBay (yup, we’ve been marketing for that long, we even used to offer fax marketing!). But the long and short of it is, tough luck. You need to tell people you are going to add them to their newsletter list before you do it. That’s the law.
I really hope that helps, but if you are still confused then don’t hesitate to get in touch and we will help you out if we can.