How To Ensure Your Company's Marketing Activities Are GDPR-Compliant

The European Union's General Data Protection Regulation (GDPR) came into force on 25th May 2018 and affects both individuals and businesses within the UK. The framework was designed with the aim of enabling European citizens to control how organisations collect, store and use their personal data – and companies falling foul of the rules can be forced to pay large fines.

The criteria laid out within the GDPR are particularly relevant for businesses carrying out inbound marketing activities. Let's take a closer look at some of the requirements you need to meet.

GDPR – The Basics

Anyone who handles an EU citizens' personal data is required to comply with the GDPR: according to the regulation, that includes anyone classed as a 'data controller' (an entity who determines why and how personal data should be processed) or a 'data processor' (an entity who processes personal data on a controller's behalf).

While these definitions may be confusing, in practice, if you're collecting, storing and using information such as people's names, addresses, telephone numbers or even their IP addresses, you need to abide by the rules. If you're controlling or processing 'special category data', such as information about people's health, race, religion, sexual orientation or political affiliations, you'll be subject to even tighter controls.

What More Do You Need To Know About It?

The framework contains a host of regulations and these can be tricky to interpret, so to ensure that your company is compliant, it's important to take legal advice. However, here are a few of the things that you'll need to consider:

• Is your mailing list compliant? - In order to comply with GDPR, you can only contact people who have clearly and voluntarily expressed their consent. Even contacting your customers to ask for consent retrospectively is a breach of the regulations. If you haven't actively sought their consent and gained it in advance, you'll need to remove their details from your lists. You can't use pre-ticked opt-in boxes on your literature or contact forms either.
• Do you ask for too much personal information? - You can only process personal data for specific purposes, such as to fulfil legal or statutory obligations, or in order to deliver a contractual service to someone. These purposes are listed in the GDPR. This means that you can't simply collect personal data because it may be useful in the future or because other companies ask for it on their online forms. Therefore, you'll need to work out what data you actually need, check that you're allowed to process it, and ensure that you aren't asking for any other information.
• Are you providing people with adequate information? - You must inform individuals that you're collecting their data at the point of collection (for example, when they're about to enter your website or complete an enquiry form). You also need to provide them with additional details, such as why you're processing it, which lawful basis allows you to process it, how long you'll store it for and who you'll share it with. This also means that your cookie policy needs to be compliant, and people must be able to actively accept or block cookies when visiting your site.

Seek Professional Help

If the thought of planning GDPR-compliant marketing activities concerns you, seek expert assistance. JDR can help you to create and implement inbound marketing strategies which comply with the GDPR and other data protection regulations. To discuss your concerns in detail, please call 01332 343281.

Image source: Pixabay