The law is changing…

It affects our business. And it affects your business. It’s not just for big corporations either. We all need to prepare. We want to help you make the changes you’ll need to make. We’ll do our best to be as clear as we can. If your business uses email marketing, sends direct mail or makes sales calls, the law is changing what you can and can’t do. Some things you might do today will no longer be allowed.

From 25th May 2018, General Data Protection Regulations – or GDPR – come into force. You’ll hear about this a lot. Because it’s kind of a big deal. It’s tempting to think “I’ll deal with it in May”. But there’s some easy things you should do right now, which mean you won’t run into trouble later. The new GDPR law is complex and extensive. It goes well beyond what we can fit in this guide. However, we’ve put together some practical advice on things to help you start to comply.

What data are you collecting?

If you use any tracking tools on your website, like Google Analytics – that counts. People have the right to know what personal information you’re storing about them. And what you might do with that data. The law applies to data which could be traced back to an individual. That even includes things like their computer’s IP address. If your site doesn’t have a Privacy Policy, it needs one to comply. It needs to tell people what you’re going to do. We can provide a template. Edit it for your business and remove the bits that don’t apply.

Who has provided this data?

You need to explicitly ask permission to send someone email marketing. They must opt in. It’s not ok to assume you have permission. It’s not ok to hide it in your privacy policy. And it’s not ok to pre-tick a box which people have to un-tick. Those things might have been allowed in the past, but not any more. On your website contact forms, registration forms or check out pages, we can add tick boxes if you don’t have them. Or if you have pre-ticked boxes, we can re-programme the default setting.

You need to record when they gave you permission. And you need to log exactly what they were shown when they opted in. If you get an email notification when someone registers or checks out, that may be enough to comply. Provided you store the email securely and it clearly shows what the tick box said.

From today, make sure marketing emails tell people how to unsubscribe. That could be saying ‘reply with “unsubscribe” in the subject’. Or make it smarter, with a link to click.

How secure is this data?

If you’re storing any personal data on your website, you absolutely must have an SSL certificate. This encrypts transmission of the data. In October 2017, Google implemented the second part of its plan to label any sites without an SSL certificate as non-secure. So even if your site only has a contact form, unless it has an SSL certificate, your visitors might get a nasty warning. That will probably freak some people out, so it’s best to take action today.

Here are some useful sites:

Information Commissioner’s Office:
These are the folks upholding the law and issuing fines. Download extensive guides and read their latest guidance.

Direct Mail Association:
Not to be confused with the Daily Mail. An industry body which helps marketers navigate the new laws.

Some interesting statistics and surveys which support the power of direct mail.