GDPR – Are You Up to Speed?

The way we communicate has changed; advances in digital technology mean our personal data is captured every time we go online. According to The Economist, customer data comes second only to oil as the most valuable asset in the world.

Because of its value it is open to attack and misuse and alarmingly, as detailed in a report published by the Chartered Institute of Marketing, more than half (57%) of consumers don’t trust brands to use their data responsibly.

So how can you stay safe as a consumer, and what does the new General Data Protection Regulation (GDPR) mean for your business? Let us give you a quick overview of what’s happening…

On 25th May 2018 the new regulation will come into force and every business that collects or handles customer data, regardless of its size or stature, will have to comply.

It might seem a long way off, but the ICO recommends that you start planning now rather than making changes at the last minute which could leave you and your business at risk of breaching regulation.

What should you do?

To keep it simple, we’ve listed a few steps which will help you avoid being landed with a hefty fine for failing to comply:

  • Offer an ‘opt in’ to your communications
  • Give people the option to opt out
  • Create a privacy policy for your website
  • Review your internal processes
  • Install an SSL certificate on your website

Provide an ‘opt in’ function for your communications

Quite simply, you need to change the way you collect personal data. So, whether you’re taking a business card at a networking event, asking people to sign up to a newsletter on your website, or using data collected over many years, you’ll now need to ask all of those people to ‘opt in’ to receive marketing communications from you. You must also ensure you’re now keeping a record of these permissions too.

Give people the option to opt out

People on your mailing list must be able to remove themselves at any point should they wish to. A simple way of doing this is to add an unsubscribe link to your email communications, but you must act on replies to email communications promptly and remove people immediately.

You’re no longer able to automatically opt people in to receive communications, so do not tick the box for them!

Data focus – only collect the data you need

This part of the new regulation is relatively straightforward in that you only collect the data you need for your business and for the marketing you’ll be doing. So, if you don’t sell clothes, don’t ask for their dress or shoe size. Keep it simple!

Privacy policy

This policy should cover everything from what you’re collecting the data for, to what data you’ll ask for and who you’ll share it with. It will detail how customers can remove themselves from your database and what you’ll use their information for.

Review your internal processes

Sorry, but it’s going to be a bit of a pain to manage if you don’t understand the customer touch points or how and why you collect and store the data. Start looking at this now: understand what needs to happen and by when and then make sure that as a business you can make it happen. Remember: failure to comply can result in a hefty fine.

Give your customers confidence that their data is secure

Your website host or provider can help secure your site by installing an SSL certificate. It’s simple to do and your website will display a padlock or green bar in the browser once it’s complete, giving visitors confidence that their data is secure.


It may seem overwhelming, but this new regulation shouldn’t be cause for alarm. It can in fact create opportunities for your marketing teams, including:

  • getting all your data in shape
  • opportunities to market more specifically to your customers if they opt in
  • being sure they want to hear from you!

What you should do next…

The ICO recommends 12 steps businesses should take immediately. Look at this as an opportunity to start afresh and be confident in the data you hold.