So, I promised to blog about how I’m going to go about becoming compliant with GDPR.
Here’s what I’ve been up to in the past few weeks.
I attended a really useful seminar run by Circle 2 Success, which helped to crystallise my thinking.
I’ve run through the 12 steps to take now outlined by the Information Commissioner’s Office and made notes and an action list.
As a small and relatively straightforward business, I think I’m getting off relatively lightly – I can see that compliance will be a massive issue for many organisations. Having said that, it is generating a lot of work and my advice to anyone who hasn’t started thinking about it yet is that you really ought to!
The most important area for me to concentrate on is marketing. GDPR means that people will have to positively opt-in to receive marketing material. It also requires businesses to prove that they have this positive consent to market to people.
I need to do two things to ensure I’m compliant with this aspect of GDPR. They’ve both been technical challenges for me more than anything else and I’ve had sleepless nights trying to work out what best to do. However, I’m there now.
The first thing I needed to do was alter the way the ‘lead magnet’ on my website works. Before, when people signed up to the ‘Improve your marketing results in just 5 days’ email course, they’ve automatically been added to my mailing list. When GDPR kicks in, this will no longer be allowed – people need to be able to choose whether they join my mailing list when they sign up to the course. I’ve now implemented this choice.
The second thing is that I don’t have the positive opt-in evidence for most of the people on my mailing list, so I need to start the process of gaining positive consent. I need to do this before the 25 May deadline because to contact people after this date without their explicit permission to do so in the form of a positive opt-in will no longer be allowed.
On 1 February, 1 March and 1 April, everyone who is on my mailing list to receive The Pips will receive an email asking them if they’d like to carry on receiving The Pips and to sign up if they do. I’ve created a form on my website where they can do this. (I’ll remove anyone who has signed up in the intervening periods so they won’t be bombarded.) I’ll then have definitive proof that they have signed up. I’m sending the emails the day after The Pips goes out, so my hope is that I will be relatively ‘top-of-mind’. If you like, you can read the email here.
I know many people are concerned that the process of gaining positive opt-in will mean many lists will shrink dramatically and I think that is undoubtedly the case. But it seems to me that it’s better to have a small list that is actively engaged with you and your business than a massive list of people who couldn’t care less.
The next step for me is to write clear privacy policies that are available on my website and will be available in any email I send. The guidance is that they should be simple enough for a child to understand.
I’ll keep you posted!
If you liked this, subscribe to my newsletter and get my latest blogs delivered to your inbox once a month.