How will GDPR affect your business online?
Whether you own or work for a business or not, the GDPR will have massive implications on your everyday life. Gone are the days of fine print and ‘opting-out’. There’s likely to be a significant decrease in cold-calling and spam emails, so we can all look forward to a less invasive future. However, it’s not all sunshine and flowers. Although there are huge benefits to these new regulations, small businesses are being forced to rethink their marketing strategies and draw up shiny new privacy policies. To make life a little easier, we pulled together a list of ways your online business needs to consider how it approaches clients from 25th May. And if you’re simply a customer of an online business, you can learn what to expect from now.
Signing up for an account
If your website allows users to create an account, don’t ask for more information than you actually require. It’s much easier to be compliant if you don’t have masses of data in the first place. Make sure you have a dedicated person in charge of any store data for user accounts, who can access records at any given point. You should also include separate opt-in check-boxes for any other ways you might be using the user’s data. For example, if you want to send them marketing emails or notifications about anything not directly related to their account (or order if you’re an e-commerce site), you could be breaching the regulations.
This leads us on to one of the most problematic parts of GDPR for online companies. Email marketing – the cold calling of the digital era – can make up a huge chunk of a company’s marketing budget. You don’t have to completely give up on email, which can be a great tool, but you have to be much more wary about how you proceed. Many businesses are currently in the process of sending out emails to the entirety of their database to opt back into being contacted. This is one way to go about it, but you’ll have to be quick and get it done before the 25th. Alternatively, you may need to delete your entire database and start again. This may seem like a huge inconvenience but it’s better to be safe than sorry.
Whether you’re adding a new form to your site or you’ve already got an existing one, it’s time to add a checkbox. Checkboxes are your new best friend when it comes to GDPR compliance. However, don’t take inspiration from previous tick boxes you’ve seen on websites. There are new rules. Firstly, you can’t display the check box as pre-ticked, users have to do this themselves. Secondly, the statement next to the check box must be straightforward and clear – no hidden meanings or ambiguous phrases. For example, if you’re asking to store a user’s data to send them information about discounts and sales on your store, you must ask them to give permission for this reason. And of course, you must actually use their data for this reason only).
Using a database
You must spend time going through your database (if it is one that stores personal data) and ensure that you have explicit permission from each person on there to carry on storing their data. You must also get permission for any activities you will be carrying out with the data. As we mentioned in the email marketing section, it is probably safer to delete your database and start again. However, this won’t be necessary if your customers benefit from your storing and using of their data e.g. if they have an account with your website or they are a client. When it comes to clients and regular customers, a simple email to remind them of their rights and how you are using/storing their data should suffice (you must still get their explicit permission, however).
Extra ways to be #GDPRCompliant (yes, it’s got a hashtag)
- Make sure your website uses HTTPS encryption (get in touch with us today for help)
- Ensure you have a procedure put in place for any possible data breaches. Customers/users should be notified within 24 hours regardless of finding a solution or not
- Consider encrypting your databases with pseudonyms (read more about that here)