GDPR – The New Data Protection Legislation That You Need To Know About

GDPR – What You Need To Know

There is a lot of information circulating about the new GDPR legislation. This article aims to break things down accurately, so that you have a foundation to understand what it’s all about and how it relates to your business.  

What Is GDPR?

GDPR stands for General Data Protection Regulation.

It is a new piece of legislation approved by the EU parliament to protect people’s personal data that is collected and used by businesses.

If your business is in the EU or if you collect personal data of individuals that reside within the EU, then you need to become GDPR compliant by 25th May 2018.

How does GDPR affect your website?

What Are The Basics?

GDPR means the way businesses collect emails and personal information is changing to make sure it is clear exactly what people are signing up for. Businesses are required to become more transparent in exactly how they use their customer or lead information.

It also means the way that businesses process and store employee information is changing so that employee information is more secure.

Email Sign-Ups

When you collect email addresses for your mailing list, it is now best practice to be as clear as possible about what people are actually signing up for. To take things beyond question that you are bringing GDPR compliance into your business, the following would be a good example to follow:

Before GDPR, many businesses would offer a free quote, free sample or free gift such as an eBook, e-course or tutorial, asking people to give their email address in exchange.

Following this exchange, the business would continue to send the person emails for marketing purposes. People expected to receive just a free gift or quote, but would be sent extra emails they didn’t expect.

To follow the new GDPR guidelines, it is good practice to include a tick-box where possible for people to opt-in to receiving more emails from you. Make it as enticing as you can, but be sure to be clear that people are opting in to receive more emails from you by ticking the box.

If you use another company to store or send out emails, then these groups have to also be GDPR compliant.

I Already Have An Email List – Do I Need People To Sign Up Again?

If you do not have specific consent, then yes.

However, people on your current list may have what’s known as “legitimate interest” to receive emails from you, having signed up to your email list already, or from being a customer with you previously. Legitimate interest is important for GDPR compliance, but whether you have it or not can be debatable if your email sign-up was unclear.

“Showing consent” is also important for the GDPR. If someone has already signed up to your “weekly newsletter”, then you could argue that they have shown consent to be sent weekly emails from you. However, this is a grey area, and to be absolutely sure on what to do, you would need expert legal advice. To show consent going forward, a tick-box as mentioned above is the best bet.

Privacy Notice

Your privacy notice should be present on your business website, and available when people enter their email addresses or personal information. Your privacy notice should include as much information as possible about how you actually process and store people’s personal data, as well as information about the use of cookies on your website. For more information on privacy notices, you can look at the ICO’s privacy notice guidance here.

Are You An Employer?

If you employ other people, the GDPR affects how you store and process your employee’s personal data, and requires that you communicate this to your employees in a privacy notice. For more details on data processing for employees, this article can provide you with more detailed information.

Be Transparent And Take Care

GDPR’s theme is transparency and trust. People should know how their data is being stored and shared, and how it is being processed. If you become transparent with your audience and employees, and are sure to keep their data as private as you say you will, then you are well on your way to complying with the new regulations.

For more information on the GDPR, you can visit the GDPR website here.