On May 25th, 2019, the General Data Protection Regulation (GDPR) came into effect and represented one of the biggest changes to data law in recent memory.
As you’d expect, it also caused lots of confusion, panic and an undue amount of worry on behalf of businesses.
Like any big change, however, the devil is in the detail, and providing you know what your obligations are under the GDPR and proactively stick to them, you’ll be just fine.
3 GDPR essentials
The GDPR is a weighty piece of regulation, but you don’t need to read every page to understand what you need to do when it comes to protecting your customers’ data.
Before we provide the best GDPR checklist for your business, there are three elements of the GDPR which require the lion’s share of your attention.
1. Marketing opt-ins
This is where it all starts. When someone enters your mailing list or any other database where you’re storing their personal data, they need to have given you explicit consent - no shortcuts, confusing small print or tricks.
2. Storage of data
What are you storing? Why are you storing it? Is it easily accessible when a request for access arrives from an individual? It’s vital you have full visibility of the data you’re storing and make it clear what you intend to do with it.
3. Unsubscribe links
Losing email subscribers is never nice, but if they want to leave, you need to make it ultra-easy for them to do so. The ability to opt out of your database is equally as important as the transparency you offer when people opt in.
Your GDPR checklist
Re-opt-in for existing databases - Create a landing page for the campaign featuring an opt-in form (use checklist below to create this form) - Send the email campaign to existing contacts pointing to your new landing page - Explain that you require their consent to continue sending them your updates and marketing messages - Provide a clear way to unsubscribe if they wish
Storage and usage of data - Make sure all data is held securely on servers which sit behind firewalls and offer strict user access (be they on-site or in the cloud) - Document who has access to the server and the access requirements - Create a list of all types of personal information you store - Create a list of who you share data with (if applicable) - Write precise definitions of what you do with the data - Provide clear notices on how long you keep the data - Ensure data is quickly accessible by authorised personnel in the event of a data request from its owner
Unsubscribe links - Add clear unsubscribe links to all email campaigns - Use ultra-clear language (i.e. “Unsubscribe from our emails by clicking here”) - Offer ability to unsubscribe from particular lists (if applicable) or all in one go - Make sure unsubscribing is a one-click affair