Everyone is talking about GDPR. There's a growing sense of panic as the 25 May 2018 deadline approaches. Clients are contacting us about their privacy policies and lawyers are busier than ever, advising on compliance with the new legislation.
The point of the GDPR is being honest and transparent about what you are going to do with data you collect, including how you store it and what you intend to use it for.
We've audited our procedures and made a few changes, but, because we are an inbound marketing agency who practice what we preach, we've found that, on the whole, we were complying with the general ethos of the regulations already. If you're concerned, the ICO has all the information you need about the GDPR.
Consent is Key to GDPR Compliance
The simple reason that we have few changes to put in place is GDPR consent. If you've read any of our blog posts in the past, I'm sure you'll remember reading about permission based marketing being at the heart of inbound. That means that, instead of interrupting people with information they didn't ask for, on the off chance that it might be relevant and timely, you make your information easily available so that they find it when they are looking for it. And you make it so useful that they ask for more!
Inbound marketing is about understanding who your ideal customers are and providing all the information they need for every stage of their journey from first becoming aware of you to making an enquiry about becoming a customer. Depending on the sector you work in, this can take minutes, days or months, and so the more you understand how your customers make decisions the better the information you provide will match what they need. And if it does, the more likely it is that they will ask you to keep in touch i.e. give you consent.
What Needs To Stop
The type of practices that companies need to change are harvesting email addresses from websites, copying email addresses from other sources into your database or adding everyone who gives you a business card onto your newsletter list. There is no legal basis for holding this data - the individuals concerned are not your customers and they have not given you their consent to process their data. If you're buying in third party mailing lists, then double check that the people on the lists knew that their data was going to be sold to third parties. If you want to email your prospects, give them a reason to ask you to add them to your mailing list. It's really just common sense and common decency.
It's Not About Email
GDPR doesn't actually cover who you can and can't send emails to - that is covered by the PECR (e-privacy laws) which have been in force for a few years. According to the ICO, you must not send electronic mail marketing to individuals, unless they have specifically consented to it or they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past. You must also provide an unsubscribe option every time you contact them. These laws have existed since 2002 and you should already be complying with them. They only apply to private individuals and not companies, although you do have to be careful as there are grey areas. We take the view that it is best practice to use the same guidance for all communications to all recipients.
What We've Changed
We've tightened up how long we hold data for - because we use HubSpot as our inbound marketing platform, we are able to tell when a contact last visited our website or opened an email. If a contact has not engaged with us in either of those ways in the last 6 months, a task is automatically set up reminding us to delete their data.
We've also made it clearer to people who request information from us that we might follow up with related information. They have always given consent to receive information from us, but we wanted to make sure they knew that we might send them additional, relevant information as well.
Ultimately, the power is shifting to individuals who have more control over their personal data and more choice regarding what is done with it. We welcome the new regulations as they are totally in line with our beliefs about marketing and communications. Inbound marketing also lets website visitors choose and it makes website owners work harder to make their content useful and engaging enough to inspire further actions. We think that is a healthy approach and we'd be happy to talk it over with you.