Throughout the last few weeks, I’ve received a huge number of questions regarding GDPR and what it will mean for brands and retailers throughout the UK.
The first thing to do is not panic! Any initial non-compliance will not lead to huge fines, or EU agents waiting on your office doorstep on Monday morning. The guidelines are in place to help companies adhere to the legislation.
General Data Protection Regulation is now in UK law as part of the Data Protection Act 2018. It governs individuals’ data rights, including the way companies handle, collect, store and use data, and the compensation an individual can claim for any misuse.
So, how does all this affect the cycling trade? Regardless of company or mailing list size, all brands must now go through due diligence and ask recipients if they are happy to continue hearing from them. Rather than seeing this as a chore – as many seemingly are – you should see this as a positive opportunity to clean your data and reconnect with the customers on your contact list.
Clarity is the key. In all communications to customers across all platforms, you must now get permission to communicate with customers. “Opt-out” to not receive future communications is no longer an option. You must ask your customers to “Opt-in” – positive consent is what you are looking for!
Typical questions now appearing on communications include “Do you still want to hear from us?” or “Are you still happy hearing from us” followed by a call to action that illustrates clear consent.
You must be clear in your messaging and language: openly ask your customer base if they still wish to receive news and offers to you. As long as you make the news interesting and varied – and your offers great – they will stay connected.
It’s fair to assume your database will drop initially, but it’s key not to panic. Keep your communications interesting and it will grow back. As someone who receives a large number of regular communications from varied companies, I have used the GDPR deadline as an opportunity to remove myself from many ‘lists’ and have chosen to stay connected with a group of core companies that I am truly interested in.
The new guidelines are fairly simple – ensure the information and data you are supplying is as accurate as possible, and update it as often as is appropriate. Maintain data only for as long as you need to, and make sure you have all the necessary security measures in place to store data. If you are sensible and follow the guidelines to the best of your ability, you will be complying with GDPR’s “integrity and confidentiality” principle.
While the above seems fairly generic, the guidelines have to be, as companies collect and use data for a number of different reasons. As long as you are clear in what you are doing and what you want to achieve from your communications, and can accurately and openly convey this message to the recipient, you will not fall foul of the new legislation.