GDPR – Are you ready? and how will it impact your business?
We need to make an apology.
We try to make our marketing material fun and colourful. We try to keep you excited about the ways you can grow your business. But, for this article, we need to be serious.
The law is changing.
It affects our business. And it affects your business. It’s not just for big corporations either. We all need to prepare. We want to help you make the changes you’ll need to make.
We’ll do our best to be as clear as we can. But this stuff might give you a sore head. It’s certainly hurt ours.
Read on and let’s get started. There’s no time to lose.
What’s this fuss about?
If your business uses email marketing, sends direct mail or makes sales calls, the law is changing what you can and can’t do. Some things you might do today will no longer be allowed.
From 25th May 2018, General Data Protection Regulations – or GDPR – come into force. You’ll hear about this a lot. Because it’s kind of a big deal.
It’s tempting to think “I’ll deal with it in May”.
But there’s some easy things you should do right now, which mean you won’t run into trouble later.
The new GDPR law is complex and extensive. It goes well beyond what we can fit on this page. However, we’ve put together some practical advice on things to help you start to comply.
The re-assuring news is that our team of experts here at Nettl can help with all aspects of GDPR compliance. We have partnered with IT experts who have the knowledge to help you with the GDPR regulations as well as Cyber Security compliance and accreditation.
What data are you collecting about me?
You might be thinking, “I’m not collecting any data”.
However, if you use any tracking tools on your website, like Google Analytics, then yes. Yes, you are.
People have the right to know what personal information you’re storing about them. And what you might do with that data. The law applies to data which could be traced back to an individual. That even includes things like their computer’s IP address.
But did you let them say no?
You need to explicitly ask permission to send someone email marketing. They must opt in.
Start getting consent now. Don’t wait for the deadline.
On your website contact forms, registration forms or check out pages, we can add tick boxes if you don’t have them. Or if you have pre-ticked boxes, we can re-programme the default setting.
But when did they say it was ok?
So we know we have to ask people to opt-in – Is that enough?
No. There’s more.
You need to record when they gave you permission. And you need to log exactly what they were shown when they opted in.
If you get an email notification when someone registers or checks out, that may be enough to comply. Provided you store the email securely and it clearly shows what the tick box said.
If you’d like to manage consent better, ask us about adding a customer database to your website.
What about my existing customers?
Well here’s the thing.
GDPR says, if there’s another law that conflicts with it, you should pay attention to that law instead.
When it comes to email and telephone marketing, PECR legislation takes priority.
The good news is, PECR allows a thing called ‘soft opt-in’.
PECR says, if you got someone’s email address when they bought something, or negotiated to buy from you, then it’s ok to send marketing about the same kind of thing they were interested in. Nice.
The bad news is, PECR is being replaced. New stricter ePrivacy law is being debated in parliament. Nobody knows whether soft opt-in will be allowed. So it makes sense to get explicit opt-in when you can.
Will you just leave me alone?!
People have the right to tell you to stop marketing to them. And you must make it easy for them to opt-out of receiving future marketing.
From today, make sure marketing emails tell people how to unsubscribe. That could be saying ‘reply with “unsubscribe” in the subject’. Or make it smarter, with a link to click.
On printed mailers, tell people what to do to stop receiving mailers. Perhaps a number to call, an address to email or a link to visit. Don’t wait until May to do this – make sure your mailers comply when you next reorder.
The second – and most important – part, is keeping a ‘do not contact’ list. Once someone has opted out, it’s critical you stop sending stuff. Or face stiff fines from the regulator.
Ask about building an Opt-out landing page for you.
Can I call you, maybe?
Have you heard of the Telephone Preference Service? It’s also known as the TPS.
It’s been around for years. It’s where you register to stop getting sales calls.
If you make a sales call to someone who’s on the TPS list, you’re breaking the law. And you’re liable to a fine. It used to be Ofcom who punished businesses. Now it’s the ICO. And they’re much stricter.
PECR says you don’t need explicit consent to make a sales call. Great. But you do need to check the TPS list before you call.
Oh, and there’s also the CTPS – the corporate version, if you call businesses.
But is your website secure though?
You know the little padlock symbol you see in your browser bar? That shows whether a website is secure. (we have one).
It technically means the website has an SSL certificate. (If you’re wondering, SSL stands for Secure Sockets Layer. Bet you’re glad you asked.)
If you’re storing any personal data on your website, you absolutely must have an SSL certificate. This encrypts transmission of the data.
In October 2017, Google implemented the second part of its plan to label any sites without an SSL certificate as non-secure. So even if your site only has a contact form, unless it has an SSL certificate, your visitors might get a nasty warning. That will probably freak some people out, so it’s best to take action today.
But what about things that I mail?
The new GDPR legislation has admirable aims – to protect your personal data and to prosecute rogue organisations who misuse it.
But it does make life more difficult for honest businesses who just want to win more clients. So far this sounds like a lot of faff, doesn’t it?
Quick recap: you need explicit opt-in to email someone (or rely on the ‘soft opt-in’ exemption, while it’s still allowed). And you need to check a number isn’t on the Telephone Preference Service list before you call it.
There is one glimmer of good news. You don’t need explicit consent to send a mailer, letter, brochure or catalogue. Provided you make it clear how they stop getting future mailings, and the content is relevant, sending direct mail is allowed under the ‘legitimate interests’ of your business.
Nobody sends direct mail any more…
The incredible thing about direct mail is, it’s turned full circle. We all get less post than we used to.
Yet, research shows that it gets a better response than ever. A study by MarketReach revealed some startling insights… 87% of people said they were influenced to make an online purchase as a result of receiving direct mail. And four out of five folk said they’d connected with a business after getting direct mail.
Did you know the average mailer hangs around the home for 17 days? And 29% of people said they’re shared with someone else? 72% of people get less than three pieces of mail a day. Yet 70% agreed they get too many emails.
Is it time to look again at direct mail?
Is all direct mail equal? Does it all get the same response? Absolutely not.
So. What makes people more likely to respond? There are a few techniques and tricks you can use to your benefit. The first is to take advantage of ‘lumpy mail’.
What’s that? Picture it. You get an envelope. It’s lumpy. There’s something inside. Could you resist opening it? No, of course not. Adding a gift or something lumpy adds intrigue. Try a pen, or a promo gift with your logo, for them to keep.
Or, go one better. Turn ‘lumpy’ into a ‘thud’. Make your piece too big to ignore. Send a thick folder. Or a printed box. Make people have to sign for it. If you’re selling something of higher value, investing a few quid per piece might significantly increase your conversion rate.
Where should I start?
There’s lots to take in. We know.
A common misconception is that GDPR only applies to personal data. And that somehow businesses aren’t covered. Even if you sell B2B, GDPR applies to you. Even if you only email corporate addresses, the law still applies.
You might be thinking, is this just going to be like the hoo-hah when the cookie law was introduced? Will this be a song and dance about nothing? Well, if the fines the ICO has issued so far are anything to go by, no. This time, they’re taking it seriously.
Let’s work out how we can help you.
Book your FREE 45 minute consultation now
Nettl® of Macclesfield is a trading style of Fuscia Limited. 6 Jacksons Close, Kerridge, Macclesfield, Cheshire SK10 5GF. Registered in England and Wales under number: 04814636 VAT Registration No: GB 764 5390 08
Nettl® is operated by Grafenia Operations Ltd, a division of Grafenia plc. Registered in England and Wales under number: 03983312 Third Avenue, The Village, Trafford Park, Manchester M17 1FG