With May fast approaching there remains some doubt from certain business owners as to how exactly they should change operations in order to adhere to the new GDPR. There will be a number of important changes to the existing framework of data protection for individuals living within the EU, but as a business there are a few aspects that require important attention.

GDPR Impact on Email Marketing

One such area is the idea of explicit consent, and how it could change the way you operate certain marketing tactics, such as email marketing campaigns. For users of MailChimp for example you will no longer be able to rely on past consent when sending out marketing literature to a large number of people in one go.

Explicit Consent – The new GDPR ensures that explicit consent is required before you can send a marketing email to a contact. In the case of using a service like MailChimp this means that you can’t use an opt-in box that has been previously ticked by a contact in your list.

Clear Opt-In Message – On top of this, your new opt-in message has to state every single way that personal data will be collected and stored during the process. This is to ensure that individuals have the full picture of where data and information is being stored and how it might be used in future, before deciding whether to give explicit consent.

Potential Requests from Contacts – When it comes to using an email-marketing programme such as MailChimp you will now need to adhere to requests from contacts. You will have to gain agreement from a contact to transfer contact information into your MailChimp account, to store contact information, send them marketing emails, and track interaction for email marketing and advertising placements. All of these would be separate opt-in measures that you would require consent for from a contact.

Checklists for GDPR – One way to ensure that you are delivering on changes to GDRP is to put together a checklist that encompasses explicit consent for both individual contacts and businesses. This should include:

  • The method for opt-in from contacts
  • Offering clear methods of communication that are being consented to
  • Consent to offer data on to third parties
  • Clearly recording when and how data was collected

Further, more detailed checklists can be created and utilised to cover myriad aspects of data collection and storage, tweaked to suit your own business needs and covering anything from business-to-business contacts, voice recordings, live and automated marketing calls, as well as all text and email correspondence.


GDPR Impact on Data Storage

Email marketing campaigns and the like are just one worry when it comes to GDPR. What about the countless data and information that small businesses collect and store relating to employees, suppliers and customers? One example is for businesses that use a cloud service such as Dropbox, where you will now have to upgrade and solidify approaches to data collection and storage in order to adhere with the new GDPR.

Consent is paramount, as mentioned above, and if you use a cloud service like Dropbox, where is the data you have collected from contacts? You need to know exactly where that information is, but also, your contacts have to understand where their data is and how it is being stored.

One of the major changes with GDPR is that your employees, as well as customers and suppliers will have greater rights to revisit information that you have collected from them. When an individual requests information you hold on them, a company will have to deliver that information, with a clear control and protection of all personal information. These new stringent rules will ensure that data is secured in a way that protects both the individual that data has been collected and stored, and the business itself.

There is a lot to think about when it comes to GDPR as a small business. Understanding the data you have collected and still hold is vital. Where is it stored? How can you easily access it and provide it to individuals who request it? And is it as secure as it could possibly be? We’re all about to become more accountable for data storage and protection, so stay ahead of the game and make the necessary changes as soon as possible.

You can also join our Google+ Community “Startup in Britain” which is packed with help, resources and articles to get you started. Use it to get tips, advice and start building your network!

Back to Business Law