There’s a fair bit of confusion about GDPR, and rightly so – anything so wrapped up in legalese is bound to be difficult to grasp. Well, fear not, intrepid business owner – here’s Arch Creative’s breakdown of what you need to know about the four letters you’re probably sick of hearing by now.
Here are some of the main points about GDPR
These six key principles of GDPR which you can refer to if you’re unsure about how it works.
2. Ensuring the data collected is only used for the purpose detailed at the time of collection – so if you say you’ll be using the info purely for email marketing, you can’t send them direct mail.
3. Limiting the data collection to what is necessary – i.e. if you don’t need a home address, don’t ask for one.
4. Ensuring the data is accurate – speaks for itself.
5. Storing data only as long as necessary – this is tricky to navigate. One method of avoiding any penalties for this is an annual check-in in the form of an email which goes out to your database and reaffirms their consent.
6. Prevention against unauthorised use or accidental loss of data through security measures – have some measures in place to ensure you don’t misuse data. Internal policy, written into contracts is good practice for this.
Does the individual affirmatively consent to data collection? For example – did they fill in a contact form with clear indications as to what the data would be used for?
A key thing to remember here is that your customers or users need to actively consent – no pre-ticked boxes.
Can you demonstrate how you’re implementing GDPR?
As long as you’ve got records of doing something to ensure you’re compliant (an e-shot campaign list, for example), you’ve got evidence of how you’re implementing GDPR. Good for you!
Most methods of data collection will already be compliant with GDPR. However, it’s best practice to use the following “3-Strike” method to make sure you’re up to scratch.
If anyone still hasn’t responded, or they’ve responded saying they don’t want to be involved – then you’ll need to remove them from your database. Simple.
GDPR is easy to get your head around and understand. It’s just wrapped up in legalise, so seems daunting. If you’re struggling to get started on GDPR, give us a call for some advice, or for us to create and implement your GDPR E-Shot.