This week I attended a workshop on GDPR, and guess what? It’s not nearly as scary as I thought. If you also run a small business, I’m happy to share the main points with you. I had some specific questions for GDPR expert Karen Heaton of dpo4business which may be relevant to you too.
Q I know I am compliant now, as for the past 18 months or so I have always asked people to opt in to my newsletters. Previously, I wrote to my clients and contacts asking them if they would like to receive it. I said that if I didn’t hear from them, I would add them to my database (pointing out the Unsubscribe link).
I have a high open- and click-rate, very few people unsubscribe and I get some lovely emails so I know people enjoy receiving it. Do I have to ask these people to re-subscribe?
A No, as long as you have an unsubscribe option.
(This answer surprised me, as I’ve heard from other sources that everyone has to start their lists again from scratch with fresh opt-ins).
Q I have been manually removing subscribers from my list who don’t seem very interested in hearing from me (for example, they might have only opened 30% of the emails I have sent them). Am I safe to leave the remainder, who read and click through to my articles, on my list?
Q What would happen if I didn’t do anything? I don’t think any of my readers would report me; I know most of them personally.
A As long as you have told them how you use their data when they first signed up and have given them unsubscribe options then they can exercise their data protection rights, so in theory they have no clear reason for any further action.
Q I’ve heard that I have to do a data inventory. What is that?
A Do a risk assessment. Make a note of the following:
1 Who is your customer?
2 How did you get their data?
3 Where do you keep their data?
4 What do you do with their data?
5 Do you share their data?
6 What controls do you have in place should the data be lost or stolen?
Q I’m sure I will still get lots of annoying spam after 25 May. What can I do about that?
A The Direct Marketing association has some other useful information.
The Information Commissioner’s Office (ICO) recommends 12 steps you should take now to ensure you are compliant. Good luck with this!