Everyone’s talking about GDPR, but what does it actually mean? Let’s start with the need-to-knows:

What is GDPR? GDPR stands for General Data Protection Regulation. It is an EU law that will affect anyone who handles EU citizens’ “personal data”.

What’s changing? There will be strict rules to follow, and tough penalties for businesses that don’t comply.

When is it changing? GDPR will come into effect on the 25th May 2018.

Will it affect me? Almost certainly – especially if you run a business. We all store and process data in many different ways, such as names, addresses and bank details of customers. If you’re based in the UK, much of this is likely to belong to EU citizens.

Will Brexit affect GDPR in the UK? Unfortunately, Brexit isn’t a get-out clause. The UK will still be a full member state of the EU in May 2018. It’s unlikely that much will change anyway, as UK businesses that handle data about EU citizens will still be bound by the GDPR.

What do these changes mean for your business?

There are steps you will need to take to ensure you are GDPR compliant. As a small business, the impact will be less extreme than for large corporations, but we all need to ensure we are on the right side of this new law.

In short, this is what you will need to do to be GDPR compliant:

You need to get your customers to opt in to receive any marketing information from you going forward. Previous consent is not enough.
If you share email lists with third parties, you need users to opt in to receive them and tell them exactly who you share the data with who may contact them.
Look at your methods for obtaining data. Was it gathered with explicit consent?
Know what data you use and store. A key part of the GDPR is not holding on to data for longer than necessary.
Move to digital data and get rid of the paper trail. Customer personal data needs to be kept in a secure place, in electronic format and be accessible to those in a company responsible for managing it.
Update the way you gather data in future, making sure you have explicit consent to store and process it. And keep a note of when and how it was captured- you may need to refer back to this in future.
If a customer, former customer or prospect demands you make changes to the personal data you hold for them, including their rights to contact or indeed to be forgotten – this must be actioned.

There are serious penalties for businesses that don’t follow the rules. They are much tougher than those under the current Data Protection Act. You could face:

Fines of up to €20million or 4% of Global Annual Turnover (whichever is highest)
Prosecutions for deliberate breaches
“Obligatory undertakings “– these would be specific steps your business has to take to improve compliance

The Information Commissioner’s Office have produced an extensive guide to GDPR with some handy checklists.

This sounds like hard work – what’s in it for you?

Ultimately, these new directives will help protect people’s personal data and help everyone who handles data better understand their responsibilities.

“I’m pleased GDPR is coming,” said Joanne Bell, Managing Director of Bells Accountants and a longstanding client of Make Me Local.. “These regulations are designed to protect our clients and our staff from a breach of data or from a small business inadvertently misusing the data that is in their care.”

What if other people store data on your behalf?

If other people are storing data for you, like a marketing agency or other supplier, both parties need to take responsibility for gaining data consent.

Your obligations:

Establish whether your supplier is storing any data on your behalf
Make sure that data is stored, processed and maintained in accordance with GDPR

Your supplier’s obligations:

Make sure any new data stored or processed on your behalf is obtained with explicit consent and is stored securely
Make sure any older data was gathered with explicit consent

If a supplier is processing data on your behalf, you should update your contract with them to include some mandatory clauses. You can find more information on this in Article 28 of the GDPR.

How does this affect the way you work with your marketing agency?

The GDPR introduction should actually be great news for marketing as an industry. The regulations are being put in place to ensure data is used in the right way – they aren’t something that should worry you. This will weed out practices people tend to frown upon, such as:

Pre-ticking opt-in check boxes
Using product sign up details to send marketing materials
Remaining vague about how data will be shared and used
Bulk buying lists

These techniques are outdated and, whilst they might get leads, they’re unlikely to convert – they’re invasive and are more likely to irritate potential customers. This means agencies will have to think of new, more creative ways to market your business, which are more likely to attract new customers.

What are Make Me Local doing to protect data?

We’ve never used any of the shady techniques above, but we still have to ensure that we’re going to be meeting all regulations associated with the GDPR.

“We will be taking steps to ensure our clients’ websites are GDPR compliant” says Lee Diggens, Head of Sales at Make Me Local.

“Any part of a website that is designed to capture data, such as a sign-up form, will have a suitable and explicit opt-in (or out) message. This way, we can be sure people fully consent to our customers using their personal data. We’ll be contacting all our clients individually about the changes in the near future.”

These are the steps we’ll be taking to ensure we’re GDPR compliant for all our clients:

Ensure we store all data securely and remove old, irrelevant data
Ensure people are explicitly asked for their consent before giving over details, such as on a data capture form on a website
Ensure our website are not using cookies to influence what a visitor might see

We don’t want to be caught with our pants down when GDPR comes into effect, and we’ll be helping our customers to apply their own belt and braces approach!

Are you ready? Make sure you don’t leave yourself exposed…