Are you ready for General Data Protection Regulation (GDPR)?
For the most part, the GDPR’s main concepts and principles are the same as the DPA’s, so if you are complying with current law, your approach to compliance will remain valid. However, there are some new elements that are different, meaning you will have to do some things for the first time and some things differently.
As such, it’s important for you to be aware of the changes – in order to be able to stay compliant when the new legislation is introduced next year.
What do you need to know?
One of the biggest changes that is being introduced with the GDPR is the higher standard for consent. This is particularly important if you engage in Direct Mail Marketing – and you may need to alter your consent mechanisms as a result.
The GDPR states that you must:
· attain unambiguous consent, involving a clear affirmative action
· separate consent from other terms and conditions
· remove all pre-ticked opt-in boxes
· keep clear records demonstrating consent
· provide an easy means to withdraw consent
· review all existing consents and, if they do not meet the new GDPR standard, obtain fresh consent
Ultimately, this means that if you are sending out Direct Mail to your clients, you must ensure that they have unambiguously consented before continuing to do so. By not giving your clients a clear chance to agree to any sharing or use of their personal details, you may be in breach of the GDPR and data protection law.
What do you need to do?
- ensure that you have the facilities to allow your clients to consciously opt-in to any marketing materials you intend to send them (while opt-out boxes are still a legitimate way of inferring consent, the Information Commissioner’s Office (ICO) discourages their use) – this might be through a new ‘opt-in’ campaign or by updating your direct mail system
- review all previous consents – ensure they are up-to-date and comply with the GDPR’s new standard
- attain fresh consent for any existing clients who have not unambiguously opted-in
- cease sending marketing materials to those clients who have not taken action – either to opt-in or opt-out; ambiguity will not be tolerated by the GDPR
- allow time to make these necessary changes to your system
- maintain detailed records of those who have opted-in
While you have until May next year to arrange any relevant changes to your systems, it is certainly worth taking action now. Not only can the reputation of your business be affected if you disregard the guidelines laid out in the GDPR, but you may also be open to substantial fines.
For more information about the GDPR and what you need to do to remain compliant, visit: