Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

GDPR Made Simple - a guide for small businesses

414 Aufrufe

Veröffentlicht am

A guide for small businesses using data for marketing. This document does not constitute legal advice, it will answer some basic questions and signpost the more detailed information that is available free of charge for small businesses.

Veröffentlicht in: Marketing
  • I think you need a perfect and 100% unique academic essays papers have a look once this site i hope you will get valuable papers, ⇒ www.HelpWriting.net ⇐
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • D0WNL0AD FULL ▶ ▶ ▶ ▶ http://1lite.top/bWZGm ◀ ◀ ◀ ◀
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

GDPR Made Simple - a guide for small businesses

  1. 1. GDPR MADE SIMPLE Quercus Marketing A guide to marketing & GDPR for small businesses
  2. 2. The story so far… • GDPR stands for General Data Protection Regulation • New rules come into force on 25th May 2018 • The principles of data protection haven’t changed, but there are tighter requirements around taking responsibility for protecting the data you hold and getting permission to use it • Fines for non-compliance can be up to 4% of turnover or €20m whichever is greater • The new rules are applicable to ALL personal data, not just data used for marketing (i.e. staff records, payroll data)
  3. 3. What about Brexit? • However you feel about it, leaving the EU makes no difference. We signed up to the new rules in 2016 and the laws will still apply from May 2018.
  4. 4. The Information Commissioners Office (ICO) states the purpose of the regulations as follows: “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”
  5. 5. What does the new regulation cover? • The regulations apply to any information you hold about a person that could identify them as an individual. • The regulations apply to ALL data, even if you don’t hold it electronically • So if you have a handwritten list of names and addresses of potential customers in a drawer, that’s personal data (not recommended!).
  6. 6. How does this affect me? For small business owners using customer data for marketing, the new rules cover three key areas : • Looking after the personal data you hold • Obtaining and managing permission to use personal data for marketing • Being open and transparent about how you’re using data
  7. 7. Looking after the data you hold • You are equally responsible for the security of your customer data, even if someone else processes it for you (this could be an email provider like Mailchimp or a personal assistant) • Any third party suppliers you work with must comply with the rules too, so always make sure you work with reputable suppliers. If they can’t reassure you about their own compliance then find someone else to work with.
  8. 8. More about looking after data • You must keep any personal data you hold secure and up to date. Some things to consider here are.. • NEVER email personal data to someone else or carry it around on a memory stick. • If your contact data is currently in a spreadsheet then consider using a CRM system. This will help ensure the personal data you hold (and are responsible for) is properly protected. • If this isn’t possible just now, then use password protection on your Excel document and make sure your computer is as secure as possible against viruses or hackers.
  9. 9. Getting permission • You must obtain EXPRESS consent from someone before you use their email address or mobile number to send marketing information. • Pre-ticked boxes, or statements such as “By giving us your email address you agree to receive marketing emails” won’t do the job. • Consent must be separate from other terms and conditions and can’t be a precondition of signing up for a service. • You must make it easy for people to unsubscribe from marketing emails every time you email them.
  10. 10. Do I need “double opt-in”? • The double opt-in process includes two steps: 1. A potential subscriber fills out and submits your online signup form. 2. They receive a confirmation email and click a link to verify their email address, which is added to your email list. • Double opt-in isn’t a requirement for GDPR compliance but it is useful to verify the email address entered. (If there’s an error or the email address is invalid, the customer won’t receive the step 2 email so won’t be added to your database) • Most email providers have this built into their system for you but if you’re not using one you don’t have to replicate it.
  11. 11. Managing the permissions you hold • If you use data to send marketing emails, you must keep records of the consent you have obtained. • This means keeping a record of your data collection form with the wording you use and recording when people give you their consent. • You can record consent by adding a Yes / No column or field to your Excel sheet or CRM system and a date so this is attached to each contact you hold. • All reputable email providers will have a system in place to record consent and the date it was given to help you manage your data in a compliant way – ask them what they have in place.
  12. 12. Do I always need to obtain permission? • If someone buys from you, it’s perfectly reasonable that you will use personal information they provided to deliver products or services or provide follow-up information so consent isn’t needed. • If someone hands you their business card at a networking event, it’s reasonable to expect that you might contact them afterwards, to follow up your conversation or arrange a meeting. In this case you don’t need consent • BUT If you then keep the personal information collected in these cases and use it to contact someone in the future about new products or add them to your mailing list, their express permission will be required.
  13. 13. What about social media? • You don’t need consent to contact individuals through social media because the user agrees to accept the Ts and Cs of the platform which include privacy terms, so communicating within the platform via your Facebook Pages or Groups for example is not affected. • You are not allowed to obtain personal contact details of followers or connections (such as email addresses) and use them to communicate directly with those people unless you have their express permission.
  14. 14. Being open and transparent • You must be very clear about what you will do with the customer data you collect. The way to do this is to write a Privacy Notice for your business. • The Privacy Notice tells people what personal data you hold, how and where it is stored, how long you will hold it for and how you plan to use it • Although not legally required, it’s a good idea to display the policy on your website since you have to have one anyway and it reassures people you’re looking after their data. • The ICO website has good and bad examples of privacy notices here and consent wording so you don’t have to create your own from scratch.
  15. 15. Individuals’ rights Under the new rules, we as individuals have stronger rights… • The Right to be forgotten: • Every individual has the right to have their data deleted • Subject Access Requests (SAR): • Every individual has the right to ask what data you hold about them • If anyone asks for data to be deleted or asks what data you hold, you must respond within one calendar month and you must provide the response free of charge.
  16. 16. If something goes wrong • If the data you hold is no longer protected (if your email is hacked or you lose your laptop with an Excel document on it) you must notify the ICO within 72 hours. • The ICO will assess the likely impact on the individuals involved and provide FREE advice about what to do next. • The ICO is there to help you so do contact them straight away.
  17. 17. What can I do now? • Make a list of the data you hold, how you collected it and where it is stored • Check and update the wording on your data collection forms / website. Use the ICO examples here to help you. • Write a privacy notice for your business and include a link to it on your website • Contact everyone you hold an email address for now and obtain permission to continue sending them marketing information about your business. • If they don’t give their permission, remove them from your mailing list. You will lose people from your list but it’s far better from a marketing point of view to be talking to people who actually want to hear from you!
  18. 18. In a nutshell… You are responsible for the security and protection of any personal data you hold Don’t use personal data for anything you don’t have permission for Don’t panic, don’t be scared and remember you don’t have to pay for advice on GDPR
  19. 19. I’m not an expert! Although I know some stuff, I am not a GDPR expert and I’m not able to give advice on specific businesses or issues There is loads of free advice and the best place to start is the Information Commissioner’s Office (ICO) website Or call the ICO small business helpline: 0303 123 1113 (Select Option 4) (I have always found them helpful despite being under a lot of pressure just now!)
  20. 20. If you would like to help navigating the minefield that is marketing, hop over to my Facebook Group, the Marketing Pop-In here. If you have a marketing challenge you’d like to discuss drop me a note via Quercusmarketing.co.uk or call me on 07879 993744 A conversation costs nothing.