Understanding the GDPR: What We Know at the End of 2018

Since the GDPR act was unveiled in May, it has led many companies to rethink and restructure the way they outreach and communicate with their current and prospective audiences. The new, stricter guidelines left many companies in the dark about how it will affect their businesses.

There are three main reasons why you should care about the GDPR:

  1. Failing to comply will result in fines
  2. Even if you’re outside of Europe, it’s likely you will need to comply
  3. Your customer database will be more accurate

Ultimately, companies and businesses have had two years to bring their policies up to date, but complying with the changes hasn’t been easy for everyone. Some companies have opted down the route of emailing their customers about the changes to their terms and services, whereas others have had to shut down traffic from certain audiences. For example, the Chicago Tribune had to bar certain regions from entering their website because their website did not comply with European GDPR guidelines.

Who Does the GDPR Affect?

Understanding who the GDPR will affect and how can often be confusing, given the amount of misleading and often inaccurate information online. The ICO is the only source of information that you need to follow regarding the rules and regulations of the GDPR.

So, the information below has been taken straight from ICO and Elizabeth Denham, the Information Commissioner in the UK, to help shed some light on who the GDPR affects and what you can do to adhere to its guidelines.

Personal data – this affects all information that can be used to identify someone. This includes:

  •     Names
  •     Emails
  •     Titles (careers)
  •     Locations

This also applies to both automated and manual data and even pseudonymous or key-coded data. In essence, if your business or service collects information that has the power to specifically identify someone, then GDPR will apply to you.

Email Marketing – if you rely on collecting customer’s email addresses in order to contact them, then you’re going to need to rethink the way you do that.

For example, if you’re an IT company and you want to inform people that you have a sale on, you’re going to have to prove your customers have specifically stated they’re happy to be contacted by you. Simply put, this means you will have to gain their permission in order to contact them.

There are various ways you can do this, the most popular method is by sending an online form to fill out with checkboxes. This means the recipient(s) of this email have to consciously tick a box if they would like to be contacted by you (the boxes, by default, will always be unticked). If your customer fails to respond to your email, it will be seen as dismissive and you will have no right to contact them.

Failing to abide by this rule will result in a fine or penalty depending on the severity if the action.

Understanding Charities and GDPR

One of the more controversial issues that stemmed from the GDPR was its effect on charities.

Several charities have misunderstood what the rules of the GDPR, leading them to email their donors asking them if they can still contact them, or ‘opt-in’ to their subscription service. The problem is that they never had to do this. Charitable organisations, for the most part, can still contact their donors because they fall under what the GDPR has categorised as ‘legitimate interest’ (direct mail also falls under this rule). This is a ruling that basically allows charities to keep hold of donors’ information, legally. Adrian Beney offers a simple example of how legitimate interest works:

“Here’s what we intend to do with your data. You can tell us if you’d prefer us not to”.

In contrast to consent:

        “Here’s what we would like to do with your data. Tell us if that’s OK”.

This has led to several charities losing thousands of donors because they did not read or at least understand the rules of the GDPR. Charities that chose to take the ‘opt-in’ route inevitably lost donors because not everyone will have responded, meaning these donors can no longer be contacted.

Flybe, Morrisons and Honda Have Been Fined

Big corporations have been tripped up by the GDPR regulations by failing to follow fairly simple guidelines regarding unsubscribed customers.

Flybe sent an email with the subject line “Are your details correct?” a smart and innocent way to get people to respond. However, Flybe sent that email to 3.3 million people that had already opted out and were consequently hit with a £70,000 fine.

Honda were also fined £13,000 after they emailed 290,000 people who had opted out of their marketing emails. Morrisons, in a similar incident, emailed 290,000 people regarding their new “Match and More” point scheme, but 131,000 people of that 290,000 had already opted out. This set Morrison’s back £10,500.

Ultimately, GDPR will be good for businesses because of the way it’s made us think about our online data and privacy policies. It’s forced us to think a bit more about who, online, has access to our data and how it’s being used. You could argue that several business have been exploiting our data for years, but now the GDPR is putting a stop to that.

Additionally, because customers now have to ‘opt-in’ to receiving marketing emails, businesses will lose all of the ‘false’ customers they had collected over the years. This means that when they’re correlating data, they can be sure that every customer is legitimate and isn’t simply a name on the mailing list that’s been dormant for months or even years.

Advertisements