You have until next May to ensure all your contacts have ‘opted in’, says Gemma Antrobus, chairman Aito Specialist Travel Agents
So what does GDPR mean to you? Six weeks ago, it meant nothing to me, so don’t worry if this is the first time you are reading about it. It is, however, something you can’t ignore.
GDPR is yet another thing set to test the resolve of business owners in 2018. Add it to the Package Travel Directive and credit card fees, and the saying ‘everything comes in threes’ springs to mind. Let’s hope that’s it for now.
For any business with a database, whether B2B or B2C, life from next May will change drastically in terms of the data we hold, how we hold it and what we use it for.
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens regarding data privacy and to reshape the way organisations across the region approach the topic.
Well, that’s the official bit out of the way. So what does it mean to you and me?
Come May 2018, it will no longer be possible to hold and use a client’s data without their explicit ‘opt in’ consent. Up until now, implied consent has been acceptable – this is where you give clients the option to ‘unsubscribe’ from marketing campaigns – but this changes next year.
All contacts within your database will have to agree specifically to allow you to hold their data (apart from their transaction with you) and businesses will have to record this consent and date-stamp it.
For the purposes of marketing and promotion, if given consent, data can be used for three years before consent must be sought again. For statistical purposes, this period is seven years.
So what happens if you don’t ask clients for their consent to use their data? As of May 25, 2018, you will have no database whatsoever to use.
Yes, it’s that serious – and the penalties for non‑compliance are hefty.
Organisations can be fined up to 4% of their annual global turnover which, when you do the maths, shows just how seriously we all need to take this.
It’s not, however, doom and gloom just yet; there are still 11 months before GDPR comes into effect.
Until then, you can contact your database as many times as you wish to ascertain if they’re happy for you to hold and use their data – just don’t forget to record and date their permission.
Will our databases shrink? Undoubtedly. But so will print and digital marketing costs along with them.
What I hope is that our databases will become far more responsive. We can expect that a much higher proportion of the recipients of our marketing and promotions will be people who actually want to hear from us.
As this is something that affects all organisations, it really does surprise me that I’m not being bombarded daily by the major brands that send me regular promotional emails.
So what can you do? Don’t wait. Obtain further information. Attend seminars or workshops and do whatever you can to protect your database before May next year.