GDPR is coming – should we be scared or simply bored?
May 2018 is when you start to get your direct marketing and data usage into gear. Gone are the times where you can spam people, where you can say that they have opted in when they haven’t.
Oon the 25th May 2018 GDPR (General Data Protection Regulation) will come into force and it will set off what has been described by some as a nuclear bomb under every aspect of direct marketing.
Fears, Concerns and Myths
There are so many rumours being bandied around that nobody really knows what the rules are. Here are some that we’ve all heard:
- You will have to take all your carefully collected, monitored, mailed-to customers and prospects, throw them away, and start again. Unless you have detailed opt-ins for every mailing, you must stop contacting your customers.
- It’s going to be as bad as the millennium bug.
- We’ll have to stop sending out our email newsletter.
- All our data collection will now be heavily controlled and regulated with severe penalties incurred by any of us who do not comply.
- I won’t be able to collect business cards at exhibitions, so I can’t try to sell my products, so what’s the point of exhibitions?
We’ve all heard these fears and concerns and while there are elements of truth in each, they don’t paint the complete picture. The reality is both more complicated and yet simpler.
Reasons for contacting Customers
It all comes down to your reasons for contacting customers and prospects and whether they are ‘people’ or ‘companies’. This is a key distinction as they are both covered under slightly different parts of the regulations. You have to deal with each slightly differently.
There are a number of grounds under which you can legitimately process data under GDPR but perhaps the two most interesting for small to medium businesses are:
- Consent for specific purposes
- Legitimate business interests
Realistically, we believe that most businesses will be able to continue with most of their current activity (unless they already skirt the law, of course). It’s more a case of understanding what you are doing, defining why you are doing it, tailoring it as necessary and changing the message to make it clear to everyone.
For the majority of small to medium businesses, GDPR will, as the Information Commissioner says, “be an ongoing journey”. It’s not some apocalyptic event which will derail your business. It’s not intended to kill your business, it’s not the nuclear bomb it has been described as.
We suspect that many global businesses will probably ignore it, while pretending not to of course. At a recent training session run by the IDM, the speaker expressed the view that companies like Facebook and Google will never adopt GDPR. They will merely fight it out in court and pay the fines. It is, in his opinion, almost impossible for them to meet the requirements, the data they collect and process is simply too complicated and too ingrained in everyday life.
Whether this is true or not, in our opinion, while they are chasing global companies it’s highly unlikely that the GDPR Police will raid a pet shop in Crewe and fine them 4% of turnover. Particularly if that shop is behaving reasonably, has taken steps, and is securing and managing their data appropriately.
It’s easy to become GDPR Compliant
The reality is that by following a fairly simple process and then adopting some simple, and to be honest, reasonable measures (particularly on data security), the average business can meet GDPR, and crucially – be seen to meet it.
Having gone through the GDPR process with several clients, we know that the main issue is often, not how difficult it is, but how boring it is. The analysis of data, review of security, mapping of processes and completion of balancing tests are all far less exciting than they may sound. It can become an excruciatingly long, slow and tedious procedure, especially for the business owner who would rather be running their business and generating new customers.
So why is GDPR made out to be the scariest thing in the world? Why do consultants talk about it in hushed tones and dress it up in complexity and complication?
Well, if you lead people to the edge of a cliff and give them a little shove to make them think they’re going to fall, how easy it then becomes to sell them your services to save them.
GDPR is an issue, yes. It’s not easy, and it is something that you will have to address. But we suspect that the biggest barrier will be how dull it is, not how difficult it is to comply.
Guest Blogger – Martin Corlett-Moss
Today’s guest blog is written by Martin Corlett-Moss owner and founder of MCM2 Marketing Agency based in Nantwich. He’s a straight-talking, marketing professional who knows what he’s talking about and gets stuff done – simply and concisely. He is a marketing guru and ppc expert.
Martin works with small businesses to help them grow.
For info on the IDM Courses: https://www.theidm.com/marketing-courses/legal-and-regulation/general-data-protection-regulation