POST
Steps to become GDPR compliant
Author: Alan Richardson
As a small business, I wasn’t particularly aware of the implication of EU GDPR which starts to be enforced on 25th May 2018. But it will impact me, and any small business that actually engages in direct marketing or sells products. And that might include you.
What is GDPR?
Recent news stories and blog posts have highlighted its importance:
- FaceBook and WhatsApp will not share data
- IT Businesses not ready for GDPR
- LeadFuze are in the process of removing EU contact data
You can also learn the basics of GDPR in this short video:
Why does it impact my business?
Because I have:
- customers who have bought stuff
- a CRM system
- email lists
I am a ‘Data Controller’ in terms of EU GDPR.
I will have to comply with EU GDPR or potentially face a fine of up to 4% of annual global turnover or 20 Million Euros (whichever is the greater).
Basic Steps
Sadly, I’m not a big business, so any work I do on GDPR takes away time from growing my business and meeting other commitments. It is easy to see that many businesses will not be compliant by the time 25th May 2018 rolls around.
- I am slowly building a “Record of Processing Activities” to identify what data comes in from which systems, with which attributes, and identify what privacy terms and conditions have been communicated around that data.
- I have created Google Alerts for “EU GDPR”, “UK GDPR”, “Small business GDPR”, “email marketing GDPR” to help me stay up to date and keep the issue in my field of awareness
- I have planned in time to my calendar after I have met some deadline to really address the GDPR implications.
- I am learning from all the emails I’m seeing from other people which show me the actions they are taking
- Search google mail with “in:trash gdpr” to see what other people have done
The issue for many companies, with emails I’m seeing is that they are saying things like “we are contacting our customers to make sure they’re still interested in receiving relevant communications from us” “we require you to tell us if you’re still happy to receive the latest news we send out”. But there is no easy call to action in the email. These companies will lose me from their database.
Email List Impact
Part of the issue I have is that I have migrated from multiple email systems over the years and the ‘has this person double opted in’ flag did not always migrate. So it looks as though people might not have double opted in to the list, even though they did.
It these people have not double opted in by 20th May, I will delete their email details from my mailing list system.
I suspect that my mailing list numbers will probably drop from about 4500 people to around 1000.
Which is fine. That equates to about a 20% open rate and I retain people who actually read my emails.
It seems likely that after the 20th May my open rates may exceed 70% or 80%, which will be good for future marketing efforts.
Email List Compliance
I’m currently conducting a set of GDPR compliance email campaigns.
- I am standardising on a single email list for each brand
- this will allow me to trim the fat from my mailing list system and make it easier to maintain
- for each of my email lists, I am sending ‘double optin to receive emails GDPR’ compliance - this is only sent to people who are not on my main email list and have not been marked as double opt-in.
I used automation in my mailing list system SendInBlue to monitor clicking on a web page I have created so when people click on that link, they enter the automation flow which triggers a transactional email that they can use to double opt-in to the email list. This was a temporary measure just to ensure double optin for everyone.
For each of my newsletters that I send out, I have two versions:
- one for people who have been marked as double opt-in
- one for people who have not been marked as double opt-in
- this includes a link and button for the automation flow mentioned above
Time
This all takes quite a lot of time, and I’m spending about an hour or so a day, just on GDPR, but if I drip feed the time then I’ll be compliant prior to the enforcement data. And I’ll have spent more time re-engaging with people on my list.
Future
The Future of marketing, given GDPR is going to be interesting.
In some ways I’m starting from scratch, trimming my email list down to the bone and re-engaging with list building.
- I can see more permission funnel marketing with very specfic calls to action
- i.e. sign up for this 7 week email course on “How to X”, where each episode has a call to action to sign up to a mailing list or buy a product. And if the call to action hasn’t been taken up by the final email, we have to delete the email from our funnel list.
- I can see more broadcast marketing with a call to action for sign up or purchase
- e.g. because my newletter numbers drop, I will probably create a monthly summary YouTube and Facebook video where the call to action is to sign up to the mailing list so you get this information in a more timely fashion and in more detail.
- I can see more signup freebies
- i.e. double opt in to my newsletter and I’ll send you this free ebook or infographic or video training etc.
- I can see more product based marketing
- i.e. create small products that list the email list in the free preview on Amazon kindle etc.
Marketing is going to be much more call to action driven, because we can only gather emails for specific usage which is declared at the point the person signs up.