Can you believe that it has been a whole quarter since the last of the ‘we have made updates to our privacy policy’ emails were sent to your inbox? The new General Data Protection Regulation (GDPR) came into force on 25th May 2018 and, if like us, you have noticed much less unwanted mail clogging up your inbox, then you are not alone.
The new EU data protection law has indeed changed the game, putting the consumer on the front foot as businesses must ensure they have express permission before making contact. This means that, in theory, cold emails and unsolicited marketing emails are a thing of the past.
Panic Emails
Cast your mind back to the final week before GDPR came into effect. Email after email practically begging you to grant permission for businesses to keep on sending content that you never actually asked for in the first place.
Many, though, tried to be clever in how they approached GDPR by sending correspondence saying that, unless stated otherwise, they would automatically assume you are happy for them to continue contacting you. Quite simply this is not the case as, unless you have granted your express permission, it is a breach of the new EU privacy law. Failure to adhere to GDPR could cost the business as much as 20 million euros or 4% of global turnover.
Updated Privacy Settings
Have you noticed that when you access many websites for the first time since GDPR came into effect that you have been asked to confirm your acceptance of their new privacy policies? This shows that the website is GDPR-compliant with a newly updated privacy policy.
All websites and businesses must give you the option to delete your contact details from their database. It is now a legal requirement for businesses to remove these details when asked as consumers must
Businesses must also give consumers the option to choose how they wish to receive marketing material if they do want to remain on your mailing list. Online contact forms must give the option to choose as to how you want to receive any correspondence by email, telephone or SMS message, as an example.
Should Your Business Follow JD Wetherspoons’ Example?
Rather than ask each of the 650,000-plus contacts on its mailing list to opt-in to continue receiving news and offers, pub chain JD Wetherspoons took the step of deleting its entire database. By ‘securely’ deleting its entire mailing list, this ensures that the business cannot fall foul of new GDPR laws as a result of holding onto and contacting consumers without permission.
While this is, of course, a drastic step to guarantee compliance, it has been met with a positive reception (as well as generating media exposure for the brand). From now on, as per the email sent out to customers from chief executive John Hutson, all news will be shared via the company’s website and social media platforms, although JD Wetherspoons has since closed all of its social media accounts.
While deleting your mailing list and starting again will safeguard against contacting a consumer that has already opted out and risk incurring a hefty fine, it isn’t necessarily the best route. Carefully auditing your mailing list and removing all of those who have not opted in retains loyal customers, of which it is estimated could be as little as 25%, who do want to hear from you, whilst removing those who do not. As well as this, you may also want to review your privacy policy, review your cookie policy and remove any details for anyone that you can't or are unsure about if you can contact.
While the initial panic of GDPR seems to have settled down, it is still important to ensure that your business is compliant. If not, then every day you are gambling with your livelihood – is it really a risk worth taking?