For those of you that haven’t already started to plan for GDPR, or possibly may not have even heard about it at all then please read on! GDPR (General Data Protection Regulation) is a new EU regulation designed to reinforce and expand individuals’ data privacy rights and streamline protection legislation. Businesses now have under one year to make the necessary changes to ensure compliance as this will be enforceable from 25th May 2018! So if you have a CRM / database you use to market to potential candidates, clients or customers then this is going to affect you!
The bad news…
- If you fail to comply with the new rules then you could face a fine up to €20,000,000 or 40% of your global turnover – whichever is higher.
- Even though this is an EU legislation, Theresa May has confirmed that the GDPR is likely to continue to apply in the UK post-Brexit.
- GDPR could well become the new “PPI” – with companies dedicated to highlighting misconduct to consumers, and seeing as this phenomenon has reportedly cost our banks upwards of £40bn then it’s not something to ignore!
The good news…
- Try and look at this as an opportunity – if your database is so outdated that you’re sending marketing communications to people that aren’t interested in working for you or using your services then getting rid of this bad data isn’t going to affect you.
- Having a thorough data cleanse will leave you with a list of more relevant people, meaning you can send out future marketing campaigns that are more targeted and avoid the “spray and pray” method which can cost you more with less ROI!
- Most companies are just starting to make changes for this so you still have 9 months to get compliant!
A few things you’ll need to do…
Get a double opt-in
This is basically a way to prove the person you are emailing has agreed to your communications – it’s essential because GDPR states that you need a proven record that any data subject you contact has given you permission to contact them. For example if a candidate fills out their details on your website, you can follow up with an email to confirm the details are accurate to ensure you have their consent to opt-in on record. We recommend you adopt this method for your candidate CRM as well as your customer / client database as well.
Cleanse your current data
Before GDPR becomes enforceable take the time to cleanse your current database and obtain fresh opt-in agreements from those stored within your CRM. Don’t get hung up on having to remove those that don’t come back to you or want to unsubscribe, think of it as a clean slate for you to really refine your marketing activities and see better results in the future!
Look at the ways your contacts can opt-in (and make sure you can prove it)
If you’re sending an email as a double opt-in tool then look at forms of reCAPTCHA that will show the date, time, IP address, consent statement and source of your contacts. You can also work these opt-in forms to your actual website, whether it’s at the point of applying for a job or downloading your content.
Be careful of business cards
If you’ve ever exhibited at a job fair or trade show or similar then chances are you’ve collected business cards from potential candidates / customers to add to your database. When GDPR comes into play then a business card isn’t going to be considered “provable consent” so get digital and use a form fill to get opt-in from your exhibition prospects!