GDPR - What is it and how does it affect you?

GDPR General Data Protection Regulation. EU data

What is GDPR?

You may have heard the words GDPR bouncing around the internet recently (we all love a good acronym don't we...!).  GDPR stands for General Data Protection Regulation and is the new law that's being set into place on 25th May 2018 to help protect the data of those who live in the European Union.

It's essentially a law to protect people's data from being passed on or unlawfully being used. 

Don't live in the EU? 

If your business collects contact details from customers in the EU (email address / addresses / etc) then GDPR will affect you no matter where your business is located. 

How will this affect you as a Creative business? 

If you collect contact details from anyone in the EU there may be some changes you need to make to become more compliant with GDPR. 

1. Make sure you have a double email opt in. No longer will you be able to get someone to type in their email address into your online form and then be straight on your mailing list.  Under the new GDPR rules there will need to be a double opt in, therefore they'll have to receive an email from you and confirm for a second time that they want to be contacted by you. 

2. Make sure you don't collect information you don't need. Are you currently collecting people's date of births or even their last names? Do you need this? If not then under GDPR you may no longer be able to lawfully collect this information.

3. You will need to be mindful when collecting people's details and then contacting them at a later date about something else. You will need to make sure when collecting people's data that you state why you will contact them (a newsletter or about a shop update) and if you were to contact them about something else, this may not be in line with the new GDPR rules.  You'll therefore need to make sure you're open about what each person is signing up for and you may need to get them to sign up to a new mailing list if you want to contact them about something else. 

4. EU contacts have expanded rights regarding the use of their personal data, and can request their data  be deleted, moved, or corrected at any time. You therefore need to make sure you have a system that will allow for this, something like MailChimp would be a great one. 

4. People will need to know how their data is being used. You'll therefore want to make sure you get a privacy policy / disclaimer on your website which provides them with this information. 

If you're doing B2B business then please note some of the above rules may be slightly different. I recommend you have a good read of the ICO's website (link below), it can be a bit of a snooze but it's important to understand.  For those who love a good podcast, I recommend listening to Janet Murray's episode about GDPR (link below).

As always, if you have any questions, please don't hesitate to contact me. If you're interested in working with me you can find out more about my packages over on my consultancy page. 

Resources

Information Commissioner's Office - The place for ALL the info 

Janet Murray's Podcast - A great audio update on what GDPR is

MailChimp - Support on how to make life easier with GDPR