Make Your Existing Data GDPR Compliant


Most companies have some sort of database of names and if not used, GDPR will have little impact on your business, but, if like many you have email or direct mail lists, you need to be thinking how are you going to make the lists GDPR compliant, especially if you’re in the consumer market space.

GDPR Compliant – Prove It

Many have collected email addresses and started using them without proper consent from the person. For example, you’ve collected emails at the point of sale and just started email marketing them – that will no longer be acceptable. You’ll have to prove the person agreed to receive marketing material.

Double Opt-in, which means the person said yes, then received a follow up email, which they had to click to accept before they go on your list would be one way, although you’ll also need evidence that the list was built that way from the beginning.

If you make sales in a retail store and collect emails, you may need to get the customer to sign paper work, which can have the opt-in tick box/s, for different types of marketing you wish to send.

What to do with Existing Lists?

You’ll need to get them to opt-in again and be able to prove they’ve done so between now and May 25th, 2018. Many will already be working on this as it’s no simple task.

Re-Opting in for GDPR

If you can’t prove how consumers and potential consumers got on your existing lists, you’ll need to get them to re-opt-in.

The stats show just sending an email will only get about 8-12% to re-opt-in, so 90% of your database will need different incentives / approach to getting that opt-in.

This could involve sending mailings or making telephone calls, although even if they say ok, how do you prove it unless you record all the calls?

Over time, everyone on the list will also have to be re-affirmed as still ok receiving marketing or other material from your company, although at the time of this writing, the time period between re-affirming is still to be agreed.

GDPR a Good Thing

Many will complain about GDPR and some will ignore it, but in the long run, it will become standard practice.

Software providers will ensure their software is compliant both, in itself and in the way it’s used, which in turn will help enforce GDPR on the companies using their software.

The other point worth considering is that when people stop using their out of date data, it will mean those that are GDPR ready will have less competition!

The fact is, many will have lists of data, that will not be legal after May 2018, so get ready to take advantage.

Software Consideration and GDPR

Data must be stored in the EU – so, you need to ask your software providers where they store your data and if it’s outside the EU, you need to ask them what they are doing about GDPR. If they say, “GD What?” you may need to start looking for another provider.

Email marketing is a case in point, with many storing our data outside the EU, but it can as easily relate to your cloud based CRM.
List out the software that you store personal data on and find out where in the world the data is stored.

No Matter how GDPR is Viewed

It will have to be actioned, so the sooner you start the better prepared you’ll be and the less you’ll be worried about the ‘knock on the door’.

Where to go for More Information

To keep up to date with what’s happening, you can go here, but if you want a good place to start you can use either or both documents:

Quick Reference:

Full document:

Do Your Own Due Diligence

I want to make it clear at this point,  you should do your own due diligence on what you need to do, because there are variables that impact how your data usage is viewed in terms of GDPR.

We Have Some Other Blogs you may want to Read to Help Understand What’s Happening With GDPR:

What is now considered ‘Personal Data’? It’s changed to better align with today’s technology.

Security of your data or other company’s data if you use it. We’ve become complacent about the security of data because technology makes it so easy to use.

Digital Marketing and GDPR – an overview of the different areas that can be affected and pointers on collecting data in the future.

Leave a Reply 0 comments