How to Manage Contact Data and Stay on the Right Side of GDPR

by Joanne Dolezal on 17th June 2019

It’s so tempting to take shortcuts to building your database of contacts, like buying lists, scraping contact data (off the internet) or ‘borrowing’ contact data from other businesses.

When data collection is done properly, though, it makes a huge difference to the quality of your email lists, your marketing budget and the success of your email campaigns.

The money’s in the list.

Or is it. We are told that the bigger the list, the greater the success, because you have a larger number of people you can convert to take action. But think about the quality of the personal (contact) data you have retained. Your mailing list may only have 300 people on it, but you may know them all: they’ve bought from you in the past and were happy with the experience. Every time you go back to them they will buy again. Those 300 personal contacts are worth 10,000 email addresses you obtained from other, more questionable sources.

Of course you can still buy customer data even now, but it will convert at the same low rate it always did (<1%). You can ‘borrow’ or scrape data from other sources, but the media have done a great job of raising consumer awareness of GDPR and the rights of the individual – so expect to get ‘spam’ reports and possible complaints. These could even lead to fines if you’re unlucky.

Alternatively, if you develop a longer term strategy you can build your mailing lists ethically and legally. In the next few weeks we’ll be sharing a variety of online and offline tactics you can use to build (or rebuild) your contact data and mailing lists.

Now for some good news

There is no restriction on emailing or texting “corporate bodies”, just the named individuals who work there. These are the so-called ‘Data Subjects’ and the law is just as strict for B2B as it is for B2C, sadly.

There is no restriction on postal mail (brochures, invitations, nifty branded campaigns) to “corporate bodies”. However, individuals need to be offered an easy way to opt out.

Ways to obtain consent to communications

It’s important to get the foundations right so you will no doubt already have gone through the following actions to bring your data gathering and usage in line with the EU General Data Protection Regulation (GDPR). Just to recap though:

  • make the request prominent, concise and in plain English
  • Separate it from your Ts & Cs
  • Name your business and any third party recipients
  • Tell Data Subjects (whose personal contact data you have) what you want to do with their personal data and why you want it
  • Emphasise the ability to withdraw consent at any time
  • Don’t use pre-ticked boxes or default settings
  • Keep records – who consented, how and what were they told
  • Review consents regularly and refresh them when there’s any change in use

The ICO – Information Commissioners Office – is overseeing the implementation (and policing) of GDPR in the UK and they have a range of excellent guides on how GDPR should be interpreted and implemented.

If you are a new business or in the early stages of marketing, take some time to get your data management processes set up. There are many sources or free advice and freeware (free software) to help you. Alternatively you might want to work with a marketing consultant or agency to advise you.

If you are a more mature business, GDPR may well be a good opportunity to refresh databases generally and comply with other existing regulations, like the Data Protection Act 2018.

Stay on the Right Side of GDPR

1. Get the opt-in wording right and run it past a legal adviser if you’re unsure (or you are gathering sensitive data through forms on your website).

2. Make the language clear and unambiguous

3. Review the areas on your website that allow sign ups, subscriptions and enquiries – add an invitation to join your mailing list and a link to your privacy policy

4. Check and review your cookie and privacy policies – are they easy to find?

GDPR came into effect on the 25th May 2018 and will be ‘managed’ in the UK by the ICO (Information Commissioners Office). Any breaches reported to them will be investigated.

GDPR – all you need to know – can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ – no need to recycle their guidelines.

In the next article, we’ll explore more ways of building your lists ethically and legally.

Don’t leave without grabbing your free eBook.

 

Joanne DolezalHow to Manage Contact Data and Stay on the Right Side of GDPR

Join the conversation

This site uses Akismet to reduce spam. Learn how your comment data is processed.