No doubt you've woken up to the fact GDPR is not just a Y2K-style storm in a teacup. It's nearly here and it is a rare business that doesn't need to make some kind of change to comply with it. So how are you feeling about it? Are you sitting there contemplating a nicely ticked checklist and raring to go with your next GDPR-compliant marketing campaign? Or not? Whichever, we think it's time for a look at the positives because there definitely are some.
Tiger Law is fully engaged of course. We've got our own website and systems review underway and we're providing clients with audits, advice and implementation along with our partners. Tiger HR is updating Employee documentation and handbooks.
GDPR provides a good example of how we work at Tiger. We realise that the changes needed are an unwelcome expense for most business owners. Our audits and advisory services are focused on finding you the best value way through the changes you need to make to comply with the new legislation.
We are a law firm but we are also a business like yours, making our way on a tight budget and constantly looking for economical ways to sustain and grow our business. What we want to let you know is that there are some good things for you in GDPR if you embrace it rather than just papering over the cracks and trying to work round it.
Read Tiger Law's Quickfire Summary of GDPR.
All the basics in one downloadable pdf.
The ICO wants you to relax
Because the B2B world is infested with marketing departments who think that the best way to sell something to a business owner is to frighten the life out of them, there are of course quite a lot of myths and scare stories doing the rounds.
Yep, sure, this piece of legislation can't be ignored, it really can't. There is probably something you need to do about it even if you are a tiny business. But it's not nearly as bad as some people are making out.
So much so that the Information Commissioner Elizabeth Denham wrote a blog post to reassure people. She made some pretty direct points about the nonsense that has been broadcast about the Act.
Elizabeth Denham, Information Commissioner: GDPR – Sorting the fact from the fiction. August 2017
“…there’s also some misinformation out there too. And I’m worried that the misinformation is in danger of being considered truth.
“GDPR will stop dentists ringing patients to remind them about appointments” or “cleaners and gardeners will face massive fines that will put them out of business” or “all breaches must be reported under GDPR”. I’ve even read that big fines will help fund our work.
For the record, these are all wrong.”
Ms Denham also noted that although GDPR confers on the ICO the power to levy enormous fines for flouting the rules, it really is not as draconian as it sounds: "Issuing fines has always been and will continue to be, a last resort. Last year (2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned. And we have yet to invoke our maximum powers."
The ICO does have teeth, and they will use them. But colossal, business-ending fines are not their major priority. They have other means at their disposal and transgressors get plenty of opportunity to put things right and mend their ways.
Embracing GDPR will improve your brand
In fact, the updates and improvements that the Act requires you to make will make a world of difference to your user's trust in you. That goes for employees as well as customers and site visitors.
Take a simple email sign-up form for instance, and compare the two below.
This second one - our real one for signing up to be notified when we publish new posts on the Tiger's Eye blog - is GDPR compliant because of the carefully worded acceptance text which they have to check in order to subscribe. And although that's not all you need to look at in terms of your website's data collection and storage functions and its published policies, as far as your basic forms are concerned, that's all there is to it.
A great opted-in marketing list is an important asset for any business. It takes time - quite a lot of time - to build a really good one. The requirement to be absolutely transparent with your customers and website form signer-uppers about exactly what you want their data for not only makes them feel more comfortable about giving you permission to mail them, it can give you much more accurate information about what their interest in you is.
What sounds more valuable to you? 1000 random sign ups or 500 who have clicked some boxes saying what kind of mail they are interested in receiving and whether or not they are prepared to accept a call to discuss their needs?
Anyone who has ever done any prospecting by phone or email knows the answer. The more qualified your prospects are the faster you will hit your targets with less calls, texts or emails.
Plus, this approach makes it even more worthwhile to target people based on their real interests and to tailor your communications to far greater effect.
But even if you are not going in for sophisticated split targeting, GDPR fits hand-in-glove with one of the oldest tenets that copywriters swear by: "Need - Feature - Benefit" as the do-all structure for any persuasive communication.
In very brief terms, you start and end with your focus on the customer, describing their need, then telling them what you have for them that will fix it (your features) and ending with what benefit they will receive by buying your product. It gels perfectly with GDPR because the Act's is focused on the consumer (which all good marketing should be) and the rights of the individual. GDPR requires you not only to tell people that you are collecting their data but also why. And as any veteran direct marketer will tell you, it really works.
Add clear, truly customer-focused communications to a thorough audit of your processes and good clear out of your data, and you will not only be compliant with GDPR but also on course for impressive, sustainable results from your marketing efforts.
Here's a tip we picked up recently: Why not try postal mailers for a change? According to the ICO website “You won’t need consent for postal marketing but you will need consent for some calls and for texts and emails under PECR.” So if Direct Marketing is your thing, maybe it's a good time to give the postman the job.
The ICO has your "Legitimate Interests" at heart too
It's very important to understand what "Legitimate Interests" means in your particular case. GDPR demands that you document exactly why you are processing data (for example for a mailshot) in each case and the reason must not be vague. In fact legitimate interests cover a broad range of business needs and are not nearly as restrictive as some people have made out. It's a legitimate interest for a company to want to market to people. You will need to assess and document your legitimate interests for each campaign.
The ICO provides a three-part test:
1. Purpose test: are you pursuing legitimate interests?
2. Necessity test: is the processing necessary for that purpose?
3. Balancing test: do the individual’s interests override the legitimate interests?
The ICO explains “The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, or IT security as potential legitimate interests, but this is not an exhaustive list. It also says that you have legitimate interests in disclosing information about possible criminal acts or security threats to the authorities."