GDPR: The Silver Linings

No doubt you've woken up to the fact GDPR is not just a Y2K-style storm in a teacup. It's nearly here and it is a rare business that doesn't need to make some kind of change to comply with it. So how are you feeling about it? Are you sitting there contemplating a nicely ticked checklist and raring to go with your next GDPR-compliant marketing campaign? Or not? Whichever, we think it's time for a look at the positives because there definitely are some.

Tiger Law is fully engaged of course. We've got our own website and systems review underway  and we're providing clients with audits, advice and implementation along with our partners. Tiger HR is updating Employee documentation and handbooks.

GDPR provides a good example of how we work at Tiger. We realise that the changes needed are an unwelcome expense for most business owners. Our audits and advisory services are focused on finding you the best value way through the changes you need to make to comply with the new legislation.

We are a law firm but we are also a business like yours, making our way on a tight budget and constantly looking for economical ways to sustain and grow our business. What we want to let you know is that there are some good things for you in GDPR if you embrace it rather than just papering over the cracks and trying to work round it.

Read Tiger Law's Quickfire Summary of GDPR.
All the basics in one downloadable pdf.

The ICO wants you to relax

Because the B2B world is infested with marketing departments who think that the best way to sell something to a business owner is to frighten the life out of them, there are of course quite a lot of myths and scare stories doing the rounds.

Yep, sure, this piece of legislation can't be ignored, it really can't. There is probably something you need to do about it even if you are a tiny business. But it's not nearly as bad as some people are making out.

So much so that the Information Commissioner Elizabeth Denham wrote a blog post to reassure people. She made some pretty direct points about the nonsense that has been broadcast about the Act.

“…there’s also some misinformation out there too. And I’m worried that the misinformation is in danger of being considered truth.

GDPR will stop dentists ringing patients to remind them about appointments” or “cleaners and gardeners will face massive fines that will put them out of business” or “all breaches must be reported under GDPR”. I’ve even read that big fines will help fund our work.

For the record, these are all wrong.”

Elizabeth Denham, Information Commissioner: GDPR – Sorting the fact from the fiction. August 2017

Ms Denham also noted that although GDPR confers on the ICO the power to levy enormous fines for flouting the rules, it really is not as draconian as it sounds: "Issuing fines has always been and will continue to be, a last resort. Last year (2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned. And we have yet to invoke our maximum powers."

The ICO does have teeth, and they will use them. But colossal, business-ending fines are not their major priority. They have other means at their disposal and transgressors get plenty of opportunity to put things right and mend their ways.

Embracing GDPR will improve your brand

With legislation like GDPR it's very important to be seen to be running onto the ball, not just reacting or issuing mind-numbing "updates to our Privacy Policy" to your opted in database (you should do this email by the way, but it's not impossible to get creative with it and turn it into a high open rate sensation).

In fact, the updates and improvements that the Act requires you to make will make a world of difference to your user's trust in you. That goes for employees as well as customers and site visitors. 

Take a simple email sign-up form for instance, and compare the two below.

The first one is an image of a non-compliant form - it doesn't allow the user to give explicit permission to opt in to the list and lay out the exact purpose that we would use their email for. Sure, it tells them that by subscribing their acceptance of our terms and Privacy Policy (which is not linked to) is implied. But that's not good enough:


This second one - our real one for signing up to be notified when we publish new posts on the Tiger's Eye blog - is GDPR compliant because of the carefully worded acceptance text which they have to check in order to subscribe. And although that's not all you need to look at in terms of your website's data collection and storage functions and its published policies, as far as your basic forms are concerned, that's all there is to it.

We would love to keep you up to date with new posts about legal news and issues. Enter your email address to subscribe.

View our Privacy Policy for more information about how we treat your personal information

A great opted-in marketing list is an important asset for any business. It takes time - quite a lot of time - to build a really good one. The requirement to be absolutely transparent with your customers and website form signer-uppers about exactly what you want their data for not only makes them feel more comfortable about giving you permission to mail them, it can give you much more accurate information about what their interest in you is. 

What sounds more valuable to you? 1000 random sign ups or 500 who have clicked some boxes saying what kind of mail they are interested in receiving and whether or not they are prepared to accept a call to discuss their needs?

Anyone who has ever done any prospecting by phone or email knows the answer. The more qualified your prospects are the faster you will hit your targets with less calls, texts or emails.

Plus, this approach makes it even more worthwhile to target people based on their real interests and to tailor your communications to far greater effect.

But even if you are not going in for sophisticated split targeting, GDPR fits hand-in-glove with one of the oldest tenets that copywriters swear by: "Need - Feature - Benefit" as the do-all structure for any persuasive communication.

In very brief terms, you start and end with your focus on the customer, describing their need, then telling them what you have for them that will fix it (your features) and ending with what benefit they will receive by buying your product. It gels perfectly with GDPR because the Act's is focused on the consumer (which all good marketing should be) and the rights of the individual. GDPR requires you not only to tell people that you are collecting their data but also why. And as any veteran direct marketer will tell you, it really works.

Add clear, truly customer-focused communications to a thorough audit of your processes and good clear out of your data, and you will not only be compliant with GDPR but also on course for impressive, sustainable results from your marketing efforts.

Here's a tip we picked up recently: Why not try postal mailers for a change? According to the ICO website “You won’t need consent for postal marketing but you will need consent for some calls and for texts and emails under PECR.” So if Direct Marketing is your thing, maybe it's a good time to give the postman the job.

The ICO has your "Legitimate Interests" at heart too

It's very important to understand what "Legitimate Interests" means in your particular case. GDPR demands that you document exactly why you are processing data (for example for a mailshot) in each case and the reason must not be vague. In fact legitimate interests cover a broad range of business needs and are not nearly as restrictive as some people have made out. It's a legitimate interest for a company to want to market to people. You will need to assess and document your legitimate interests for each campaign.

The ICO provides a three-part test:

1. Purpose test: are you pursuing legitimate interests?
2. Necessity test: is the processing necessary for that purpose?
3. Balancing test: do the individual’s interests override the legitimate interests?

The ICO explains “The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, or IT security as potential legitimate interests, but this is not an exhaustive list. It also says that you have legitimate interests in disclosing information about possible criminal acts or security threats to the authorities."

See the Tiger GDPR Quickfire Guide for more information on Legitimate Interests and the other key elements of the new Act.

[cs_global_blocks block=”1297″]
The following two tabs change content below.
Leonie Savory
Leonie originally came to Tiger Law as our paralegal but entered into a Trainee Solicitor contract with us in late 2017. She recently completed 5 years part time study to attain a 2:1 in her LLB with Open University – a course she has combined with raising 2 children. She has now completed her legal training and was admitted to the Roll of Solicitors on 15 August 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *