Freestanding, Fixed and Folding Guardrail Systems
As seen in Part One [LINK HERE], the GDPR comes into force on the 25th May 2018 and affects ALL businesses that handle personal data for people within the EU.
What Is Not Included In The GDPR?
This means that you can still send out customer emails if they are for a relevant transaction or an existing business relationship can be established. For example, you may send a customer invoice without operating within GDPR requirements.
You might also wish to contact a customer individually about a particular offer or business relationship opportunity. This is possible IF the individual has not already specified they do not want to receive that type of communication.
You may, for example, state that pixels are used to improve the customer experience. You must still state that this information is collected even if you anonymise any data used, as in order to provide anonymity you will still need to handle personal data in the first place.
You should also include a ‘future marketing’ clause: this will help to cover you if you choose to add new marketing channels for your business. For example, if you don’t currently send direct mail campaigns, you might want to in the future.
Add a clause such as: “We may also use your information for other marketing types that are not listed above. Should we use your information for marketing purposes in a new way not listed above, you will be provided an opportunity to opt out at any time. You may also opt out of all marketing by contacting us.”
Understanding the Right To Be Forgotten
That last sentence in the example above is really important for GDPR compliance. The new regulations extend the ‘right to be forgotten’ for individuals. This means that a contact may request that ALL data held by you about them can be erased.
Should anybody explicitly state they do not want to receive any marketing communications from you, your business MUST comply with this request immediately.
The exception here is if you have transactional data, such as with an existing customer. When this happens, you must remove all non-essential information for the customer and remove them from marketing lists. You should then archive the transactional data on a separate, secure, encrypted (and ideally offline) database.
Disclaimer: The EU GDPR is a very complex legislation. We have provided a summary of the regulation but this does not constitute legal advice. If you have any questions about how the GDPR may affect your business, contact the Information Commissioner’s Office, handlers of GDPR within the UK.