The General Data Protection Regulation (GDPR) will come in to force on 25th May 2018. The regulation will make companies more accountable for the data they hold. As a business owner, it’s your responsibility to prepare for GDPR and be ready to comply with the regulations by May 25th 2018. Here are a few pointers to help you with the first and very important step of carrying out your data audit.
What data do you hold?
Depending on your business and how you communicate with subscribers, the data you hold will differ. You may only hold an email address and communicate through emails. You may hold more detailed profiles which can include sensitive information (bank details, national insurance numbers etc). When you’re auditing your lists, make a note the data you’re holding, and record why you have it and if you use it, what do you use it for?
Where does this data come from?
It’s important to map out how you got this information. Are they a customer? Did they give you their business card at a trade or networking event? Are they leads generated from a third party? However you procured the data, you must make it clear to the subscriber that you keep their data, and how you plan to use it. If you got the information from a third party, the likelihood is that the subject doesn’t know you have it, and certainly didn’t give you permission to store it. To be compliant with GDPR, you should remove all non-consensual information from your database.
How often do you communicate with your database?
When auditing your database, you should note how frequently you communicate, and who you’re communicating with. Do you communicate to your whole database collectively? Typically, businesses organise their data into lists and store it separately. If so, what do you communicate to each list and how often?
How do you manage your lists?
To be compliant with GDPR, you need to know exactly where lists are kept and how they are managed. For example, how do you manage the information of those who have chosen to ‘opt-out’?
During this audit, it will become clear that some contacts are more engaged than others. The most engaged leads are those who respond to or interact with your communications by reading your emails, clicking on links or contacting you in response.
If a lead hasn’t reacted to your communication in a reasonable time (often 2 years), it’s reasonable to remove their information from your database.
Not only will the audit of your database ensure you’re complying to the General Data Protection Act, it will also help you target your communications more effectively by targeting an engaged audience, and lessen the mass of unwanted emails sent per day. As we so often say – it’s quality over quantity and rather than being feared, GDPR should be seen as a tool to enact this.
For any help or advice with your GDPR audit, contact us here.