How to make the most of GDPR

Station stairs

There's no doubt that concerns over GDPR are now starting to become more urgent for our clients as the regulation comes into full effect on May 25th.

I've been doing a lot of reading and attending events on GDPR so feel somewhat informed now and can share some headlines that I hope will be of use to Comms and Marketing people working in charities. There are many aspects to GDPR but my focus is here is how this might affect the way in which charities can work with their digital agency suppliers to make the most of the GDPR opportunity.

At this point, you might be questioning my use of the word 'opportunity' but this is carefully chosen. GDPR will certainly make life more exacting; it's also likely to reduce your marketing lists; and frankly your exposure to risk associated with non compliance are also raised. That said, there are many positives. First, it'll keep down spam for all of us - that's a real bonus! Second, it gives us all a chance to re-engage with our audience. Finally, it gives us an opportunity to rethink how we handle lists and ask how important it is to maintain very large datasets if they aren't working. Why keep a list of 10,000 users who are largely historical and disengaged - wouldn't it be better to have a really useful list of only half that number? Smaller but properly targeted lists are easier to segment, easier to manage and more likely to elicit meaniingful response.

That said, there are a number of practical things we all need to do with GDPR. You first task is review your current sign up processes and make sure you have proper informed consent - it's likely you'll need to contact your users again (as I say, this is an opportunity!).

Secondly, review your privacy policy and all the processes you have in place to handle your data. Don't forget, GDPR widens your responsibility to properly manage your data. This means you may now be responsible for how your suppliers handle data - the so-called 'chain of blame'! Check their data handling policies, check your hosting, check everything about the supply chain. Yes, this is work but equally it gives you an opportunity to improve your data handling generally. If your suppliers can't assure you that they are compliant, you'll need to move to ones who can. Now make sure you have a clear policy on how long you keep data, what you plan to do with it, exactly why you need it.

My key takeaway from my research into GDPR is that it provides an opportunity to review processes, properly tighten privacy and data handling and to think of ways of re-engaging with your audience.

There's been a lot of scare-mongering about GDPR due to the threat of punitive fines. But in point of fact, my understanding is that essentially all we are being asked to do is put in more reasonable steps to improve how we use our marketing lists. It is not a big stick to beat us all. If we speak to someone, exchange business cards or someone expresses 'legitimate interest' in what we're doing, we're still free to contact them, just not add them onto an email marketing campaign. That sounds fair enough, doesn't it?