Tips for getting ready for GDPR

Tips for getting ready for GDPR

1 - Re-examine any marketing campaigns to confirm they are compliant with the new legislation before the deadline.

2 - Under GDPR, a customer cannot automatically be opted-in, ensure any tick boxes in your website or marketing material are no longer automatically ticked and opted-in. You must give your customers the option to opt in or sign up should they wish, rather than opt out.

3 - Make sure your marketing material is purpose-specific, specify exactly what you are using a customer’s personal data for, be it market research, mailing list purposes, or whatever, so they know and understand exactly what they are opting-in to.

4 - Once a client has opted in, you must provide a way for them to unsubscribe, at any point, and this way must be clearly signposted.

5 - Keep a record of how your client’s consent was requested, captured and stored, in a manner that can be audited.

6 - Re-examine any existing marketing databases for all the above to ensure you comply with GDPR, how the information was gained previously has no bearing on the new legislation, consent must be obtained from the consumer, as well as the ability to opt out whenever they wish.

7 - For B2B (not B2C), the GDPR legislation recognises the concept of “legitimate interest” which covers those areas where you do not need to ask for permission to process data that you already hold about your customers. This includes contacting previous customers regarding other products and services you consider to be relevant: this would fall under legitimate interest and not require specific marketing consent, so long as the content is relevant, based on your previous interaction with the customer.

8 - Have a Privacy Policy noticeable by every visitor / customer and ensure the Privacy Policy is unambiguous as to its content, with particular reference to what personal data you process and how you process it.  

9 - Update your Website Terms and Conditions and Privacy Policy here.

10 - The above is not an exhaustive list and we also strongly recommend reading the explanation of the GDPR on the Information Commissioners website at