Blog

GDPR Part 1: How to Prepare Your Database for the General Data Protection Regulation

GDPR Part 1: How to Prepare Your Database for the General Data Protection Regulation

In this first in a series of step-by-step guides taking you through the stages of preparation for GDPR (the General Data Protection Regulation), we’re going to look at your marketing database and what opt-in work needs to be done before GDPR becomes law in May 2018. One key fundamental to all of the steps we’ll outline is the need to document everything. A clear record of all of the work you’ve undertaken to prepare for GDPR will help you to demonstrate compliance, should the need arise.

NOTE: SEEK LEGAL ADVICE! We are not certified in law and GDPR is a complicated issue with business-critical ramifications. This guide is meant as a starting point. Please seek qualified legal advice in respect of all GDPR compliance responsibilities and issues.

Opt-in will be critical to GDPR compliance. Put simply, you must be able to prove that the people you hold data on, and market to, have given their permission. You will no longer be able to rely on soft opt-in (i.e. sending an unsolicited email with an ‘unsubscribe’ option). This permission must be ‘refreshed’ regularly, and we’ll look at that process during this series of posts.

Opt-in Segmentation Your database is likely to be composed of contacts from all kinds of sources. Some you may have purchased, others gathered from typical sources, such as:

  • Trade shows, conferences, seminars etc.
  • Salespeople’s contacts
  • Lapsed customers
  • Existing customers
  • Referrals
  • Website registrants (people who have filled out forms on your website).

You need to group these contacts (ideally via custom lists in your CRM system) into those who have opted-in (not soft opt-in, see above) and those who haven’t.

As part of this process, you must be clear in your records what exactly each group has opted in to. This can be trickier than it sounds, as you may not have included explicit information about this on your forms. Check your Privacy Policy too (we’ll be looking at this in detail in a future post). If you don’t have this information, make a note. As part of a later post, we’re going to build a process to qualify all contacts into either opt-in, or opt-out, and this will include establishing some clear parameters around what sorts of marketing communication (and on what subject) individuals are opting into.

If you have a group of contacts with clear, recent (past 6 - 12 months as a rule-of-thumb) opt-in then great.

Contacts that have opted in, but haven’t engaged with you in over 12 months should have their opt-in refreshed.

Want to supercharge your GDPR compliance? Click below to find out about our GDPR Opt-in Accelerator.

Previous article Next article
Previous article Next article