There are a lot of rumours flying around the business community about the requirements of GDPR in terms of getting the consent of individuals to using their data. In fact, as the virtual assistant team at Oneresource has been going through the legislation and preparing its own policies and procedures, it seems that, for most businesses, things are much simpler than they seem..
“You do not need to automatically refresh all existing consents in preparation for the new law. But the GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent. Where you have an existing relationship with customers who have purchased goods or services from you it may not be necessary to obtain fresh consent.” Steve Wood, Deputy Commissioner for Policy, Information Commissioner’s Office.
So why am I getting so many emails?
It’s true that our inboxes are currently flooded with anxious emails from companies begging us to keep in touch – no business wants to lose its valuable contact database. But it could be that many of these companies are erring on the side of caution, rather than doing what is specifically required by the GDPR rules. It all depends on how you have collected that data and under what circumstances – and how you will be using it. For example, if you are a service provider, like a virtual assistant support company – or anyone who deals with other companies’ data, you’ll need to make sure you have all the provisions in place to protect and store that data properly.
It’s important to remember that ‘consent’ is just one of six reasons you can use under GDPR to collect data:
- Contract – you can use this reason if you need to process personal data to fulfil a contract, for example where you need to store someone’s name and address to send them goods that they have ordered from you
- Legal obligation – you can use this reason if you need to process personal data to comply with a law or statutory obligation, for example certain employee data which you are required to store under UK law as an employer.
- Vital interests – you can use this reason if you need to process personal data to protect someone’s life.
- Public task – you can use this reason if you need to process personal data ‘in the exercise of official authority’ or to perform a legal task that is in the public interest.
- Legitimate interest – you can use this reason if you have a legitimate business reason to use or store the data and you are using personal data in a way that an individual would reasonably expect and which has a minimal impact on individual privacy.
There is more to each of these bases of data collection and management, so you should read the full descriptions on the Information Commissioner’s Office website, or seek specific legal advice.
Your chance to be more targeted
GDPR actually gives you the opportunity to ensure you are only talking to the people that really want to hear from you. Rather than just adding everyone from that networking event to your database without having a clue whether they’re interested in what you do – or which part of your business will benefit them, you now have the chance to tidy up your database, work out those people you can legitimately contact, those you want to get new permissions from and those you can just delete.
Ask your website agency or web virtual assistant to set up a clear sign-up to your website or other marketing materials that allow potential customers to sign up if they want to, and make it clear what they’re signing up for, and how they can unsubscribe and ask for their data to be removed. You’ll be much more focused on the people who are truly interested in what you do, and you’ll be confident that you’ve acquired the data in compliance with GDPR.
If you’re worried about the time it might take to sort out your current database, it might be worth enlisting the help of a professional virtual assistant. A virtual pa agency that is already prepared for GDPR, understands the issues and basis of consent, and has policies in place to make sure they deal with your business data under GDPR rules could save you a huge amount of time, money and stress.
You can read more GDPR tips from the virtual assistant team by checking out the rest of our series – and if you need help with managing your database or email marketing management, feel free to call us on 0800 994 9016 or use our contact form in the menu above.