What One Marketer Is Doing To Prepare for The ‘GDPR' Madness
The GDPR is the current buzzword and I am sure many international businesses are currently feeling a lot of frustration towards the Europeans for implementing such a regulation. Having said that, this is something that will affect a lot of businesses globally whether you like it or not and after the whole Cambridge Analytica scandal, I don’t think it’s such a bad idea.
Let me start by saying this is NOT a guide on how you should implement GDPR in your business. If I had to list everything that I had to implement, this would be an eBook. This is just highlighting some of the main things I have been asked and I thought that may others could benefit from this information.
What is GDPR?
This law applies if the data processor (a person/company who collects data), data controller (a person who processes data) or data subject (person who is providing data) is based in the EU. This means, even if you’re not in the EU (European Union), if you have clients in the EU, it is important that you pay attention to this change in legislation.
Yes, I know what you’re thinking, maybe you could just block your site from being accessed from Europe or delete all your European email subscribers. I’m sure this may be an option but is it really the right one?
The GDPR regulation applied to most types of information you are collection which also include:
- Email Address
- Account Details
- IP Addresses
- More intimate details ( i.e. sexual orientation)
What does GDPR ‘actually’ Mean for Marketers?
Well for starters, no more collecting unnecessary data and using data how you see fit without getting clear consent from subscribers and customers.
This is an important time more than ever to ensure that as a marketer, you ensure that your privacy policies are up to date and ensure that when someone visits your site or sales funnel, they understand exactly how their information is going to be using.
With all the scandals that have been going on so far, you can believe that consumers are going to be more vigilant about who they do business with and if they choose to visit your site and prefer not to tracked by your cookies, there should be a clear and transparent way for them to opt out of any and all communications.
As A Marketer, What Am I Doing?
I see a lot of digital business owners freaking out and panicking about what to do. Depending on your systems and processes, there may be a lot for you to do, or there may be very little. I couldn’t say because I do not know your business.
What I can do is share some of the steps that I have taken to ensure that I am up to date with what I believe is required from me as a business owner and it may help you take the necessary steps to fill the gap in your processes or get started (if you have not already).
Join A GDPR Facebook Group
One of the first things I did was join a GDPR Facebook Group run by a UK Lawyer and GDPR expert ‘Suzanne Dibble’.
The thing about the online world is that it is full of a lot of self proclaimed experts. When it comes to ensuring that your business is ready for the GDPR, you can not take any chances. I knew I needed an expert and Suzanne is your girl!
She has an untold about of free Facebook Lives in her group and you’ll find that most questions have been asked and answered in this group. If you think you’re the only one who is confused, think again.
I Purchased Suzanne Dibbles GDPR Compliance Pack
When it comes to Time vs. Money, for me, time always wins. I am normally quite resourceful and savvy but as my business grows, the logical thing for me is not to try and figure it all out myself but to pay for a solution.
Suzanne crafted this super useful pack that has all the legal templates you need to ensure that you get compliant in time. All I had to do is customise the templates to my business and I was good to go. I most probably saved hours, if not days purchasing the pack.
You can purchase your pack here for £197
Not only can you look forward to her done for you templates, but you can also look forward to video walkthroughs helping you complete all the relevant documents.
Reviewed Support From My Local Business Community
If you haven’t already, I would check to see if you are a member of any organisations that may offer you free legal advice. For a moment, I forgot I had an active membership with the FSB (Federation of Small Businesses). If you are in the UK, you will have most certainly heard of the FSB.
They understand the struggle that small businesses face and created a membership that would help us receive discounts from some of the most common this we would need.
The FSB have templates for almost anything and have a free legal helpline for members. I was pleased to see that they provided GDPR templates and checklists for their members. If you want to pay for something that will help your business long term AND you’re in the UK, the FSB Membership is something you should definitely consider.
Deleted My Email Subscribers
Yes, you read right. I have a good reason though. Since I went full time in my business in September 2016, my business has gone through many changes and I have offered many things. I knew what I was offering now did not resonate with my list.
How could I really know this?
Well, when your open rates from from 40-60% down to 10-20%, you know there’s a disconnect somewhere. My purpose is to serve people that I know I can help and that does not include everybody so I took this as a sign to refresh my list and start again.
Going forward, when collecting email addresses, I ensure that I am obtaining relevant permission to email them on a regular basis. This is something that I have always done so it wasn’t a big change. I have always used double opt-in and did consider removing it, but this is no longer a consideration for me.
How many of you are guilty of getting a privacy and cookie template, filling in the blanks and never looking at it again?
Yep, my hand is up. All the way up.
Here’s why this is dangerous; as your business grows, so do your marketing strategies. Maybe you were not doing pay advertising before but you are now, but when you start doing paid advertising, are you updating your policies to reflect this change?
I must admit, I did before but then it was one of those things I always said ‘I would get round to it later’. Well this isn’t good enough. This was one of those Time vs. Money scenarios once again and I needed to find a paid solution that would take care of this for me. I had two options;
- Pay a VA to update the policies for me once I have the legal working
- Install Cookie Bot.
Guess which one I picked? I’ll tell you why…
If you have less than 100 pages, Cookiebot is free. If the number of pages you have exceeds 100 but less than 500 pages, you pay £8 a month and the price increases there on. If you’re not too sure how many pages you have, you can request the Cookiebot do a free update, they will tell you if you are compliant and if not, they will let you know where you fall short. They will then let you know how many pages you have a quote you based on that.
It seems invasive but if gives viewers all the information they need to make an informed decision about the information that I collect on my website and they have the option of unchecking options of pressing OK to confirm they are happy with me using cookies.
The disclaimer is completely customisable so you can change the text and colours, but I like to keep things simple and kept it as is.
I Purchased GDPR Tracker
I love checklists. They help me feel some sense of order and completion. It’s my way of ensuring everything is done. I do this with my clients and tasks in my personal and business life. When I saw GDPR Tracker appear on AppSumo, I was a bit skeptical. I waited a while to see the reviews come through before making judgement as to whether I should purchase it or not.
The tracker is literally a checklist with guidelines explaining exactly what you documents you need and also allows you to store the completed documents online. They also have templates and a Facebook Group for all members with GDPR Consultants ready and waiting to support you.
At the time of purchasing from AppSumo, it was $49 for a lifetime deal but if you do not purchase from AppSumo, the cost of the software is £29 a month. It’s a small price to pay to ensure that you remain compliant.
You can also use the GDPR tracker for more than on business but I do believe this incurs an additional cost.
The one thing I like about the GDPR tracker is the ability to ensure that if we are working on the GDPR as part of a team, everyone’s actions can be tracked using the tracker, so there is no wondering what has been completed and what has not been completed.
One thing I think we can all agree on is our lack of energy or patience to look deep into the small print that people add it contracts. Right?
Do you have to do this? Absolutely not. This is something that I choose to do for my own business reasons.
I Think Twice About The Information That I Collect
Normally I do not collect that much information when collecting information from leads or customers, but it has made me think twice about everything that I may need.
When collecting leads for lead generation, if someone is downloading a lead magnet, I know I do not need more than a name and email address. If it’s lead generation for a done for you client, I may also need a telephone number and country of residence so that I can communicate with them at a suitable hour.
If a digital product is being purchased from me, I will need the country and address for tax purposes. I am VAT Registered so I need to ensure I am paying the right tax if someone from a European country purchases my digital product.
Similarly, if I am selling a physical product, I will ofcourse need a shipping address to send the item to.
If I am working with a done for you client, I will be collecting a name, address, sometimes position in the company if the owner is not hiring me directly, account details (sometimes bank account details or card details), telephone numbers and credentials to access certain accounts.
If a client sends me something that I do not need, I am deleting it immediately and informing the client that I have deleted it and why.
I Reviewed All My Current Services
As an online marketer, it can sometimes be a habit purchasing software for the sake of it. Some of us are smart enough to cancel services when we do not need them and some of us keep subscriptions running and waste a ton of money doing so.
One thing to take into consideration is whether some of the services you are using are getting prepared or are prepared for GDPR compliance. If not, it’s time to start considering whether I need to move services.
I reviewed everything; G Suite, ConvertKit, Drip, Google Analytics, WordPress Plugins etc. I have a list of every single service I have signed up for so it was pretty easy for me to check off everything on a checklist once checks have been done. It’s also a task you can delegate to a VA as long as you have told them exactly what you are looking for.
I Am Using Drip For My Ongoing Communications
What I am about to share with you in not only available in Drip. Active Campaign has this feature also as well as a few other Email Service Providers. There are not many that provide this feature though!
When your business begins using Facebook Ads, you are able to upload custom audiences. Custom audiences include you being able to upload email lists. This is so important when doing things like retargeting.
For most businesses, you have to upload a CSV and any time you your list changes, you will have to reupload again and again. How annoying does this get eventually? I know for me its absolutely frustrating.
Drip integrates with Facebook custom audiences directly. This means no more fiddling around with 100’s of versions of CSV files. Can you imagine how cumbersome this can be for companies with hundreds of thousands of contacts? I have had to do it for companies this large and I can tell you, it was no fun.
Even before GDPR, if someone requested to be removed from communications and asked you to remove their details from their database, you would more or less have to reupload a new CSV without that person’s contact details.
With Drip now being able to integrate with Facebook Custom audiences, if a person unsubscribes, they are automatically removed from the custom audience also.
You need to ensure that if someone requests to be removed, you removed them from EVERYWHERE. No exceptions. You’ve got to respect other people’s data like you would want them to respect your own. If you’re not meant to have the data, delete it.
I Reviewed All My Storage Solutions
I store things everywhere. I do not live alone I needed to make sure that client data could not get into the wrong hands. Even if data is exposed by accident, as the data controller and data processor, I am responsible for anything on my machine that belongs to a client, or subscriber.
I ensured that my MacBook Pro and iMac was appropriately encrypted. For all the hardware nerds out there, this may be a silly thought but I am all about Software. I do not know anything about hardware so it meant me relying on experts in this field. Luckily my husband works for HUGE organisations and he is responsible for the technical implementation of GDPR so I had him to ask. I also have a developer on my team who was able to help me answer these questions.
Case in point, if you are not sure. Ask an expert.
I also erased all my tablets to ensure there was no client data as my children like to use my tablets and ensured that my machines are password protected. My children are not allowed to use my machines. My eldest son has his own laptop and I think it’s just safer this way when you have children as things can happen by ‘accident’. I don’t really want to pay fines for ‘accidents’ that could have been prevented.
Not only this but as part of GDPR, you need to ensure that you can let clients know where their data is being store. This meant finding out where most of the SAAS apps I use are using data within Europe or outside Europe. I only knew this for some SAAS applications and not all.
Deleted Any Old Client Data
I am one of those people that will store data just incase. But here’s the thing, if I have not heard from a past client in the last 12 months, chances are I may not hear from them again. I have had clients reach out to me to ask if I still have something but in light of the new rules, my new rule is going to be the following;
- When a client is onboarded, they will be assigned a Google Drive folder. All and any documents will be stored in this folder. No exceptions.
- Any logins that are not provided to me via lastpass (and stored in their old folder) will go into a file in a folder.
- Once time with the client has elapsed, when offboarding, the client will be given 30 days notice via email to remove any files that they need from the Google Drive folder. Anything that remains after 30 days will be deleted.
- After deleting, the client will be given confirmation that all files have been removed and if I still retain any details (i.e. email for marketing purposes), they will be informed of this and given instructions of how to be removed from communications, should they choose to do so.
My rule going forward is; If you don’t need it, Why keep it?
This is my strategy, this was not recommended to me by any experts but feel free to implement something similar in your business if you wish and it makes legal sense.
I Reviewed My Hiring Process
This one was interesting for me. If I am working with an employee that will be handling client data for me (i.e. helping me with email marketing, advertising or anything that involves them handling or processing client data), they will also need to be GDPR compliant.
This rule was going to be a massive issue for me because I know most people are not GDPR compliant as most of the people I work with are US bound and do not really have any UK/European clients.
I Renewed My Licence With The ICO (Information Commissioner's Office)
With my main services being Facebook Ads and Pinterest Ads, I knew I would be handing client data; whether for me or for clients so it was imperative that I registered with the ICO to prove that I have taken measures to ensure I am handling and storing data appropriately.
I do not believe this is a requirement for companies outside of the UK but if you are in the UK and handling client data, this is compulsory.
ONLY Listen To Experts
I must stress the importance of only listening to experts. The GDPR is a big deal. It’s not as bad as people have made it out to seem but it’s something that shouldn’t be ignored. When on the quest for information, you must be careful where you are taking your information from.
There are hefty fines for businesses who do not comply. You may be thinking that your business is too small for anyone to pay attention but all it takes is for you to handle one customer situation wrongly and it could all blow up in your face.
A fine is a fine and you do not want to be the example.
Treat your customers data with respect, follow the rules as best as you can. Do the right thing and only take information from trusted resources.
Here are some resources I recommend you start with and use your due diligence when looking at other resources.
How have you prepped for GDPR and can you share any tips with me that I may not have thought of?