GDPR. An opportunity to get cleaner, leaner and fighting fit!

GDPR, the new regulation governing personal data and, more importantly, our control over who uses our data and for what purpose, is coming into force on 25th May this year.

It tightens up the rules around contacting people. In general, businesses will need to get clear permission to market to people. This, at first may feel like a negative change, but actually when we sit down and think it through, it is actually very positive all round.


Personal control

On a personal level, we will all have much more control over our personal data, who is holding details on us and for what purpose. In time, we should only be contacted by businesses that we actually want to hear from. All hail the end of ‘junk messaging’!


Better quality leads

Flipping this round, from a business perspective, if you collect data in order to market to potential customers, you will find that your leads are of a much higher quality post GDPR. The people that have stated that they want you to hold their data and contact them actually do want you to do just that! You must ensure that you are only contacting people on the things they have opted in on (see below), but clean data and high quality leads are what good direct marketing is all about.


A quick overview on how to get started

1.The most important first step is to start the process of working out how you use data in your business now and how you think you may want to use it in the longer term.

2. You should then audit what data you are actually holding on individuals.

3. You then need to decide whether or not you actually need to hold the information and for what purpose.

4. Once you have established these points, you need to check whether you have the correct permission from that individual to use the data for the purpose that you intend. If you need to get permission, then now is the time to act to ask for that persmission.

5. Consent to what individuals are signing up to must be very clear, along with a transparent and easy opt out.


On top of your systems

GDPR will also give you the opportunity to get on top of your game in terms of your business processes:


  • Website security: If you are holding data on your website via marketing databases, details in order for customers to make transactions and so on, these details must be secure so your website security must be up to date and part of a well thought through plan. You should ensure that whoever is hosting your site provides regular and timely updates, that the security measures are sufficient for your business, the data you are holding and indeed your industry. You should also have a back up plan if things do go wrong.


  • The administrative process: In order to manage your data, you will need a robust and realistic administrative process. You will need to demonstrate that you are only holding the data that you actually need and that the consents are filed and clear in terms of what the individual is allowing you to contact them about and in what way. You will also need to include a clear path for dealing with the destruction of data following a cancellation/opt out of consent.



The end result?

Should be a cleaner, leaner and better functioning business! Use GDPR as the opportunity to get the wheels turning better throughout your business and to actually reach out to the real customer targets, rather than wasting time, effort and money contacting people who are not interested.


Now is the time to act.

A robust and workable system will take time to develop, so get started now – and remember, GDPR effects all information that you hold on individuals, so time to start clearing through those filing cabinets!


For our quick introduction to GDPR, read GDPR. Excuse me, what did you say?

For an overview from the Information Commissioner's Office on marketing and data protection, visit

For advice on how to manage your MailChimp lists, visit



March 2018