4 reasons not to worry about GDPR
As I sit down to write this I’ve received yet another email with quite an appropriate heading:
“We are getting GDPR ready hell”
In fact hello had been cut off.
If you are sitting there thinking I need to email everyone in my life to find out if they want to talk to me, read this before you act and hopefully it will help.
Evolution not revolution
The ICO (Information Commissioner’s Office) talk about this being evolution not revolution so if you have been looking after data safely up until now then you should be OK and beware the scaremongers, too many, I think, are looking to make money from fear or just like spreading fear and misery.
- Getting data from people you meet is OK
You can continue to exchange business cards and put people you meet at networking on your email list. I have always politely asked people if they want to be on my list. One way to remember is to develop a specialist list then you need to ask if they want to be on that rather than your general list and it will prompt you to ask.
- Consider legitimate interest before rushing to consent
“Legitimate Interest” is fine rather than consent to keep hold of people’s contact information. This is what the ICO say about it:
“A wide range of interests may be legitimate interests. They can be your own interests or the interests of third parties, and commercial interests as well as wider societal benefits. They may be compelling or trivial, but trivial interests may be more easily overridden in the balancing test.
The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, or IT security as potential legitimate interests, but this is not an exhaustive list. It also says that you have a legitimate interest in disclosing information about possible criminal acts or security threats to the authorities.
‘Necessary’ means that the processing must be a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result.
You must balance your interests against the individual’s interests. In particular, if they would not reasonably expect you to use data in that way, or it would cause them unwarranted harm, their interests are likely to override yours. However, your interests do not always have to align with the individual’s interests. If there is a conflict, your interests can still prevail as long as there is a clear justification for the impact on the individual.”
In plain language this means if in the past you got someone’s contact information because they were a client or expressed an interest or you met them in a business context and have kept in touch then this is a legitimate interest and don’t fret about consent and emailing everyone.
4. Simple good practise should be enough:
- Make it easy to unsubscribe, we even put it in the bottom of our emails
- Don’t assume people want to get your stuff on any web form, they need to positively tick and say what they want
- Check with your web developer that your website privacy notice is GDPR compliant
- Work out where you hold data and have a system for getting people off your data records if they request it
- Only ask for information you need
- Password protect phones and computers if you have immediate access into your database once they are on
Hope this helps, Solopreneur Growth Club is all about changing information and experience into practical advice for people who run businesses often on their own. If you want to find out more about how to access on-going business skills sessions and support click here.