Get weekly
HubSpot updates
2018 is the most important year yet for data management. With the GDPR due to come into force in May, this is a crucial time for marketers when it comes to organising the way that customer details and lead data is handled.
However many marketers currently will not be handling their data correctly to comply with GDPR and there are some serious consequences for those who are not. So here are some reasons why your data handling may not be up to scratch and how you need to be.
You’re failing to ask for proper consent when collecting data from them
Some marketers have taken a fairly relaxed approach to consent in the past. This means you might be using pre-ticked consent boxes or that they are automatically opted in and you just ask for them to opt out. Also, another way you will be going wrong is that the consent you are currently gaining is for general overall marketing allowing you to send various of topics.
How consent has changed and how you need to be asking for it from your leads
The GDPR requires that consent is “freely given, specific, informed and unambiguous.” So, it is no longer acceptable to use the above methods of establishing permissions such as the pre-ticked consent box or opt out boxes. Instead they have to opt in and good practice would be that this is through giving them a choice between yes and no.
Also when it comes to general overall marketing the GDPR also requires consent on a granular level – therefore umbrella consent that covers a very broad spectrum won’t ensure compliance with the new regulation.
You also have to make sure that you offer the opportunity to refuse consent and that the giving of consent is a distinct and separate action, not one incorporated into general terms and conditions.
Your leads and customer data is from lists you’ve brought
The lists you obtain for marketing to currently don’t have the right level of consent or additional information you need to be compliant. The level of consent you have is to be able to market too broadly to them and not specifically giving them the option of what marketing content they are specifically choosing to hear about.
The information you will need if your going to buy lists for your data
The practice of buying leads is very common in marketing. However, on top of the fact that this is not good practice for finding good quality leads this will also raise some serious issues when it comes to GDPR compliant consent. This is because when buying leads you still have to show that you’ve obtained consent from that lead and all the other relevant information GDPR requires you to have about a piece of personal data such as consent dates which is something that you either can’t retain from purchased lists or be sure that the information is reliable from the source your recieve it. So, if you’re looking at buying leads ask yourself if it’s really worth it.
You’re storing your leads and customers data for too long and never gained these details up to GDPR compliance standard
Over the years you have thousands of contacts you’ve built up from the beginning and are now just sitting there as historic in-active leads or worse and there are ones you don’t even know how the contact got there and it’s purpose for being there. Up until now you’ve probably just forgotten about these contacts, ignoring them and just retaining them for the sake of it, because your not using them and it would take time to clear them up. Also because GDPR was never a factor when you gained these contacts you probably never bothered to obtain them by the GDPR requirements meaning these contacts no longer have given their consent up to the GDPR standard when it comes in.
The correct amount of time for storing data and how to make sure your historic data is up to GDPR compliance standard
As we’ve noted it’s very easy for data to get out of date, stored within marketing systems for years and forgotten about. However, the GDPR requires a much more proactive approach to data storage and although there is no defined set amount of time that you can only hold data for, it is outlined that you should set a reasonable cut off point for this historic data. This cut off point should be when the purpose of what they have consented to is no longer there, and that they have been inactive for a period of time.
Also when it comes to your historic data you need to ensure these leads and customers are asked to re-consent under the requirements of GDPR.
Your not giving your leads and contacts the chance to remove their data and then not deleting the data correctly once they ask
Currently you’re avoiding giving your leads and customers the chance to unsubscribe and be forgotten throughout your marketing strategy to them through either hiding this option very well or not including this at all. For those who wish to be forgotten your using suppression lists or ‘do not contact’ for storing their details.
How to make sure you are giving your leads the right to be forgotten and taking the correct action for deleting their data
With GDPR it has introduced a new ‘right to be forgotten,’ which means that users now have the right to ask for all their details to be deleted. Therefore if they request to be forgotten to do this you need to erase all information held about a specific user altogether, and in a timely manner as it won't be sufficient to mark someone as “do not contact” within a CRM. It also means you need to explicitly give the option to your leads to update their preferences and unsubscribe at any point.
You’re using an inefficient data storage to manage your leads and customers details
Many businesses use spreadsheets for data storage or keep details in word documents. You could also be using a variety of methods and therefore have data in all different places if you move data around from one to another. This presents a big problem, mainly because of the time it can take to find data or action something like the right to be forgotten as well as the functionality of older systems to record all the information that is needed for GDPR.
Manage the data with a clear data system
Therefore for those managing large volumes of leads and customer details efficiently this could require having an over system in place such as a CRM to make clear how this data is being managed. They allow for easy and fast access to client and customer information and giving a workforce clarity of the consent preferences they have given needed for GDPR. It also allows that data will be in one place and when asked to be forgotten you won’t have to go around the various different places you store data making sure they are deleted from everywhere.
Disclaimer: This guide serves as context to help you understand the GDPR. It is not legal advice, the legal information in it does not have any advice component to it and the guide should not be relied on as legal advice. If you’re looking for legal advice on GDPR compliance then you’ll need to speak to a specialist lawyer who can apply it to your specific circumstances.