By now, you probably have received a few or a few too many emails asking you to confirm that you still like to hear from this or that company.
On 25th May 2018, a new EU directive, called GDPR, comes into place that more heavily regulates how we as businesses store information about people. For Swedish businesses, it isn't much more stringent than the current data protection legislation BUT it comes with heavy fines as penalties.
The directive is long and extremely hard to read (we had to read it....zzzzzz....) to to try to help you all so you don't need 400+ pages of legalese bedtime reading, here is a small snippet of it in as easy language as we could manage, that outlines the specific reasons you can store information about someone and contact them.
The directive provides six reasons that you need to choose from if you want to store someone's personal information (and if their email address has their name in it, that counts):
(a) the person has specifically given consent to the processing of their personal data for one or more specific purposes;
(b) you need to keep their details and contact them in relation to work you are doing for or in relation to them or in order to do something that they have asked for before entering into a contract;
(c) you need to keep their details because the law says you must;
(d) you need to keep their details in order to protect their or someone else's vital interests;
(e) you need to keep their details so you can carry out a task in the public interest or for official authority;
(f) you need to keep their details for the purposes of the legitimate interests by you or by a third party, except where they are overridden by the fundamental rights and freedoms of the person which require protection of personal data, in particular where the person is a child.
Many companies are focusing on getting the consent of their contacts to continue sending them marketing emails, for example. However, the GDPR clearly states that direct marketing is an allowable 'legitimate interest' for choosing reason (f) above and therefore you don't actually need a person's explicit consent to email them something salesy. You do, however, need to make it very easy for them to ask you to stop emailing them and, if they do, stop immediately. You also must delete old contact information - if you aren't actively marketing to a contact and can't show any other reason from the list above that you should keep their details, get rid of them
What does your contacts list look like? Do you use a CRM system? If a contact asked you to provide all the information they can soon ask for to show how you are handling their information, could you?
If you need help with any GDPR issues or have questions, get in touch with us at My Own Marketing Coach here and/or contact Shadi Amundin, Special Counsel at Cederwalls International Law Firm on Shadi (AT) cederwalls.com or +46 (0)707 75 63 55.
Find our thoughts on everything to do with small business marketing here.