WOW – lots of people looked at our blog last week – did we touch a nerve? or time it right? maybe provide something really useful? We hope so… So last week we looked at some principles to remember when you are using personal data. This week it’s : GDPR your actions list.
What do you actually DO to make this work?
GDPR your actions list:
- Before you attend
Is your website GDPR complaint? – Do you have a good privacy policy which is GDPR complaint and a ‘contact us’ page that allows the customer to opt in to receive information and offers from you with a clear consent box to tick (not pre populated….) to ensure that active and informed consent is given?
If you need help with this you could view our GDPR starter pack which includes template privacy policy and a guide to help you.
- At the event
How are you going to collect the data from these new customers/clients/contacts?
Collecting business cards, with telephone and email details?
Get them to sign a sheet which includes not only their contact details but a box to tick to opt in to receive your discounts, offers and emails or newsletters is ideal – can that work practically at the event you are going to? Can you offer an incentive to sign up? A prize draw? A discount code? Don’t make the prize too fabulous – you don’t want to be caught out by the Bribery Act, but a small gift or voucher is perfect, low value and an interesting relevant product.
Can you make this electronic? – Lots of exhibitors now use iPad and phones to get customers to part with their contact details – does this process include a clear consent box to tick or agree with options?
Do NOT have a long list on a clipboard so everyone can see everyone else’s details and information. Separate slips of paper, or customised postcards with sign up options to tick or complete, work well and most simply.
You need evidence of the consent for later if there is a question about whether they gave that consent and how from the client or the ICO ( the ‘data police’ for enforcement purposes…)
- After the event
Once you get that box of cards or bag of reply slips home – how do you follow them up? Social media invites – should all be covered by the GDPR and privacy policies of the various social media platforms so probably you are OK to do this, without any additional consent. But make it worthwhile – a connection just to have more followers who are entirely disinterested in your business is pointless.
A short email – ‘thanks for meeting with us .. here’s our site, please sign up for your offers/news etc’ could be easily classed a legitimate business interest – NOTE: this means 1 email – not 10, when the first 9 are ignored.….
Do not be tempted to cc all your collected email address in one fell swoop later, thanking them for coming – we’ve seen it happen, honestly! This is a huge no-no. Even be careful with bcc’ing – it looks lazy – and is so easy to make a mistake – but probably complies with your GDPR obligations.
If they do come back and seek your services, you have a basis for processing. If they come back and consent to be on your mailing list, add them to the database if you hear nothing more – no follow up is really acceptable unless you can show a legitimate interest – document this!! Have proof if you are challenged that you have thought it through.
Next week we look at what happens after you get them on board…what’s the important stuff to batten down, once they are a client? If you need any help with this please do get in touch with us