April 28, 2018

The GDPR: Taking Baby Steps

Nowadays, you're either a GDPR expert or you're scared silly about this whole business. We don't claim to fit into either category, but because we work with plenty of SMEs, we thought we'd share with you the steps we've taken to become GDPR compliant. It's worth noting that we are not experts, and that those recruiters and business coaches attempting to teach you about GDPR compliance aren't experts either, despite how flash and sparkly they might seem. So, without further ado, here's a list of what we've been up to lately and how you can implement those same changes to begin taking those baby steps...

Your Mailing List

Can you remember where every single email address on your mailing list came from? Did every single person on there give their expressed consent to receive your marketing emails?
We'll hazard a guess here and say the answer is "probably not".

Of course, this means that with the GDPR coming in, all of those contacts are going to need to be purged from your system. Scary as that sounds, that makes this the perfect opportunity for a good Spring clean! Going from a list of 2,000 to 80 might be a bit of a daunting prospect, but consider the number of people on your current list who never open your emails - with them gone, your open rates will skyrocket! If you're struggling to get this purge going on your own, contact us today to find out more about our Purge Package for just £90 +VAT.

Physical Filing

We can't tell you how to manage your reception desk or CCTV, but here's what we've been up to in our own little cosy office...

We try not to keep any physical copies of documents as a part of our commitment to sustainability, however we've recently put aside a day to go through everything we've got filed away, and if it wasn't necessary to keep it, we've shredded it. Our enormous collection of business cards (unless we've dealt with the person on the card within the past 3 months) has been shredded too, and our local animal shelter is absolutely delighted, as their small animals are making excellent use of the shredded paper!

If you don't need it, shred it. Little animals will love you, you'll be GDPR compliant, and think about the spectacular space you'll free up in your office!

Data Encryption

What does your email address look like? If it ends with gmail.com, outlook.com, or (goodness forbid!), aol.com, your inbox isn't safe, and to tell you the truth, potential clients might not be taking you seriously. After all, how many times have you received a dodgy email from a gmail.com address?

There are several ways to combat this, and we recommend the following:

  • GSuite
  • Office 365
  • Protonmail (free!)

All of these options are encrypted, so anything you share via email will be safe. We still recommend sharing particularly sensitive data (medical info, passwords, etc.) using a third-party encryption service, because when it comes to remaining GDPR compliant you're always better off covering your back three times more than you think you should. When we exchange log in details with our clients, we use Send Safely, which promises end to end encryption, and the free service offers just what we need.

If you use your phone for business, ensure that it's password protected and that if your children play games on a phone, it's not your business one. It only takes one accidental tap to forward on sensitive information to the wrong person!

When it comes to information on your laptop, always make sure that your data is encrypted - this is very easy to do, but every device is different. Just search for "[Your Laptop Model] + Encryption" on Google to find out how to make sure that you're safe. Our top tip for encrypting data on a laptop is to save sensitive information to an external hard drive and encrypt that. It's much more difficult to get into an encrypted external hard drive than it is to access "My Documents", so it's the perfect way of adding that extra level of security.

Website Content

If you've got a contact form on your website, you'll need to speak to your webmaster and find out whether or not it's GDPR-compliant. Plenty of free WordPress contact form plugins store data on servers that might be readable by third parties, and therefore they aren't GDPR-compliant and neither are you if you use them.

When we develop websites (which we've been doing rather a lot lately), our go-to plugin is WP Forms. If your webmaster isn't sure about the compliance of your plugin, we recommend switching over to WP Forms, as they're so super compliant, they've even written a blog about it!

The Right To Be Forgotten

When the GDPR sets in, if someone emails or writes to you to request a copy of the info you hold on them, you must comply. This also means that you can request this same info from anybody else, and they'll need to comply too.

The right to be forgotten means that if someone requests that you purge their info and never contact them again, you've got to comply with that too. With this in place, we should all (hopefully!) be seeing a lot less SPAM!

Cold Emailing

Nobody appreciates a cold email now, but when the GDPR sets in, those angry responses will be getting more and more frequent.

Here's the thing: everybody will give you a different answer when you ask them about cold emailing under the GDPR, and you'll probably be sent in circles trying to work out what you should be doing.

What do we say? As marketers, we love a cleverly devised cold email, and we don't believe that the GDPR is the end of cold emailing. What we will say though, is that Ian and Sandra and Bill don't want to receive your emails to their personal addresses at work. Even if it is "Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject", chances are you're probably stretching the truth a little there, and personal addresses at work still contain personally identifiable information. I recently received an email from someone who was trying to sell me marketing services, and he used that line. As someone who operates a marketing company, outsourcing my marketing probably isn't a legitimate enough interest for him to have emailed me at my personal work address.

Cold emailing isn't dead as long as you do it right. Send your emails to the standard address rather than to an individual. hello@, desk@, info@ - that sort of thing.

If you need a helping hand or you'd like a friendly talk on GDPR for your biz, get in touch!


Stay up to date with all things WestCoastCo, and we'll even throw in a tasty special offer or two. Sign up to our newsletter now!
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram