Our Welcome to GDPR
Have you ever wondered why GDPR compliance is described as “such a nightmare” by some business owners, and yet others don’t really seem that bothered by it? Are you sick and tired of having hundreds of "well meaning advisers" give a million different pointers and suggested actions about what you SHOULD be doing in order to comply with the GDPR? The bad news is that you’re not alone. We deal with many businesses. We know there is so much confusion and frustrating conflicting advice out there on what to do to make sure the data protection authorities don’t come a-knocking-at-your-door.
We noticed the problem. We’ve had to work through the solution with our own clients. And we’ve found that GDPR compliance is achievable in seven simple steps which we are going to go through in this article. This is the fastest, most manageable route to addressing all the Articles laid out in the European Union’s General Data Protection Regulation. And now we’ve laid them out in a timescale that shouldn’t affect the day to day running of your business.
Pleased to meet you, my name is James Forbear and I am a marketer. Many businesses trust me with their digital content strategy and advertising. This is often the primary way they generate new business. We couldn’t afford for any of our clients to be legally exposed by following marketing practices that trigger a complaints from data subjects, (which is anyone from Europe and also the UK now GDPR is being integrated into the new DPA.) I have practical experience of doing this stuff every day for my clients, but I am not a legal professional. So our digital agency partnered with BEB, an outstanding company offering Contracting and Legal Services to businesses throughout the UK in industries ranging from massive Engineering firms right down to personal trainers. You’ll be meeting Kerry and Hazel from BEB later on and they will steer you through some of the often misunderstood minefields surrounding the legal compliance side of GDPR. And my marketing colleague Kam from Energise will also be chiming in on a few issues centred around the problems facing businesses who want to continue to market effectively.
Together, we have the legal and marketing experience to be able to tackle any problem or specific set of circumstances. And we want to make you compliant in a way that doesn’t damage your bottom line. Unfortunately, a lot of the “advice” out there is not practical for real world situations, whereby being in business depends on remaining profitable.
So, we’ve said that achieving GDPR compliance can be done in seven simple steps. In this section we will go through each one and break it down into what you need to do. Like any seemingly complex problem or daunting task, once you break it down into its component elements, it starts to become way more achievable. We’ve also had a lot of real world experience of working toward the job of compliance with actual functioning businesses. We take you through these steps in our free course… they are as follows;
- Introduce the IDEA of GDPR (and realise the opportunity)
- Understand GDPR (the terms used and the main players)
- Prepare for Compliance (start to visualise how GDPR will apply to YOUR company)
- Applying the GDPR (where it all starts to come together)
- Tune Your Marketing for a GDPR Climate (sharpen your marketing toolset to increase revenues while your business remains compliant)
- Technologies to Assist with GDPR (using the free tools available to quickly and easily comply)
- Maintain Compliance (we cycle back and schedule the process of reviewing business practices in line with GDPR)
The reality is, if you’re in business and have any degree of success, you’re probably already super busy with both foreseen and unforeseen daily tasks that come with just running a business. Don’t worry these steps have been stretched out across a timescale that most businesses find manageable, without leaving it too long between action steps that you’ve forgotten the details before the next step in the sequence. Check out our free course.
Step One: Introduce the IDEA of GDPR
The good news is without realising it, by reading this article and just enrolling in our free course, you have already achieved step one!! The downfall of so many businesses is that they look at GDPR compliance as an annoyance. Just one more task. With this view, either their lack-lustre methods of “bare-minimum” compliance will come back to haunt them as they may be trying to “tick-the-boxes” rather than follow the spirit of GDPR, or alternatively the business that tries to comply with the letter of the law, without any thought about practical implications is decimating their marketing efforts. So in introducing your company, (and yourself,) to the idea of GDPR we ask that you also view this as an opportunity.
For example, lets for a moment just consider one tiny aspect: Online Forms. There’s no two-ways about it, now, when we capture personal data we have to be more transparent about its purpose within our organisations. We will need to audit any forms we present, either to our customers or for gathering leads. Form Audit = necessary … FACT! But how effective are your forms? (Online or offline?) Are you recording your opt-in rates as a percentage of page visitors? Have you considered a two-step opt-in method. (I’ve yet to see an implementation of two step opt-in process that DIDN’T boost conversions… its a technique that flat out works.) What I’m saying here is that if you HAVE to look at an area of business, WHY not make that an opportunity to improve that area? In this day and age we PAY for traffic to our websites. Most businesses leverage platforms like Google’s Search and Display Ads. But even if you’re generating interest in your business website by writing blogs or engaging with people on social media, you’re still paying for traffic by using your time, (or paying for a blog / social copywriter.)
When you send people to the landing page of your website, if MORE people are leaving their email address, (as a percentage,) to get more information about your product or service, then you’ve just SAVED your business money. Also we will show you how to leverage GDPR’s central tenants of transparency and clarity, so that you create a greater sense of trust with your brand, by weaving GDPR compliant explainer copy into your marketing process.
Making someone aware you respect their personal data IS a positive message. This increases the likelihood of a lead turning into a customer. This INCREASES your profits. This is not a trick, its part of the core message of GDPR, and we believe, part of its intention.
So that’s just one way in which embracing the fact we HAVE to integrate GDPR into our business practices can actually lead to better opt-in rates and increased conversions. But the truth is, as an opportunity to overhaul any of the lead generation / customer facing experience, there are so many ways to develop a closer, more trusting relationship with people, whether they are just hearing about your brand for the first time, guiding leads through to the sale or you if are continuing a fantastic relationship with your customers. You may find ways of leveraging information that you already, (legally,) hold about your customers, that are of benefit to both you AND them. If you offer something of value, (and why would you be in business if you didn’t ;-) people WANT to buy from you. GDPR is not around to hinder that process. Check out our free course. Consider not just embracing things like clarity around your business policies, but how you advertise, especially your targeting methods, and email marketing, the list goes on.
Step Two: Understand GDPR
The document as hosted on the EUR LEX website is borderline unreadable… There you go, I’ve said it. And I love GDPR, now that I actually understand it and work WITH it. But IMHO bookish legal people who have spent their formative years in dusty juridicial libraries, eating law books by the kilo, have no understanding, (or interest for that matter,) in the readability of legal documents by normal human beings. (Ironic really when you consider clarity as one of the central tenants to GDPR.) And so, for our own sanity initially, and later for that of our clients, we have broken down this entire document, (all 99 articles and 173 recitals,) into a quick-reference, hyper-linkable online document, so that every time we explain an action step on the journey to compliance, we can reference the original text, and potentially explain any misinterpretations.
One of the biggest failings of businesses is that they look at this legislation like its a technical manual. They’re trying to interpret a series of “do’s and don’ts” from the source text, but it doesn’t work that way. Upon an investigation triggered by a complaint about email spam, you won’t be able to present an interpretation of the wording of point 1. (f) of Article 6 as justification… Q: When is an email spam? A: When the recipient considers it to be spam. And now the burden of proof is on the organisation that collected the data to explain how their internal processes adhered to the ideals of GDPR from the get-go.
GDPR creates defined roles for each of the major players when it comes to handling personal data. We will break these down. GDPR also creates defined legal basis for collecting and using, (processing,) personal data. We will also break these down. Plus we give real world examples of how there players and rules apply. Check out our free course.
Step Three: Prepare for Compliance
Here is where we start to visualise how GDPR will apply to YOUR company. A great exercise to prepare is to start looking at all the “data-entry-points” into your company. These may be online, like forms. Consider if you offer a newsletter on your website? They may be over regular mail. Do people fax orders into your business? Or you may have recorded people’s personal data in person, at meetings, networking or exhibitions. Or over the phone. It is also time to start looking at your current business policies and documentation. We have a great exercise in our free course whereby we construct a diagram of the data-flow in our organisation so we can see at a glance, where it is stored and who handles that data.
Step Four: Applying the GDPR
Now this is where it all starts to come together… From performing the exercises in our previous steps, the construction of mandatory documents like our Privacy Policy is now straight forward. We also include swipe-files and templates to make the job of getting up and running with Cookie Notices and things like that super easy in our free course. And any technical tasks are explained and easily broken down using freely available technologies.
Step Five: Tune Your Marketing for a GDPR Climate
Does GDPR need to negatively effect your marketing efforts? No! This is where we sharpen your marketing toolset to increase revenues while your business remains compliant. Done badly… for sure GDPR compliance without understanding can absolutely obliterate your results. I’ve had companies with massive lists believe they couldn’t email market any more because no one replied in the affirmative to their “are you still happy to receive email marketing” broadcast. In our free course we address the common pitfalls faced by most businesses and myth-bust some of the most devastating lies out there in the realm of so called “GDPR advice”.
Step Six: Technologies to Assist with GDPR
Some of the best tools out there for navigating and applying GDPR legislation don’t cost a penny. And yet many remain totally underused by businesses that aren’t even aware of their existence. By using the free tools available to quickly and easily comply, we take you through a step by step process tackling everything from cookie technology, client relationship software use, to form building. Still paying for an encryption certificate for your business website? We show you how to get one for free in OUR free course. The world is moving on and gatekeepers of traditionally high-markup proprietary technology are now giving way to more stable and trustworthy open source community applications like the CertBot utility provided 100% FOC by the Lets Encrypt initiative.
Step Seven: Maintain Compliance
Compliance with the GDPR is not a fire-and-forget, do it once and never look back process. Here, we cycle back and schedule the process of reviewing business practices in line with GDPR. In our free course we set up processes to ensure that we remain on top of the ideals and the mandates that come as part and parcel with the new standards of data protection that European (and UK) citizens now enjoy. And should the worst happen, and an inspection is triggered, as a business you will have in place review dates to show any inspector that you are serious about maintaining your compliance.
What To Do Next?
I’m sure you get the idea by now. And I hope you can see that by breaking the task of compliance down into simple logical steps we can tackle this together. Little and often as they say ;-) Until recently, this seven step process have been just for us to follow through with our clients. But now we’re so passionate about introducing the fact that GDPR is actually of massive benefit to both data subjects and businesses alike, we want this process to be available to everyone. To get started just click on the button below and enrol in our course.
Course access is totally free for the first week… (all we need is your email address and we will get you set up with access, you don’t even need to enter any payment info.) We guarantee that if you take the time to review the course materials, even if you don’t apply it all right away, you’ll see a marked improvement in your business in at least one of the areas we cover.
Why Wait?
You’ve seen what’s involved. And we’ve built this journey in a way that it needn’t slow down or impact the day-to-day running of your business. So why not take the plunge and get a jump on what we’ll be covering in week one. Our free course is packed with handy video explainers that you can show your team, you’ll get FREE PDF downloads, resources, and case studies to help you get compliant fast. As we’ve mentioned, absolutely no card details need to be entered to get this first week’s access, so what have you got to loose? (I’m sure you’ll appreciate the irony of us abusing your email address ;-) Just follow the link below and we can’t wait to see you in Week One of the GDPR Masterclass.
A Little Warning
Obviously due to the time and date nature of our live calls, we can’t keep this offer open for ever. Hurry to enrol now so you don’t miss out. There’s absolutely no obligation to be on the live sessions. In fact many of our clients prefer to email in specific questions they want us to cover and then watch the recordings later on at a time that suits their schedule / timezone. But we DO require that questions specific to your business are able to be answered in one of our one-to-many teaching sessions. We don’t believe in giving people half the solution, lest it reflect badly on us. So as a rule we only allow free access to the course at a time when we can answer any questions you might have. As you can see enrolment in closing soon so grab your place. Just follow the link below.
A Final Word From Our Satisfied Customers
Still on the fence? Well, I just wanted to finish this article with a few well-wishing words from some of the people we’ve helped before. We’ve worked with a ton of different clients in radically different industries, but the central tenants and common solutions to GDPR compliance without adversely affecting your marketing remain the same…
I met Kerry at a networking event and was just what I was looking for! I needed to get my T&C’s written for my newly established business but to be honest, was terrified of going to a lawyer due to the potential costs. BEB are reasonably priced and my T&C’s are great! Kerry drilled down into what was important for my business and made sure I included this in the document. I can 100% recommend their services!
Anabela Pereira Santos Yourell
Stress Free HR
We have used BEB for various tasks in the past few months, including reviewing and amending legal documents. BEB work to schedule and are always available to discuss items when required. I would recommend BEB to others and I have been pleased with their work to date!
Lara Ayris
Waste Plan Solutions
I wanted to write and thank you for the work that yourself and Hazel have put in to deliver the contract documentation that you have on our behalf. I know that one of the reasons the “root and branch” overhaul had been put off for so long was the concerns held within the business that the whole thing would be too expensive, too disruptive, too demanding on the time of the staff and would lead to “too much legalese” – probably based on standard documentation. It is to the enormous credit of your business (most particularly, both of you), that all those fears have been overcome and you are now seen by the Directors and staff as trusted advisors to ourselves, who “get what we do”, are approachable – are are “there” in the background to assist us, as and when required, both in a practical sense and through the trust you had developed leading to our ongoing planned support arrangement. I know it is a view shared by all at ACS that you deserve the success and hopefully continued growth of the business that you are striving for.
Neil Moran
ACS (UK) Ltd
… as we have said throughout this article, if you’re looking for a practical solution to applying the GDPR then look no further. There’s access for one week totally free of charge, so if you don’t like our approach there’s absolutely no risk to you. But you will like it. Just like all the businesses we’ve helped so far. So click the like and quash those legislative night-terrors once and for all…