GDPR post-25th May 2018– Top Tips to Keep Prospecting within the Guidelines

This time last year I had data brokers, email marketing specialists and telemarketers all wondering if they had a job post-25th May 2018.

The anxiety about the GDPR deadline of 25th May appears to be wearing off as more people are getting familiar with what they need to do, and the guidance on Legitimate Interest has been updated. Hurrah for a bit of common sense.

I like everyone else, am getting bombarded with GDPR consent emails. For many, it’s a great opportunity to do nothing and trust that I will be unsubscribed from the myriad of lists I don’t remember signing up for – and to be able to keep in contact with those few I really do want to continue contact with.

So what happens post-25th May for those of us who want to keep prospecting (and stay in business)?

Elizabeth Denham was keen to stress in her blog on 22 Dec 2017 that this is a journey.

If you’ve not done anything, you need to. If you’ve started, keep going!

If you’ve not already taken the opportunity to cleanse your email marketing lists through using consent it’s probably a bit late to be doing that now. However, as Legitimate Interest as a legal basis is becoming clearer, many businesses are relying on this in order to continue marketing and prospecting. It’s simply a matter of making sure you have this documented and publicly available so that individuals can see what you’re doing with their data and have easy options to opt-out or ask to see their data.   

Here’s what you should be doing if you’ve not already done it….

  1. Consider, with at least one other colleague, how data flows through your business – is it personal data? Why are you collecting it? Under what legal basis are you justified in collecting it? Have a look at the ICO checks and balances checklist. Have a look at the ICO guidance on marketing and their pdf. You could try taking their checklist 
  2. Write it up. This can be a mindmap, a simple diagram, bullet points, spreadsheet – something to show you’ve thought it through properly. Include third-party systems (e.g. accounts systems, CRM, EPOS)
  3. Contact third party suppliers and ask what they are doing about GDPR.
  4. Update your Privacy Policy and include all this information. One of the big changes under GDPR is that Privacy Policies will now be bespoke to each business because each business processes data slightly differently. Templates won’t work. If you need help with this, speak with your lawyer, or I work with a GDPR lawyer who has designed a simple questionnaire to get you started.

 If you need help with any of these stages, contact me. I’ve created simple packages to get you through each stage starting at just £300.


Written by Su Copeland, 15th May 2018