The 2018 Changes to Privacy Laws Explained – GDPR

By 2018 businesses will be required to adhere to new General Data Protection Regulation (GDPR) privacy rules. This means that both you and your supply partners need to understand the changes. You can expect to see enhanced rights for consumers, such as the right to be forgotten, and this means your procedures and processes for data management may have to adapt.

Luckily we’re here to help you identify the most important changes and give expert tips for your business to ensure full compliance.


What Exactly Is Changing?

The main shift is in the legal basis for businesses acquiring personal data. Businesses are no longer allowed to assume consent, and instead must now obtain explicit permission from consumers. This means that data must be obtained with consent that can be proven and, more interestingly, is recent rather than a generic, one-off opt-in from a long time ago. Furthermore, your customers now have the ‘right to be forgotten,’ meaning that data cannot be stored indefinitely without explicit agreement.

So these changes require businesses to;

  • Have a specific and legal opt-in process for any data capture processes which records the customer proven consent and data stamps when this occurred.
  • Provide the ability for customers to regularly and freely update their opt-in preferences.
  • Have a process to ensure any customer data which is now longer opted-in has been fully removed from all internal databases, as well as those of any third-party suppliers such as SaaS solutions, fulfilment operations, resell partners etc.

In addition to this, businesses can now only market to consumers on the specific subject or activity that has been opted in to. This means that any messaging you send must directly relate to the area of interest the consumer has explicitly agreed to. If a business wishes to promote other solutions, products or activities it will be necessary to obtain further explicit permission from the consumer.

The new opt-in feature means that consumers can only choose one specific area of interest, so if your customers require permissions for a range of different business sections, you will require subsequent opt-ins for the relevant areas.

Simply put, express opt-in permission must be recent, relevant and traceable for you to market to them.

The opt-out processes must function within a tighter timeframe and across every aspect of your business, suppliers and partners.

You can no longer follow up confirmation emails to consumers with assumed email marketing. Any subscribers must have opted in to specific campaigns, making preference centres a vital part of the new data collection process – see my previous post for a more in-depth explanation of the benefits offered by preference centres. This means future marketing campaigns can be increasingly personalised, and subscribers will have more freedom and choice to what marketing they receive.


How Will It Affect My Existing Database?

Your existing lists may need amending, as only those who expressly opt-in can be marketed to

In this case you will need to ask your current subscribers to opt-in. Telling your subscribers exactly what they are signing up for is important. This ‘provable’ and ‘recent’ consent is the significant change driven by the GDPR, so asking your existing list to opt-in ahead of everyone else will give you a better chance of success.


What Should You Do Now When Collecting Data?

Adapting your existing website to attract more subscribers to opt-in lists, and update any post-purchase ‘Thank You’ pages or email automation messages is the easiest place to start. Preference centres will also play a crucial role in obtaining contact consent, which will help ensure the correct opt-in process and the longevity of your data.

A positive aspect of the coming changes is that data will be more personalised, more recent and therefore make consumers more engaged. With click-through rates in email marketing often at a low level, perhaps this coming shift in the privacy law balance will inject some creativity into content and subject lines.


HarveyDavid can help you establish better processes and systems such as preference centres and automated campaigns to manage your data opt-in processes.

Would you like to continue the conversation?

This piece was written Warren George, Senior Associate at HarveyDavid. Follow Warren and HarveyDavid for more insights.

You might also be interested in:

6 reasons your business needs a email subscription centre