We all know data is the new gold in this digital age, and many people are – quite rightly – more protective of their personal information than ever. In 2018, EU implemented the General Data Protection Regulation (better known as GDPR), legislation that required businesses to secure users’ permission to collect their data online for marketing purposes – and nothing else.

GDPR demands that: “consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Dontcha just love legalspeak? If that sounds like gobbledygook, fear not – here are our 10 tips to mastering GDPR compliance when marketing.

When requesting consent, it MUST be separate from your other terms and conditions. Businesses or marketers can no longer make it a prerequisite to signing up for a service. Check boxes or sliders work equally as well.

Blank, opt-in boxes or a similar unambiguous method in which the choice is equally prominent must be used, so users actively elect to give consent. Pre-ticked, opt-in boxes are no longer valid under GDPR.

The request for consent must be phrased or written in a way that’s easy to understand. Confusing or vague demands will not pass muster.

Additional choices, known as granular options, must be offered when possible, so customers can give their consent to all the separate ways you intend to use their data. You can offer a list of options with check boxes, and ALWAYS include the ability to say no.

The name of your company, as well as any third party whose consent you’re asking on behalf of, must be clearly given, so customers are fully informed about who is accessing their data.

Easy to withdraw
Consent must be easy to withdraw and customers should be made aware of how to do this. Always have the unsubscribe button in plain sight.

A record of what each person has consented to, what they were told, and when and how they consented must be kept.

Data minimisation
Make auditing and erasing the data you no longer need a part of the day-to-day or month-to-month operations, and keep only what you need for your business to function.

Ongoing compliance
GDPR is not a one-shot deal. As your business evolves and new systems are added, you’ll need to examine what impact they have on customers and ensure your firm remains compliant.

Confidence is key
Despite all the scary talk when it first emerged, GDPR isn’t something for businesses to be frightened of. In fact, it’s actually helped build trust with customers, as 62% are more willing to share their data if GDPR is explained to them, according to Digital Marketing Association.

If you’re still concerned about getting GDPR right, don’t worry – talk to us at 24 fingers and we’ll get you on the right regulatory track tout de suite.