GDPR - going forward!
You've written your Privacy Policy and your Terms & Conditions, you've made sure your email marketing signup forms are airtight, and you have proof of consent for all your subscribers. Great! You don't have to worry about all this GDPR stuff anymore, right? Wrong.
GDPR is not a diet, but a lifestyle change, and I've put together a list of some tips and tricks to help you stay compliant (and avoid falling off the wagon!).
1. Be careful when changing your signup forms
I'm not saying you can never change your signup forms, but keep in mind that you need proof of consent from all your subscribers. Depending on the email marketing provider you use, if you modify your current signup forms instead of creating new ones, you may not have a record of the particular version of the signup form each subscriber used. This means you won't be able to prove they consented (actively and explicitly) to receiving emails from you, which violates the GDPR.
2. Keep your Data Map up to date
A Data Map is a list of all the data you process. It includes the source of the data, what is being collected, the reason for collecting it, how it is processed, and how long it is kept. An accurate Data Map is crucial to developing a solid Privacy Policy; it allows you to explain to your customers exactly how and why you collect and use their data.
One thing you will need to do going forward is to keep your Data Map up to date. Whenever you add any new services/methods/reasons for collecting data, you will need to update your Data Map and the relevant sections of your Privacy Policy to reflect those changes.
EXAMPLE: Let's assume you had previously been using your website/blog for your own personal posts but wanted to start posting contributor content, interviews, etc. If you hadn't been publishing user content in the past, you might not have a section of your Privacy Policy dedicated to "publication data". What are you allowed to do with the user content? Will you only be publishing it on your blog, or will you be cross-posting to social media? Etc. All of this will need to be defined in your Data Map and added to your Privacy Policy before you start collecting and posting the content.
Here is the GDPR Data Map Template I used: https://medium.com/@Ideea/gdpr-data-map-template-31da34ca39d0
3. Re-evaluate your Privacy Policy and Terms & Conditions
You will likely be updating your Privacy Policy and Terms & Conditions regularly as your business changes. In addition, you will want to sit down and re-evaluate them from time to time to make sure you haven't missed anything, revisit some items that may or may not be working for you, etc. Personally, I don't trust myself to remember to do this on-the-fly every time something changes, so I set a reminder to periodically re-evaluate my policies from start to finish.
4. Run a quarterly re-engagement campaign.
Many of us ran permission-passing campaigns in the GDPR lead-up in order to ensure we had proof of active and explicit consent from all our subscribers. Some people have felt disappointment at losing subscribers, while others are embracing their lean, engaged new lists!
I have been trying to focus on the latter. You get better conversion rates when your list is engaged, and who wants to pay their email marketing provider for subscribers who never open emails (and will likely never become customers)? Plus, if GDPR has taught me anything, it's that the less personal data I have access to, the better.
So with that in mind, another piece of the GDPR fallout puzzle for me is to do a better job of keeping my list trim, clean, and engaged. Lots of marketers run "re-engagement campaigns" every 90 days or so, and I think it's a great way to keep on top of things. Many email providers can even send an email automatically once a contact has been inactive for a specified period of time. I'm sure you've gotten emails like these, with subjects like "We miss you!" or "It's been a while!". There are some great examples in this HubSpot post. I especially like Lowes' approach, which focuses on what's new and exciting, and what unengaged subscribers are missing out on!
Then, if the subscriber doesn't engage with your re-engagement campaign, you can remove them from your list.
5. Update your passwords regularly
Before GDPR came into effect, I went down through my Data Map, identified every application I use to process customer data, and changed all the passwords. It was a lot of passwords (everything from Facebook to Paypal), but creating my Data Map really drilled home to me just how much customer data I have at my fingertips, and how irresponsible (not to mention unlawful) it would be to have any of it compromised by weak device or application passwords.
Don't worry, you don't have to remember them all; I use Keeper to generate and save secure passwords for all my devices and applications.
I hope this was helpful. I've added repeating tasks/reminders in my system so that I don't have to rely on my brain to remember to do these things consistently going forward.
Also, I should state that none of the content of this email constitutes legal advice (if you've read my Terms & Conditions, you'll know that 😉) and that following any or all of my suggestions will not guarantee GDPR compliance. These are just a few tips and tricks that I've found helpful.
|
