GDPR - anyone working in this area?
Discussion
I've had some great advice from TR that has helped us to get on & start to do the things we need. He's been really helpful.
(BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
(BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
Edited by Wombat3 on Monday 19th March 15:04
Wombat3 said:
I've had some great advice from TR that has helped us to get on & start to do the things we need. He's been really helpful.
(BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
DELETED: Comment made by a member who's account has been deleted. (BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
Edited by Wombat3 on Monday 19th March 15:04
Wombat3 said:
Wombat3 said:
I've had some great advice from TR that has helped us to get on & start to do the things we need. He's been really helpful.
(BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
DELETED: Comment made by a member who's account has been deleted. (BTW TR. Have been told by the insurers today that they want us to keep ALL the customer data for 6+1 - so now we need to have a better look at how we are going to do that too)
Edited by Wombat3 on Monday 19th March 15:04
I work in marketing for a mid-sized B2C company, with a significant repeat business model. A debate is going on about 'Legitimate Interest'; most advice we're receiving is that LI can be used (demonstrated with a test of interests) as the basis for email marketing similar products to existing customers. However I've also heard it stated that the ICO recent clarified LI and declared that LI cannot be used as grounds for marketing to existing customers.
Is anyone else planning to use LI as the basis for targetted emails to current customers offering similar products; for example upgrades or new versions?
We are running a re-subscribe programme to a reasonably engaged customer base. What re-subscribe levels are people expecting?
SS7
Is anyone else planning to use LI as the basis for targetted emails to current customers offering similar products; for example upgrades or new versions?
We are running a re-subscribe programme to a reasonably engaged customer base. What re-subscribe levels are people expecting?
SS7
shoestring7 said:
I work in marketing for a mid-sized B2C company, with a significant repeat business model. A debate is going on about 'Legitimate Interest'; most advice we're receiving is that LI can be used (demonstrated with a test of interests) as the basis for email marketing similar products to existing customers. However I've also heard it stated that the ICO recent clarified LI and declared that LI cannot be used as grounds for marketing to existing customers.
Is anyone else planning to use LI as the basis for targetted emails to current customers offering similar products; for example upgrades or new versions?
We are running a re-subscribe programme to a reasonably engaged customer base. What re-subscribe levels are people expecting?
On your last point, I am expecting a tiny re-subscribe rate when I do this for my business in the next couple of weeks. I've also received a few emails from suppliers requesting re-confirmation, and I've decided I can do without their marketing emails.Is anyone else planning to use LI as the basis for targetted emails to current customers offering similar products; for example upgrades or new versions?
We are running a re-subscribe programme to a reasonably engaged customer base. What re-subscribe levels are people expecting?
In terms of the legitimate interest question, I've scaled back my original plans for extending our email marketing. Putting aside whether or not it is compliant with the new regulations, I reckon once people start to understand their new rights, there is going to be backlash against any type of comms which could be considered unsolicited. Hence unless your business depends on it (ours doesn't) I think it is better to take a more conservative line.
shoestring7 said:
I work in marketing for a mid-sized B2C company, with a significant repeat business model. A debate is going on about 'Legitimate Interest'; most advice we're receiving is that LI can be used (demonstrated with a test of interests) as the basis for email marketing similar products to existing customers.
shoestring7 said:
Is anyone else planning to use LI as the basis for targetted emails to current customers offering similar products; for example upgrades or new versions?
DELETED: Comment made by a member who's account has been deleted.Google notifying via Analytics that your websites and Analytics settings could need work:
Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.
Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.
Lauren-zg99o said:
What you're describing is soft opt-in rather than legitimate interest. It's part of PECR and allows you to continue emailing existing customers if you meet the 3 criteria listed on the ICO website.
DELETED: Comment made by a member who's account has been deleted."Electronic mail marketing
The most important thing to remember is that you can only carry out unsolicited electronic marketing if the person you're targeting has given you their permission.
However, there is an exception to this rule. Known as the 'soft opt-in' it applies if the following conditions are met;
where you've obtained a person's details in the course of a sale or negotiations for a sale of a product or service;
where the messages are only marketing similar products or services; and
where the person is given a simple opportunity to refuse marketing when their details are collected, and if they don't opt out at this point, are given a simple way to do so in future messages."
https://ico.org.uk/for-organisations/marketing/
Any advice for the little guys?
I run a gift website purely as a hobby.
Payment is all done through PayPal and email marketing for offers etc by Mail chimp.
I hold the customers addresses and email but no financial details at all as all I get is a reference number when they have paid.
The only problem I can see is we do not ask permission for email addresses to be used for marketing purposes although Mail chimp has an opt out.
Is there anything else I need to consider?
I'm finding this a bit of a headache. Everything I look at refers to marketing. I don't do any marketing and wonder what I'm expected to do.
My situation - small business, online retailing as well as an industrial unit that people can visit but not really a shop.
We receive customer information when they place orders online and also have it in our invoicing system - these are both cloud based (Shopify and Xero) We also receive emails with addresses in too when orders are placed via email.
We don't send any marketing out and I'm pretty sure the only information we give externally is an email address to put on a courier system which then gives the customer the expected time of delivery.
As far as I can see, I need to update our privacy policy to reflect what we do but that should be it - does that sound right? I've also read that I'm expected to give everyone our privacy policy at the point of data collection. This is OK when ordering online as they'll see a link to it but we also get emails with details and am I really expected to send them the policy for every email we receive?
My situation - small business, online retailing as well as an industrial unit that people can visit but not really a shop.
We receive customer information when they place orders online and also have it in our invoicing system - these are both cloud based (Shopify and Xero) We also receive emails with addresses in too when orders are placed via email.
We don't send any marketing out and I'm pretty sure the only information we give externally is an email address to put on a courier system which then gives the customer the expected time of delivery.
As far as I can see, I need to update our privacy policy to reflect what we do but that should be it - does that sound right? I've also read that I'm expected to give everyone our privacy policy at the point of data collection. This is OK when ordering online as they'll see a link to it but we also get emails with details and am I really expected to send them the policy for every email we receive?
DELETED: Comment made by a member who's account has been deleted.
Thanks for replying.They get in touch asking questions about our products, we reply - never unsolicited, they get in touch, we reply. I never do anything else with the email, it doesn't get added to a list anywhere. I might follow up a week or so later if they don't reply to my mail but that's it.
TinRobot, what are your thoughts on forums and GDPR?
https://www.pistonheads.com/gassing/topic.asp?h=0&...
https://www.pistonheads.com/gassing/topic.asp?h=0&...
One thing I’m confused about is whether we need to have both a Privacy policy and a separate Data Protection policy?
Most Privacy policies I’ve looked at don’t seem to go into anything like enough detail on the data protection side. I’ve also seen that some firms have data protection policies but they’re quite hidden (sometimes only coming up in searches).
Most Privacy policies I’ve looked at don’t seem to go into anything like enough detail on the data protection side. I’ve also seen that some firms have data protection policies but they’re quite hidden (sometimes only coming up in searches).
I've certainly observed the GDPR statements/emails going into overdrive this last week in particular. I can't say I've actually seen anything that was written with Joe Bloggs the public in mind though - most of it is still tedious legalese that you would need a lawyer on hand to understand - either that or a lot of free time on your hands!
I wonder if there will be notable casualties of the new regulations come May 25th? Interesting to see how the ICANN/whois database situation plays out as that's one example where I'd prefer my data wasn't published.
I wonder if there will be notable casualties of the new regulations come May 25th? Interesting to see how the ICANN/whois database situation plays out as that's one example where I'd prefer my data wasn't published.
Bikerjon said:
I wonder if there will be notable casualties of the new regulations come May 25th?
My understanding is that the regulator will mostly focus on ensuring companies have a clear path to being compliant, rather than automatically fining. And mostly focused on the bigger companies / riskier data. DELETED: Comment made by a member who's account has been deleted.
If only we had an IT company! We use Office 365 and Salesforce but accessed from the guys' (generally self-employed agents) own devices. Plus the information that we do get necessarily (but the customer might not see it that way) has to be shared with other parties. I don't think the way we operate could be made to comply. That's what's stopping me going down an "official" route for GDPR compliance - I think if we got a consultant in they'd have a baby.
That said, we operate only B2B, we don't invoice anybody so we don't have bank or credit card details etc and we don't do any organised marketing - there's no personal risk to anyone. The majority of the people we deal with are listed on LinkedIn and their information gets freely passed around within the industry.
Gassing Station | Business | Top of Page | What's New | My Stuff