What is GDPR? A Guide for Small Business Marketers

If your company does business anywhere within the EU and the UK, GDPR laws will affect the way your business collects and uses data. GDPR guidelines aim to control the privacy of consumers and how businesses use their personal information but what exactly is GDPR and how could it affect your business’ marketing efforts?*

data protection

What is GDPR?

If you are new to the party, you may be curious about what GDPR is and wondering, what does GDPR stand for? GDPR stands for general data protection regulation. It was put into place in May 2018 to govern the use of consumer’s personal data for marketing purposes. Under it, the way that businesses collect and use personal information such as names, addresses and other identifying data is regulated by law. Any businesses that fall foul of breaking GDPR guidelines could face prosecution with fines in the millions. 


How Does GDPR Affect My Business?

Under the data protection act, any companies or organisations that operate within the the UK and EU in any way will need to follow GDPR guidelines. Following the rise in businesses turning to online marketing during the pandemic, awareness of GDPR best practices is now more important than ever. One of the key ways that GDPR affects businesses and marketers alike is in the control of how things such as names, email addresses and postal addresses are collected for the distribution of marketing materials such as marketing emails or flyers.

In the past, businesses have been able to buy up lists of emails in order to send marketing emails to, this inevitably led to inboxes peppered with spam emails from companies hoping to win trade from new customers who have had their emails shared. Under new GDPR guidelines, this is now (mostly) a thing of the past with companies now having to heavily control and monitor how information is shared and used with large penalties for and data breaches.


Why is it Important for Marketers to Know About GDPR?

Whilst many marketers may have assumed that when the rules came into effect, it was something for other members of their business, such as the legal department, to worry about, as individuals that are part of the collection and use of information, marketers need to understand the implications of GDPR in their marketing activity.

If your business sends marketing emails or is planning on doing so in the future, it is important that those on your mailing list have given their express permission for this to happen. Automatically opting-in customers to marketing emails is now banned under GDPR and customers must know what they are agreeing to when they sign up. When this first came into effect, many businesses found themselves having to re-verify emails to gain the express consent of the recipients leading to a mass purge of email lists. You may remember receiving a wave of ‘do you still want to hear from us’ emails at the time.


What Are the GDPR Requirements for Businesses?

When it comes to collecting the data of your customers, transparency is key. Customers now have the right to request all of the information your company holds on them and to opt-out of receiving any further communication from you. All data must be stored securely with limited access within the company and must be completely secured against external access. If you have a data breach, you have 72 hours to tell the data subjects involved or face a penalty. In addition to this, customers must expressly opt-in to receive any marketing from your business. We explore this further below. How your website collects information via website cookies is also governed by strict new GDPR rules. You can find out more about GDPR and cookies on the official GDPR website.


What Does Opting-in to Marketing Mean?

Under GDPR legislature, businesses must be able to prove that customers have willingly opted in to receiving marketing content with consent ‘freely given, specific, informed and unambiguous’. It is important that the consent isn’t hidden through pre-checked boxes or buried under other information with the guidelines stating

‘If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language’

Providing information for the use of a service, for example giving an address for a delivery of an order, does not constitute agreement to receive marketing materials and the customer could form a complaint under GDPR if they are sent marketing materials without their consent. Age is also a factor with children under 13 unable legally to give their consent under GDPR compliance rules.


Allowing Customers to Opt-Out of Marketing

As part of GDPR compliance rules for businesses, customers must be able to opt-out of marketing at any time and with the same ease as they were able to opt in. For email marketers, for example, this often includes the use of a clear unsubscribe link at the bottom of an email. This is often a requirement for many email marketing service providers.

gdpr compliance closing laptop

What Could Happen if My Business Doesn’t Follow GDPR Guidelines?

If your business does not follow GDPR then you could be liable to strict penalties from the enforcing agency. Not following General Data Protection Regulation guidelines when marketing to customers could cost your business millions in terms of fines and cause a lack of trust from prospective customers. The maximum penalty for GDPR breaches is €20 million or 4% of global revenue, whichever is higher, so could be a costly mistake to make. Those who have had their data shared can also seek compensation for damages and breaches could mean a mass loss of customers.


What Are the Benefits of GDPR?

Whilst it may seem a looming beast in the restriction of marketing activities, GDPR could actually help the way your company markets itself. If your email list, for example, only contains email addresses of those legitimately interested in your business, the chances of them opening that marketing email and converting rise dramatically. Instead of sending out countless emails to thousands of uninterested consumers who probably won’t open them, GDPR allows you to create a bespoke list of interested customers who may take action when targeted by your marketing.

When it comes to direct mail marketing, the rewards can be even higher as you will only be sending marketing materials to those who have expressed an interest in your business or organisation saving on printing and sending costs and boosting your return on investment and potential success rate.


Starting Marketing Online 

If your business is taking its first steps into digital marketing, it is important to follow the correct GDPR guidelines from the start to protect your business and your customers. Whilst you may already have a data protection officer in place to monitor how data is processed in other parts of your business and it is important that you approach digital marketing with the same care and attention. From the data captured through your website to email marketing to the storage and updating of customer records, everything should be covered with the same high level of scrutiny.


How Do I Market Online Safely?

If you are planning on marketing your business online and need some guidance on how to promote your business online, the team of experts here at SEM Consultants are here to help. We provide a range of digital marketing services from content marketing to paid search and always stay up to date with the very latest marketing guidance to ensure complete compliance. Contact our team now online or by calling 0121 552 6500 to find out more about how we can help.

*This blog does not constitute legal advice and cannot replace the services of a professional legal advisor.