The new regulations relate to the management of personal data and I’m going to concentrate on how it affects your marketing. So what personal data does it affect?

•Full Name


•Postal Address

•Email Address

•Telephone / Mobile

•Bank Details

•IP Address

When we talk about IP Addresses, this is the one that is provided by your internet provider. Not the internal IP address of your devices either on your work or home network.

So come the 25th May 2018 for general GDRP you need to be doing the following.

1.  Conduct a software and device audit

2.  Work out what software you use that holds personal data?

3.  Check what permissions you have to store data?

4.  Find out where the servers are that hold data both internally and your service providers

5.  Find out who has access to this data internally?

6.  Find out what devices have access to this data? (PC, Mobile etc)

7.  Confirm if 3rd Parties or freelance people have access to this data

8.  Make sure your office hard data is secure?

When we talk about hard data, I mean paper copies of any info that carries customer, suppliers or staff personal data. In most cases you will have to secure this data in locked places when NOT used. Where possible action a clean desk policy. Basically it is time for a good clean out of data you don’t need to hold anymore.

Make sure your software protection and password protection is up to date.

Email Marketing

It is essential that you review your mailing lists to ensure they are compliant.

In some cases you will need to action a positive re-opt in for those people on your current list.

General interest and marketing emails are treated differently, so what’s the difference? General interest emails come from a person, organisation or group of which you could or have a ‘legitimate interest’.

General interest emails and newsletters are information based and do not look to be offering a product or service you can directly purchase. General interest emails don’t require proof of opt-in on your current lists come 25th May, but if the recipient asks to be removed from the list you have action it.

Marketing emails promoting products or services are different. You have to be answer the following questions if and when someone asks for a ‘personal data request’.

1.  How did you get that data?

2.  Can you prove when you got the data?

3.  Did you get a positive opt in / agreement?

4.  Was that opt in done automatically?

The only fully ‘hard approach’ is to go back to your email lists and get a positive opt in by the subscribers. The potential subscriber fills in an online signup form. ‘Yes I’m happy to’  and they then get an email with a link to click that verifies their opt in. You need to prove that every person on your email marketing lists gave you positive permission to send them marketing information.

You still need an unsubscribe button because the subscriber may choose to come off your marketing list.


Make sure you website has a cookies, privacy and data protection policy on. If you don’t want the website to get flagged a SSL Certificate is a must too.Make sure all capture forms are SSL secured too.

Print and Direct Mail

You won’t need consent for postal marketing and can rely on ‘legitimate interests’ for marketing activities. So the older marketing method gets the green light with the new GDRP because it has less restrictions.

So in conclusion you need to make sure you action and check the following;

1.  Secure your data, digital & physical

2.  Be prepared for ‘personal data requests’

3.  Be clear on your GDPR policy

4.  Action your GDPR policy as soon as possible

5.  Methods of Consent, lock down how you got and what you can do with personal data you hold.

6.  Email Mailing Lists Management, make sure you are GDRP compliant

7.  Get you website secure

8.  Re-kindle your love for Direct Mail & Leaflet Marketing.

If you have any questions or concerns get in touch with me, I’m just on the end of a phone or keyboard.