GDPR Update: Did we get it right?

By Ishtar Dance on Sunday, May, 27th, 2018 in Dance Entrepreneur, Dance Inspiration, Learning No Comments


The new General Data Protection Regulation is now in force and you’re probably pretty feed up with the term GDPR by now… So did everyone get their data and processes sorted by the 25 May, 2018? And if so, did they get it right?  I’ve had plenty of messages asking questions about the practicalities, and like most other people’s inboxes, mine has been overflowing with emails about opt ins and updated privacy polices. So if you’re sending emails in a professional capacity, whether to your own students, clients or other, then read on for some pointers and links to useful resources.

I have worked intensively with GDPR issues for the past couple of months, as I also offer marketing consultancy to charities, who like a lot of belly dance teachers may initially have thought that they wouldn’t have to adhere to the new rules. Now the rules differ slightly from charities to sole traders (like most belly dance professional are), but I have nevertheless learned a lot, which I’ happy to share with you. No I’m not an expert – even the people who taught the seminars I attended say they aren’t experts, because no one currently are! The rules will need to be tried and tested, before we know for sure how the new legislation will be enforced. As someone pointed out to me; the laws are here to catch out the big fish, but we are all swimming in the same sea, so it’s essential for everyone to review their practises, not least to ensure their customers that they are professionals, who can be trusted to take good care of their personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. So if you use emails in a professional/business capacity you will need to comply with the new regulation. Even if you only have a mailing list of 10 – you are still accountable for how you manage this, as if you had 100.000.

But it’s not only email addresses we’re talking about here, it’s all personal information, including offline information such as fitness to dance questionnaires, which you may obtain from your students attending your classes.

If you missed my first blog about GDPR then you can access it here.

Keep it simple

Once you get started reading about GDPR it can seem quite overwhelming, but for most it’s all about having the basics right.

Ensure all your data is secure: keep it locked up, encrypted if digital, and get ready to inform those who may be affected if you have a security breech.

Current consent: Ensure all your data is up to date and that you have proof that people have given their consent to receive communications from you. They need to actively opt in – not opt out from communications from you. In an ideal world you should ask any email sign ups every two years or so, whether they’re still interested. But as a minimum you need to offer the unsubscribe option in every single email you’re sending.

Be transparent about data use: Make it clear what you’re collecting data for, and that it’s only what is really essential for what you need. Do also make it clear how long you will hold it and why, and have a privacy notice explaining all this, as well s how people can access the information you hold (see below).

Keep your language simple: Straightforwards wording is key to the new data laws. Have you ever tried to read the privacy notices of Facebook, Google etc? The wording used to be (I haven’t had the pleasure since GDPR has been enforced) impossible to understand and stretch over several pages. Only very few people I know have ever attempted to read them, and those who did decided not to use the service!

Under GDPR privacy notices need to be easy to understand, and companies need to make them easy to find. So if you run a business and process data you really need to have one. Be proud of it and use it as part of your marketing. Write it in your own tone/language and use it to build trust with existing as well as new customers. You can read mine here.

Third party information: No one likes the words third party, but if you so share your data with anyone you need to make this clear. If you’re using the services of companies based outside the EU, such as MailChimp, do make sure that they’re subscribing to the new GDPR legislation and be clear about the fact that you use their services.

What about soft opt in?

A lot of questions have been asked about this, as there is evidence to suggest that you don’t need to obtain consent from existing customers if you’re only contacting them about a current or similar service/product, and you have obtained their email at the point of sale. For example when they bought a dance term with you. However I would not recommend thinking this will keep you ‘safe’ in the eyes of GDPR. You could argue that you can continue to contact exciting students about upcoming term dates, but to be on the safe side, you should still confirm on a regular basis whether they actually are happy to receive this information from you. And very importantly, you need to have evidence of this. Further more, this would not apply to new students, who would still have to actively ‘opt in’ to hear from you. You can read more about this at the Data Protection Network.

Useful ressources

If you missed my first blog about GDPR then you can access it here.

Kay Taylor has also written an easy digestible article about the basics of GDPR, which you can access on the JWAAD Training website here.

I also came across this GDPR checklist article, which contains lots of useful tips and insights, written in an easy to understand language.

So there you have it. Lots more information about GDPR.

Surveys suggest that far from every company or sole trader is ready and have all their data in order now that the 25th May has been and gone. But GDPR is here to stay in its current form – at least until the legislation get’s reviewed or updated. So do your best to get your data in order. Not only to tick the boxes, but also so that your customers/students can have faith in the fact that you’re a real professional who take their privacy, data and therefore them seriously.

 

Happy dancing – and communicating about it – always 🙂

Dorte

Did you miss my last post? Read it here:


Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook
Facebook
Google+
Google+
http://ishtardance.com/gdpr-update-did-we-get-it-right">
Pinterest
Pinterest
Instagram