GDPR and one of the key basic actions training businesses should take to support compliance
Introduction
With the General Data Protection Regulation (GDPR) fast approaching, all businesses should now be focusing on how they process personal information.
In this article, I will give a brief overview of one major aspect of GDPR compliance, your website’s privacy statement.
In January 2017, Osterman Research, Inc published a paper and found that 73% of businesses are not ready to satisfy the compliance obligations of the GDPR.
As a training provider business, it is likely that you collate details, by consent, from visitors to your website (e.g. name and email address for a monthly newsletter).
There are benefits both ways:- for a website visitor, they may get useful and valuable information on your services (e.g. a newsletter) and for your business, positive brand awareness and valuable ongoing engagements with prospects and customers.
You may have heard about GDPR and its implications (Not sure? Find out the basics).
Some view it as an administrative overhead or tick-boxing exercise.
In fact, at its core, it aims to protect the personal data of all members of the European Union (EU).
GDPR is also a good opportunity to show leads and customers that you are serious about taking care of their data in an ethical way that meets legislative standards.
As a visitor to a course website, would you risk giving your name and email address to a business that did not operate in this way? Most would probably say, no.
There is a lot of information about GDPR and what you should do for compliance.
However, if there is one single thing that you should prioritise in the run up to GDPR officially becoming enforceable (25 May 2018), it is to ensure that your privacy statement (or notice) is updated.
The good news is that it does not take a great deal to make this happen ahead of that deadline.
What is a privacy statement and why is it important?
A privacy statement is a statement that fulfills a legal requirement to protect a customer or client's personal data.
If you collect information (e.g name and email address) from visitors to your website, you should have a privacy statement that includes information on consent and what you intend to do with that data.
Without it, there is the risk of being reported to the Information Commissioner’s Office (ICO) if a website visitor believes that you are not using their personal data appropriately.
Can an update be expensive and time-consuming?
Not necessarily.
There are companies out there who will charge a large fee, but with some basic searching online and up to a few hours of your time, it is possible to create or update one yourself.
If you don’t feel confident about doing this yourself, legal advice is always there as a viable alternative.
I have personally located a good GDPR privacy statement toolkit from Thrive but there are many examples out there.
As mentioned, the ICO website is a good initial port of call.
What are the risks of my privacy statement not being GDPR compliant?
Your training business website is open to the general public and accessible to anyone who comes across it, e.g via a Google search.
It just requires one complaint to the ICO to start a formal investigation.
A breach of compliance can result in a fine of up to €20,000,000 or 4% of a business' turnover (whichever is greater).
If you are concerned about being fined, it is really in your best interest to ensure your policy statement is GDPR compliant.
The cost of non-compliance
Example real-life instances include:
- Facebook was fined €1,200,000, for failing on privacy policy transparency about how they use and collect user’s data (before the GDPR has even come into effect).
- Morrisons was fined £10,500 for sending emails to to 131,000 who had previously opted out and unsubscribed from their loyalty program database
How GDPR can work to your advantage
GDPR is a good opportunity to create targeted email campaigns with people engaged with your brand.
As they have given explicit consent, you can provide more options and find out more about what interests them.
This helps to ensures that they only receive content that is truly relevant to them, meaning happier customers.
GDPR also allows you to be more transparent about what you are doing with their data.
The benefit to your training business? People trust you more and, therefore, are more likely to book your courses.
These transparency signals boost honesty in the eyes of those prospects and customers to another level.
Summary
The lead up to 25 May 2018 is set to be a challenge for businesses across Europe and beyond.
GDPR has the goal of protecting personal data of EU citizens with a risk of a fine for non-compliance.
However, it can also be an opportunity to reinforce customer consent, enhance trust and improve email campaigns.
GDPR has not been introduced to stop you communicating with your prospects and customers.
Instead, view it as helping to ensure that only relevant and valuable information that people WANT is sent.
By updating your privacy statement, your training business will have taken a significant step towards becoming GDPR compliant.
Are you ready for GDPR?
Disclaimer: The content in this blog post is not to be considered legal advice and should be used for information purposes only.
