You are currently viewing Worried about GDPR? This might calm your nerves.

Worried about GDPR? This might calm your nerves.

If you keep an eye on the world of digital, General Data Protection Regulation (GDPR) is one of the most important acronyms of 2018 – it’s a massive overhaul of the way that companies are allowed to treat their data.

According to this EU directive, which starts in May 2018, individuals will be given more control over the way that their data is treated by companies. Here’s a brief guide to the new rules.

Huge Fines!

The reason for it being such a big deal are the fines that come with breaches – up to €20m, or 4% of turnover – whichever is higher. A hefty sum for any business!

It’s certainly causing companies a few headaches – for example, Pub chain J.D. Wetherspoon has taken the decision to delete its entire customer database and start entirely from scratch – losing well over half a million subscribers.

So do I need to worry about GDPR?

Well. We’ve been asked by most our clients whether they need to take any action on GDPR. Our advice is to always abide by the rules: you don’t want to be caught out – as you’ll likely end up without a business!

We’ve had various responses – one of our clients claimed that they won’t be doing anything at all, as ‘it’s nothing to worry about’; another one has sent out a ‘resubscribe’ email to their database and reduced their subscriber list by 90%!

But we’ve discovered a valuable piece of information direct from the Information Commissioner’s Office – one that means your business may not have to lose its entire customer database.

The ‘Soft Opt-In’

Lying quietly somewhere in the ICO’s website, there is this little nugget of information:

        Electronic mail marketing

         The most important thing to remember is that you can only carry out unsolicited electronic marketing if the person you’re targeting has given you their permission.

         However, there is an exception to this rule. Known as the ‘soft opt-in’ it applies if the following conditions are met;


  • where you’ve obtained a person’s details in the course of a sale or negotiations for a sale of a product or service;
  • where the messages are only marketing similar products or services; and
  • where the person is given a simple opportunity to refuse marketing when their details are collected, and if they don’t opt out at this point, are given a simple way to do so in future messages.


So, to put it into even simpler terms – if there is already a line of dialogue open between you and a potential customer (be it a purchase, enquiry, etc) then this is considered a ‘soft opt-in’.

Of course, we have to reiterate that you must be able to prove that all the conditions are met  – and if you can’t, it’s better to err on the side of caution.

To be absolutely sure, it’s best to check with GDPR experts. Give us a shout if you’re concerned about the way your customer’s data is stored, or if you have any questions about the imminent regulation change.

Hopefully this little insight has laid some minds at rest!