No one sends Christmas cards any more do they? Only e-cards. Well, later this year we’ll see if that is still the case. Why? Because from the end of next week your business could face a four per cent fine on turnover if you send to contacts you don’t have explicit, written, and provable permission from.
Do I hear you utter a four-letter word in response? Yes: the GDPR. That’s shorthand, of course, for the General Data Protection Regulation, passed by the EU in 2016 and soon to be backed by the UK parliament’s Data Protection Bill 2017-2019.
We may be leaving the European Union, but we are just about to be bound very tightly indeed by its data legislation.
Making a mint
Preparing for the GDPR has become a small industry. Legal firms are making a mint out of workshops, courses, downloadable information.
But the headline is this: it’s expensive and, like an unannounced Ofsted inspection, the regulatory axe could still fall any time, on any business.
And the punchline is this will almost certainly wipe out email marketing as we know it.
Yet, rather like a turkey voting for Christmas, I actually welcome the GDPR. Why? The reasons to despise it are obvious. My own small business has devoted something like 150 billable hours of work to planning for and communicating the changes.
We will spend another 150 re-inputting permissions and deleting (as the law requires) “any personal data” which does not have “the data subject’s” consent.
That’s something like a solid month of time.
Imagine the impact on bigger corporates. Hotel groups, restaurant chains, ecommerce merchants, government departments.
It’s not an operational headache, it’s an operational and logistical migraine. And it is ongoing.
Then there’s the immediate impact on sales and marketing.
One global marketing director said to me: “We’re losing 80 per cent of our database. We have to rebuild from scratch.”
The UK parliament’s bill sets out to not only comply with the GDPR, but to make provision in connection with the information commissioner’s functions. That is, to “make provision for a direct marketing code of conduct and for connected purposes”.
I love that catch-all: “connected purposes”. These words hold the key to my expensive, resigned embrace of the GDPR.
How have we reached a state where data is harvested voraciously by organisations with a breathtaking sense of entitlement and no respect of privacy? And how is this good for the consumer or any other kind of relationship?
Databases should, in my view, be renamed peoplebases.
The GDPR forces all of us to recognise that when you connect with someone by email, or snail mail, or social media, you are entering into a relationship, a dialogue with them. Not bombarding them forever because they gave you their business card once, or ticked a box carelessly online.
The GDPR is full of problems, but its aim, to focus our minds on humans in far smaller, more connected and fair ways, is one to welcome.
It marks a moment, 25 years into the internet, a decade into social media, when we are taking stock of our values in relation to technology, and how it enables – or disables – our ability to connect with purpose.
Read more: There's more to GDPR than just fines