Marketing Strategy Blog

Don’t Overlook These Three GDPR Checks

GDPR checks

With the General Data Protection Regulation (GDPR) just around the corner, there are a few things we all need to check before May 25 2018. Here are three key GDPR checks your business needs to be compliant. Is your privacy policy, email marketing, and compliance programme ready?

Privacy Policies

A lot of organisations are now looking at their privacy policies with great urgency to meet the GDPR deadline. If you’ve read our practical marketing advice about copy and pasting terms and conditions (which sometimes also include a privacy policiy), you’ll be aware that there are many companies out there that have policies that do not even apply to them or even name another company!

We’ve seen text similar to the following in a lot of policies we’ve looked at:

“Transfers outside the European Economic Area

Data which we collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA)”

Okay, this could be fine, but then there’s usually more:

“These countries may not have data protection laws equivalent to those in force in the EEA.”

We’ve actually seen this exact wording whilst auditing websites and this is not good. Generally, data should not be transferred outside the EU. If it is, it should only be to a country that has legislation guaranteeing an equivalent level of protection.

It is up to you to ensure your customer’s data is adequately protected. It isn’t enough to notify customers that their data may be sent to a location where it won’t be adequately protected.

The policy mentioned above would then go on to say:

“If we transfer Data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy. You expressly agree to such transfers of Data.”

Ensure Your Customer’s Privacy Rights

It’s good to “take steps with the aim of ensuring that [your customer’s] privacy rights continue to be protected as outlined in [your] privacy policy”, but the only way to do that is to comply with the GDPR and not transfer any data outside the European Economic Area, unless that other country can offer an equivalent level of protection under law and you are able to demonstrate the organisation you’re working with has adequate protections.

Remember to check your privacy policies. Even if yo believe you are compliant, your privacy policy  may not have been updated adequately. You may need to change some wording or delete parts of your current privacy policy in order to be compliant with the GDPR.

Although a robust privacy policy is an important part of being GDPR compliant, it is only one part of compliance. This brings us to what is still the most useful tool we can use to reach our audience; email marketing.

Email Marketing

Efficient email marketing needs us to rely upon a third party to provide the service. By uploading your list of subscribers, you may be transferring data outside of the EU. The most important thing to remember is:

  1. Make sure the data is held securely
  2. Make sure everyone on your list wants to be there

In terms of non-EU based services, if you’re using something like Mailchimp, you should be fine as the United States currently has agreements in place with the EU governing the use of personal data that are currently regarded as being equal to the GDPR.

MailChimp are very strict and use safeguards to ensure they are not sending spam emails. To do this, MailChimp use a double opt in method to subscribe new users. A double opt-in is just one way to help prove your subscribers actually wanted to be on your list in the first place, although it isn’t the only way.

You may need to demonstrate that your user’s data is safe, so you can read more about how MailChimp keep your data secure here.

Read more about MailChimp and the GDPR here.

Compliance Programme

We’ve looked at two marketing specific areas, but it’s important not to overlook our staff, as they also have an important part to play in data protection. GDPR requires accountability, which requires good record keeping to demonstrate compliance. Including staff in GDPR changes is very important.

If you’re using service management software to log jobs and verify completion, you will be gathering a lot of data. Some of it corporate and some of it personal. A lot of the data will be collected by your engineers, including images of customer property.

As with email marketing providers, you need to ensure your service management software provider is GDPR compliant. It’s also essential that your customers understand their data is being kept securely. Employees need to be included in GDPR changes and understand why data protection is important for your customers.

Implementing the Programme

Be honest and up-front about your use of software, how it is stored and what you do with it once it has been collected. This goes for both staff and customers. Making sure your service management software provider will give you your data should you choose to leave them and not use it for their own marketing is an important guarantee to have.

Staff need to understand that your customer’s data is precious. Because engineers will be using mobile devices in the course of their duties, you must ensure they keep devices secure. Your staff should be trained to use passwords to unlock the devices and to log into your service management software app or web page.

Back at the office, your computers should be password protected and encrypted to guard against the theft of data. It can be common practice even, in the most critical of data security environments, to share passwords. Passwords should never be shared between users. Any paper records that are printed should be shredded and securely disposed of.

Have processes for keeping and managing data that is easy to understand so all of your staff can follow them. Keep written records and policies that will show that you are being compliant.

GDPR Evolution not Revolution

Although GDPR is new, a lot of its core philosophies already exist in legislation such as the Data Protection Act 1998. GDPR itself is often common sense and a matter of respecting the privacy of others. Think about how you can keep data securely, use it in a fair manner and be transparent with the people and organisations you hold and process data about.

GDPR doesn’t have to be scary, it’s more of an evolution; a reminder of the responsibilities we have to others. If you’re unsure about how the GDPR affects your organisation, the best place to go is the ICO website, which has lots of guidance on regulation.


If you’d like to talk about your privacy policy or GDPR compliant email marketing, we’re here to talk. Let us know what GDPR checks you’ve been doing in the comments below.

Using Double Opt-In

Double Opt-In Email for Better Engagement and Deliverability

One of the most important things for your business is to have a list of customers and prospects that read and reply to your emails. Double opt-In for email improves engagement, helping you to build a loyal following of customers and prospects.

We’ve just implemented a system of double opt-in email address verification for our email list; take a look at how you can do it too.

How Does it Work?

The first step is asking a visitor to type their email address into a form or a subscription box. We use the form below:

(we’d be grateful if you took a few seconds to sign-up. After all, you’re here already, right?)

The user will then be sent an email with a link to click on. The email link will send them to a thank you page back on your website. This is great, as whoever goes through that simple process is telling you that they really want to receive your emails.

What Happens Once Someone Subscribes?

Once a visitor as decided to subscribe to your list, the best thing you can do is make sure you send the right message to your new subscriber. After signing up to a new email list and clicking on the link to confirm, wouldn’t you be confused if you landed on the page shown below?

double opt-in confirmation email landing page mistake

A confirmation page complete with your picture and a nice message is the perfect way to welcome a new subscriber. But did you spot the problem with the welcome landing page?

Yes, that’s right, the title is “I’m sorry to see you go!” Not what you would expect when you’ve just signed up to a new email list. This landing page would be great for someone that had unsubscribed from your list.

Implementing Double Opt-In

Mistakes happen all the time and are easy to make in the early stages of creating your double opt-in email marketing list.

The best way to avoid making the kind of mistake shown above is to make checks at several stages. Check before making it live by writing what you would like users to see in a text document. Re-read and spell check the text several times to make sure. Copy and paste from your text document to your landing pages and emails so you know you’re using the exact text you approved.

Once this is done, you can make the system live. Once your opt-in emails and landing pages are live, go through the sign-up process as if you were a user to make sure everything works well.

Everything should now be working well, but you’re not quite ready to make your sign-up public. Get a friend to sign up to your list and look out for any mistakes you may have missed. Preferably someone who doesn’t work in marketing but has a sharp eye. This way, you’ll get a good idea of how an average user will experience your sign-up process.

Check Your Process

Finally, it is a good idea to check the process periodically while it’s running. Perhaps once every three months or every 100 sign-ups? Whatever it may be, make sure you don’t waste time checking it too often. Check often enough so that if something stops working, you’ll know as soon as possible.

  • Plan the content in a word processing document
  • Test the opt-in process yourself
  • Get a friend to test the opt-in process
  • Check the process at periodically while it’s running

With good planning and a strong process, you’re ready to implement double opt-in for you email list! Let us know how you get on in the comments below or on Twitter @MoreThanVenice

Customer Login for Segmentation

Hail & Fail

#14 25th May 2017


The British Broadcasting Corporation (BBC) have unveiled plans that will require podcast listeners to log in. Apps and websites that require a customer/ user log in are great for not only large organisations, but everyone from hobby website owners up. Let’s take a look at what the BBC is doing, how it will benefit everyone and how you could apply their strategy to your service management business. Continue reading “Customer Login for Segmentation”

Great LinkedIn Product Marketing

Hail & Fail

#13 18th May 2017

plastic bottles

LinkedIn is a great place to promote your business because it has established itself as the social media home of business. LinkedIn users are looking for business solutions and lasting partnerships. Learn how an effective marketing strategy will put you in front of your most valuable prospects. Continue reading “Great LinkedIn Product Marketing”

Pay Per Click Bidding on Rivals

Hail & Fail

#12 11th May 2017

Rival Schools

Have you ever typed in the name of a company and noticed a lot of adverts above the results for their website? This is because their rivals are buying Pay Per Click (PPC) adverts for that search. This can be a great tactic if you’re trying to pick up new business, but a frustrating one if your business is being targeted. Let’s take a look at both how you can bid on your rivals and how you can counter it. Continue reading “Pay Per Click Bidding on Rivals”

Using PPC Negative Keywords

Hail & Fail

#11 4th May 2017

negative word cloud

Use negative keywords to help make sure you only appear alongside relevant searches that will get more conversions. This easy to understand example comes with tips to make sure your adverts only appear for searches that will deliver you the best possible results. Continue reading “Using PPC Negative Keywords”

Don’t Copy and Paste Terms and Conditions

Hail & Fail

#10 27-4-2017

Terms and Conditions mistake

Make sure you don’t make this one, potentially huge mistake on your website. We show you how to succeed with your Terms and Conditions and why they’re an essential part of your online presence that should never be overlooked. Continue reading “Don’t Copy and Paste Terms and Conditions”