Sarah has spent all morning making her website GDPR compliant. She is frustrated because she could be doing other stuff. She is irritated by pop-up banners informing her of cookies and endless emails telling her about new privacy policies. Is this stuff really necessary for compliance?
Here are three points to guide thinking on this issue.
- I am not an expert in the relevant legislation. What follows are guidelines. It is always your responsibility to be sure about the law as it applies to your business. If in doubt, take legal advice.
- Most legislation is based on courtesy. We don’t talk much about courtesy these days but if you think discourtesy is the way forward for your business, be my guest.
- Most issues you are likely encounter are covered by your email service. This is why you should use them. Follow their advice and you won’t go far wrong.
Privacy
Keep only information you need to run your business. Inform people you keep information about them and supply them with it if they ask you.
If they opt into your email list, they know about it. Double opt-in, where they confirm by clicking on a link in an email protects against third parties entering names maliciously. For this reason you don’t need it for entries you make yourself. Simply make sure the person whose details you enter knows you have done it.
If you use cookies, you need a discrete mention somewhere on your site. I’d put in in the footer if I needed it. You could mention it alongside the link to your privacy policy. Most people don’t care you have these but should be able to find them. The footer is an obvious place to look, so put it there!
Dishonesty
You don’t intend to defraud customers. Do your best and you won’t go far wrong. The legislation is not aimed at honest businesses. However, good intentions don’t exempt you from following the law. It does not look good if your attitude to compliance is sloppy.
Comply with the jurisdiction you are under and the jurisdictions your customers are under. This is why you sometimes need legal advice.
If you are reported, you are likely to be informed of where you are alleged not to comply. Fix the problem. Show due diligence and you should not be in serious trouble. We get pop-ups and emails informing us of compliance, because businesses want to be seen to be compliant but is this strictly necessary?
Complaints Procedures
Not every business needs a complaints procedure but it is worth considering if you have a lot of customers and several staff serve them. It shows you have a positive attitude towards complaints and means initial complaints are likely to come to you instead of to authorities or social media.
Most complaints are not really complaints. A customer or follower sees something that needs fixing and points it out to you. They are actually doing you a favour by providing feedback.
Investigate and identify the problem. Then inform the person who complained, by when you intend to fix the problem. If you fail to fix it by that time, then the complainant has grounds to take their complaint further.
But even so, mitigate the problem by communicating. Let them know you’re onto it if you pass the deadline. Explain why you have not met it, tell them what you are doing and set a new deadline – hopefully by this stage you have a more realistic understanding of the problem.
Larger businesses who receive many complaints, publish their results. In some businesses complaints are inevitable, eg housing associations, where the leaky gutter is not really a complaint, it informs the organisation of something that needs fixing.
If you are unresponsive, you appear unprofessional and this works against you. Think strategically and turn negative complaints into positives. Email marketing should be the backbone of strategic thinking and we shall turn to that next time.