The phrase “GDPR” is often enough to strike anguish in the heart of any digital professional, since it’s one of the most notoriously snooze-worthy pieces of legislation ever written. 

In fact, sleep and meditation app Calm recently released a sleep story which consists of extracts from the 209-page of GDPR legislation, read to stressed people everywhere by Peter Jefferson, who is also the former voice of the BBC shipping forecast. GDPR and the shipping forecast? “I’ve never been so ready to close a tab and run for the hills”, I hear you say! But hold your horses, it’s time you actually got your head around GDPR. So saddle up, and let’s go on an adventure together.

going on an adventure

While it’s certainly not the most exciting thing to happen in the world of digital, and more specifically email marketing, GDPR is nowhere near as scary, complex or difficult to navigate as you think it is. GDPR, or General Data Protection Regulation, is a big pile of EU legislation which changed the way companies handle customer data when it was introduced in 2018 – you probably remember the flurry of emails asking if you still wanted to hear from Tesco, ASOS, Yachts4U, Cigar Aficionado Magazine or any of the other email lists you had forgotten all about. It was also around this time that every single website started asking you about your cookie preferences, most of the time in an obnoxious and far-too-complicated popup. 

GDPR Basics Explained as Quickly as Possible, for Bored People

At its most basic level, GDPR is a law (so no, you can’t just ignore it) that tells companies what they can and can’t do with your personal data – that is any information that could be used to identify you online, as well as sensitive or personal data. That means things like:

  • Personal details like your name and date of birth.
  • Contact details like your phone number, address or email address.
  • Important personal data you don’t want falling into the wrong hands – your bank account details, passport number, health records, national insurance number etc.
  • Other personal info that you share online, like your social media posts, where you’ve been (geotags), your gender, race, and religious and political opinions.

For people who send emails for a living, data is key. A beautiful, well-organised and accurate spreadsheet makes my heart sing, while the pdf version of an oddly-structured and incomplete email list makes me want to die – so it’s no wonder that when we get ahold of good data, we want to hold onto it (not to mention the fact that tech giants have been making BANK off the back of your high-quality data). But no luck for me or Mark Zuckerberg, what with GDPR in town and all.

Who, What, Where Why, How, Which is GDPR?

legolas is confused

GDPR is based on the principles of Privacy by Design and Consent (must… stay… awake…). Privacy by Design means, in short, mind your own damn business! Your company shouldn’t be collecting data that you don’t need – if you’re a dentist, you probably don’t need someone’s job title, while your favourite homeware store has no business asking you about your gender identity. 

Consent is Sexy

Aragorn looking bomb

However, it’s also a prerequisite! In a GDPR-compliant world, all companies need to ask users for permission to store and process their personal data, and make it clear to the average person (no jargon, please) what it’s going to be used for. 

In the olden days, pre-ticked boxes subscribing you to marketing, dumping someone on your mate’s email list because you could, or not letting someone purchase your artisanal plant pots without signing up to marketing was the norm, but today, all of these are very much verboten. GDPR’s new standards of consent mean that consent has to be completely opt-in (Stop buying email lists!!!!!!) freely given (no pre-ticked boxes) and unbundled. 

Wait, What Does That Mean?

Unbundled consent is where I see a lot of companies still slipping up today. Unbundled consent means that you don’t need to give your data for a purpose you don’t want to, in order to get something you do. If I can’t download your free guide to interior design without also signing up to emails about carpet tiles, you’re in breach of GDPR. If I can’t order a click and collect burrito without also signing my life away, that’s a GDPR breach. If someone gives you their data, it has to be because they want to, not because they need to in order to get something else. Anything other than the absolute essential data for your product or service has to be something that people actively opt into, and really, that’s what GDPR is all about.

Congratulations!!

Thank you for taking this journey with me, or, more likely, hello people who skipped to the end for a TLDR. Sorry, you don’t get one – GDPR might not be as difficult as you think, but no-one ever said it wouldn’t be long-winded. But now, we’ve made it to the end. We can all go back to our far-more-exciting lives, safe in the knowledge that GDPR can’t hurt us anymore. 

GDPR can't hurt us now