The GDPR is creeping up on you!
Article by Bill Parslow posted on Thu 17 May 2018
Nothing in this article or on this site is legal advice. Specialist legal advice should be taken in relation to specific circumstances.
The GDPR is creeping up on you…
It’s not a monster though- in fact it’s a fairly sensible bit of Data Protection law designed to ensure personal information is fairly used, and looked after well.
If you run an Escape Room in Europe you need to become compliant by 25th May. That’s the day it comes into force.
It’s all about good practice
But really, as long as you’ve always looked after your data well, there shouldn’t be a BIG problem. You should think positively and treat this as a chance to make sure you use and look after personal data in the best possible way.
If you want to really engage with what the GDPR means for you as an Escape Room owner then do read my longer article here. But you will get the gist of the things you need to do here.
The Big Issue - marketing and mailing lists
The biggest issue is your marketing mailing lists. But even this isn’t that difficult to sort out.
The new act asks that you are entirely clear and transparent about how you intend to use those email addresses and telephone numbers that you have collected. Put simply, if you gathered people’s emails when they asked to be sent some information about your Escape Room you can’t then use these email addresses to advertise another escape room, or the pizza place your sister just opened round the corner.
You have to be clear, transparent and honest!
Your customers should opt in to marketing emails
It is enough that what you offer is clear and unambiguous. If your consent form says “ I wish to hear about your new Escape Rooms via email” and there is blank checkbox waiting to be ticked, that is explicit informed consent.
As the Information Commissioner says: “Examples of active opt-in mechanisms include:[..] ticking an opt-in box on paper or electronically.”
A blank checkbox is indeed what is called in the jargon of the GPDR “an unambiguous indication by clear affirmative action”. You can click here for the full text.
Essentially all this means is that you should offer your customers the chance to opt in to receive emails from you by allowing them to tick a check box. If they don’t tick it - well they either forgot, or they don’t want to receive your marketing. If they do tick it, then they are giving you a valid consent to send them emails about your Escape Room.
There is more for you to do to be compliant, but it is all fairly sensible housekeeping stuff behind the scenes. You should always be clear about who you were so always tell them what your company name is. You should keep a record of the date the consent was obtained so that you can review it, say, after a year.
You do need to make sure that people can change their choices, or ask you to delete their data. It kind of follows, then, that you should know what data you have about someone and that you should hold it securely. The GDPR demands that you are able to tell someone if you do hold their personal data and, if so, tell them what data you hold about them.
So to summarise
- Always tell people who you are!
- Tell them what they are signing up for - be transparent.
- Look after their data so that no one else can see it, and so that you can retrieve, correct or delete it.
- Do regular housekeeping - every year or so go through your contacts list and ask them if they still want to be in contact with you.
It is a bit more detailed than just asking people to give you their email address so you can send them stuff. But it does make sense - personal data is valuable, portable stuff - everybody wants it looked after properly!