GDPR – an introduction to what it means from a marketing perspective

The notes below are our understanding of the main aspects of GDPR, looked at from a marketing perspective. They are in no way a full list of what GDPR means to businesses but we hope serve as a useful introduction.

The company we used for our training was and suggest if you require further training you contact John Wilson directly.

Data that is currently held

If you send an ‘opt in’ option and people do not opt in you MUST delete them from your databases. And you can only send this opt in once.

This could be extremely detrimental to many businesses because it’s proven that a small percentage of people will ‘opt in’ – this doesn’t necessarily mean they don’t want to be contacted however. They might have missed the email, deleted it by accident or simply been to busy to respond.

Before you send this ‘opt in’ be SURE your business can cope with losing significant amounts of current data.

Recommendation for data currently held from

Keep using ‘as is’ ensure you have a clear unsubscribe option on the emails / hard copy mailers.

Note: If you have an ongoing relationship with an individual you do not have to seek permission to continue communications. If this person asks to be removed from your list you must do so.

Data collected after 25 May 2018 (When GDPR becomes live)

Subjects must opt in – you cannot assume they are ‘ok’ to receive communications unless they say otherwise.


  • New client comes into the salon
  • Fills out new client form
  • There must be a box for them to tick consenting to receive information
  • There must be a box for all sources – e.g. email / SMS / post
  • There must be an unsubscribe option on all communications


Privacy and cookie policy

Every business must have a privacy policy on their website. This cannot be part of the overall Ts and Cs.

An example privacy policy can be found here:

Cookie ‘pop up’

This is now an essential – as a new user visits your website they must see a pop up that states the following (or similar)

“This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. {accept button}. View our privacy and Cookie policy here.”

Speak to your web developer to get this pop up installed.

Social media

Be aware that tagging individuals in posts on your business page or in your group should not be done without permission.

Avoid sending DMs to people who follow you / like your page. Them connecting with you is not giving consent for you to message them directly to ‘sell’

Avoid storing data on your social media audience.


ALL businesses who handle data must become members of the ICO (Information Commissioners Office.) Information here as well as a tool to check if registration is required, if you are unsure:

Don’t forget paper records

If you get clients to fill out forms / questionnaires how are you storing these?

If they are transferred to computer shred the originals.

Any other regulations that require the keeping of paperwork (e.g. ABPI regulations, CPD etc) will override GDPR.

You must not penalise people for NOT giving consent

E.g. if you have a ‘white paper’ available on your website to download you cannot supply this only to people who give their email in return.

Data storage – considerations

How is the data stored?

Is it secure?

Is it encrypted?

If your computer was stolen or hacked would the data be accessible?

Staff training

If you have a business where team members are gathering data / have access to data ensure they have an understanding of the rules.

Leave a Reply

Your email address will not be published. Required fields are marked *


Scroll to top