On the 25th May 2018, the law around General Data Protection Regulation (GDPR) changes. From this date, it will be illegal to contact anyone, including customers and prospects, with business messages without their permission.

GDPR covers any sort of data about an EU citizen, whether that’s names, contact information, card payment details, IPs, cookies etc. The change aims to remove ‘dead data’ that can remain on lists for years and stop businesses contacting people without their consent.

Adding an ‘opt-out’ option simply won’t suffice and all businesses will need to assume every single one of your contacts is opted out and have them opt-in again. This is regardless of your business size and will impact large organisations with thousands, if not millions, of people on their data list.

Failing to comply with the changes could see you fined 4% of your annual turnover or €20million, whichever is greater. In 2016, Talk Talk was fined £400,000 by the ICO (Information Commissioner’s Office) for a security data breach. Under the new regulations, this figure would have been £59million. Your business could even be asked to supply your database and the proof of opt-in.

It may sound like a lot to take in, but don’t panic. We advise to start cleaning up your data early to ensure as many people opt-in before the May deadline. This could be through a pop-up on your website, a sign up form or an email asking people if they’re happy for you to contact them.