Does Your Mailing List Comply With The Law? - Part III

London-photographer-JC-Candanedo-Grey-Pistachio-Fashion-Corporate-Portraits-Headshots-Blog-Creative-Industry-London.JPG

This post is part 3 of 3 posts.

In case you have been living under a rock for this past year, the new EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018, forcing businesses across the globe to reassess how they process personal data. It has been a very painful and confusing process, especially for freelancers and sole traders. That is why this month, the Information Commissioner’s Office (ICO) has launched a self-assessment checklist that will help freelancers, sole traders and self-employed individuals to assess their compliance with new data protection laws.

This new tool is meant to show freelancers and sole traders how compliant they are by generating a rating based on their responses and provides handy links to relevant ICO guidance and further information. It also includes practical suggestions of how to stay in line with the law.

This self-assessment checklist has been created with small business owners and sole traders in mind. I recommend you take it even if you have already done all your GDPR homework. After all, it is our duty as business owners to keep our compliance with these laws up to date, the same way that we do our taxes every year.

To access the the self assessment checklist go to: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/assessment-for-small-business-owners-and-sole-traders/

If you still haven’t made your business compliant with the GDPR, you can find more information on: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Do you like what you just read? Subscribe to the weekly blog posts here!

Does Your Mailing List Comply With The Law? - Part II

Portraits-Photographer-London-JC-Candanedo-Headshots-Corporate-Couple-Portraits.jpg

This post is part 2 of 3 posts.

Back in October, I wrote a post about the new EU General Data Protection Regulation (GDPR) coming into effect on May 25, 2018, and how there is not enough information for small businesses on how the GDPR affects us. Now, a new dedicated telephone service has been set up in the UK aimed at helping small and micro businesses prepare for the new data protection laws.

On November 1, 2017, the Information Commissioner’s Office (ICO) implemented a phone service for people running small businesses or charities to help with the particular problems that we are facing while getting ready for this new law. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

According to the ICO's website: "people from small organisations should dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the GDPR, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information."

The ICO has also announced that they will adapt and simplify their infographics and toolkits for small and micro businesses that need access to targeted information about how to prepare for the GDPR.

In the meantime, you can find more information on:

Photo credit: Behind the scenes photography by Andrzej Gruszka.

Do you like what you just read? Subscribe to the weekly blog posts here!

Does Your Mailing List Comply With The Law? - Part I

Fashion-Portraits-Photographer-London-JC-Candanedo-Headshots-Corporate-Couple-Lookbook-Campaign-eCommerce-Photography-Privacy-Law-Bill-GDPR.jpg

This post is part 1 of 3 posts.

If you are a freelance photographer or creative (or any sole trader for that matter) who uses mailing lists to market your services or send out newsletters with updates of your work or blog, and you are based in the United Kingdom or the European Union, or email people who are based in any of the two, this post is for you.

On May 25, 2018, the new EU General Data Protection Regulation (GDPR) will come in effect. The GDPR is a privacy law which will apply in the EU and the UK and will affect anyone who processes personal information of EU citizens. The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR, and it's introducing measures related to this and wider data protection reforms in a Data Protection Bill (DP Bill).

The UK DP Bill is an evolution of the current Data Protection Act 1998 (DPA). It will apply the GDPR and it has been amended to adjust to the national context and the UK citizens.

How does this affect freelance creatives?

Freelance creatives make use of mailing lists to send out promotional material, blog updates and newsletters to current and prospect clients. All the information in those mailing lists (emails, names, addresses) is considered personal information and are part of the scope of these privacy laws. Keep in mind that personal emails of employees of companies fall into this category and both laws have become more strict in terms of what they consider personal information (IP addresses are now part of the scope).

What does this mean?

It basically means that for you to be able to send your self-promotion material you need to have the consent of the recipient that you can use their email for this purpose.

What is consent?

Consent means permission, and for you to send marketing emails to your clients or prospects you must have their permission to do so. If you send blog updates or newsletters to people who have subscribed and agreed to receive them, and you use services like MailerLite or MailChimp, you mustn't worry. On the one hand, by subscribing to receiving these emails they have given you their consent. On the other hand, both services have taken measures to help you comply with these laws (MailChimp wrote about it on their blog and MailerLite has assured me that they are working on these as I am writing this post).

But if you are sending emails to people who have not subscribed to them, you must ask for their consent. You can send, for instance, emails to your existing client list if the email promotes similar products and services to the ones they bought from you. The Information Commissioner’s Office (ICO) has prepared a very thorough guide for direct marketing. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

What if you bought an email list or compiled your own?

This is where it starts to get confusing for me. There is a lot of misinformation on this matter, especially because all the official communications target large organisations, but there is very little written for freelancers and sole traders.

As freelance creatives, we all have a mailing list of some sort for our marketing and self-promotion. Some of us have compiled these lists using contact information of people that we have met along the road, people that we have worked with, people that we wish we could work with, information of people that we find in the mastheads of publications or on websites, and the list goes on. Other creatives buy mailing lists from companies like Bikini Lists or Agency Access.

Freelancers and sole traders are considered individuals under the privacy laws. When we send out our promotional emails to prospect clients, we address these emails to companies but also to other freelancers. If freelancers and sole traders are individuals, and we email other freelancers and sole traders, then these communications are between individuals, but because they are business related I understand that they are considered Business-to-Consumer (B2C) communications.

On the other hand, if freelancers and sole traders email companies, and these communications are business related, they should be considered Business-to-Business (B2B) communications and not really fall under the scope of these laws (the CEO of Bikini Lists, Ross MacRae, wrote a post about this). To make things more confusing, and like I mentioned earlier on this post, personal emails of employees of companies are considered personal information too.

So, it seems to me that in any of these two cases, whether freelancers and sole traders are writing B2C or B2B communications, we must comply with the privacy laws. I have written the ICO asking for more help on this matter because it is really confusing. Watch this space. Yesterday they published a post on their blog announcing that they will launch a dedicated telephone service aimed at helping small and micro businesses prepare for new data protection laws.

So, what can you do in the meantime?

While all this information is clarified, you must definitely make sure that you are taking into consideration best practices in what personal information refers to:

  • Only use personal information that you have consent to use and use it in a fair and lawful manner;

  • Use this personal information only for the purposes for which you have obtained the consent;

  • Send direct marketing emails that are adequate, relevant and not excessive;

  • Keep personal information in your mailing lists accurate and up to date and not for longer than is necessary;

  • Keep personal information in your mailing lists secure and password protected; and

  • Do not transfer to third parties or to other countries without consent and adequate protection.

Where can I find more information?

Photo credit: Behind the scenes photography by Stef Mic

Do you like what you just read? Consider becoming a patron on patreon.com/jccandanedo where you can learn more about my creative process and the stories behind my images. I’d love to have you as part of my Patreon community.

You can also subscribe to my weekly blog posts here!