This post is part 1 of 3 posts.
If you are a freelance photographer or creative (or any sole trader for that matter) who uses mailing lists to market your services or send out newsletters with updates of your work or blog, and you are based in the United Kingdom or the European Union, or email people who are based in any of the two, this post is for you.
On May 25, 2018, the new EU General Data Protection Regulation (GDPR) will come in effect. The GDPR is a privacy law which will apply in the EU and the UK and will affect anyone who processes personal information of EU citizens. The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR, and it's introducing measures related to this and wider data protection reforms in a Data Protection Bill (DP Bill).
The UK DP Bill is an evolution of the current Data Protection Act 1998 (DPA). It will apply the GDPR and it has been amended to adjust to the national context and the UK citizens.
How does this affect freelance creatives?
Freelance creatives make use of mailing lists to send out promotional material, blog updates and newsletters to current and prospect clients. All the information in those mailing lists (emails, names, addresses) is considered personal information and are part of the scope of these privacy laws. Keep in mind that personal emails of employees of companies fall into this category and both laws have become more strict in terms of what they consider personal information (IP addresses are now part of the scope).
What does this mean?
It basically means that for you to be able to send your self-promotion material you need to have the consent of the recipient that you can use their email for this purpose.
What is consent?
Consent means permission, and for you to send marketing emails to your clients or prospects you must have their permission to do so. If you send blog updates or newsletters to people who have subscribed and agreed to receive them, and you use services like MailerLite or MailChimp, you mustn't worry. On the one hand, by subscribing to receiving these emails they have given you their consent. On the other hand, both services have taken measures to help you comply with these laws (MailChimp wrote about it on their blog and MailerLite has assured me that they are working on these as I am writing this post).
But if you are sending emails to people who have not subscribed to them, you must ask for their consent. You can send, for instance, emails to your existing client list if the email promotes similar products and services to the ones they bought from you. The Information Commissioner’s Office (ICO) has prepared a very thorough guide for direct marketing. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
What if you bought an email list or compiled your own?
This is where it starts to get confusing for me. There is a lot of misinformation on this matter, especially because all the official communications target large organisations, but there is very little written for freelancers and sole traders.
As freelance creatives, we all have a mailing list of some sort for our marketing and self-promotion. Some of us have compiled these lists using contact information of people that we have met along the road, people that we have worked with, people that we wish we could work with, information of people that we find in the mastheads of publications or on websites, and the list goes on. Other creatives buy mailing lists from companies like Bikini Lists or Agency Access.
Freelancers and sole traders are considered individuals under the privacy laws. When we send out our promotional emails to prospect clients, we address these emails to companies but also to other freelancers. If freelancers and sole traders are individuals, and we email other freelancers and sole traders, then these communications are between individuals, but because they are business related I understand that they are considered Business-to-Consumer (B2C) communications.
On the other hand, if freelancers and sole traders email companies, and these communications are business related, they should be considered Business-to-Business (B2B) communications and not really fall under the scope of these laws (the CEO of Bikini Lists, Ross MacRae, wrote a post about this). To make things more confusing, and like I mentioned earlier on this post, personal emails of employees of companies are considered personal information too.
So, it seems to me that in any of these two cases, whether freelancers and sole traders are writing B2C or B2B communications, we must comply with the privacy laws. I have written the ICO asking for more help on this matter because it is really confusing. Watch this space. Yesterday they published a post on their blog announcing that they will launch a dedicated telephone service aimed at helping small and micro businesses prepare for new data protection laws.
So, what can you do in the meantime?
While all this information is clarified, you must definitely make sure that you are taking into consideration best practices in what personal information refers to:
Only use personal information that you have consent to use and use it in a fair and lawful manner;
Use this personal information only for the purposes for which you have obtained the consent;
Send direct marketing emails that are adequate, relevant and not excessive;
Keep personal information in your mailing lists accurate and up to date and not for longer than is necessary;
Keep personal information in your mailing lists secure and password protected; and
Do not transfer to third parties or to other countries without consent and adequate protection.
Where can I find more information?
If you are dealing with EU citizens, visit https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
If you are dealing with UK citizens, visit https://ico.org.uk/for-organisations/data-protection-bill/
The ICO keeps a blog where they have started a series of blog posts to sort the fact from the fiction by busting some of the myths around the GDPR and the DPA: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs
Photo credit: Behind the scenes photography by Stef Mic
Do you like what you just read? Subscribe to the weekly blog posts here!