What GDPR Means for the Manufacturing Industry with Tristan Bailey

What GDPR Means for the Manufacturing Industry with Tristan Bailey

 12 Jul 2018


Terry Mallin  :  So on this week’s hot topic, I'm joined by Tristan Bailey who is the owner of Holdingbay. Holdingbay is a exciting development agency. To put that into context, Tristan helps manufacturing companies to create websites that enable scale through brand awareness and also create sales funnels within your website which convert. My experience of typical manufacturing company websites is pretty poor, there are some really good web sites out there but there's a lot of poor websites that-- it's just a presence, it’s just a page that's been put up there. So what Tristan focuses on is how do you create a profile that showcases your business in the best way, and that could be to current customers, potential new customers or new employees who are looking to join your business just the first thing that people look at when researching a new company.

And off the back of that, Holdingbay as a business will work out how do you improve your sales conversions from your web site? So you may have a thousand people coming to your web site every week and every day and every hour, whatever that may be, but if you’re getting zero from that, then what’s the purpose? Unless it's just about the brand awareness.

So what Tristan would specifically look at is how do you convert as many of those leads as possible, and when you are converting those leads what your doing is you’re gathering some data from a person, and I thought what would be very important today with the GDPR regulation in place is to discuss when we’re gathering data, what do we need to do to protect ourselves as manufacturing companies and to make sure that our processes and procedures are right going forward so hi Tristan, how are you?


Tristan Bailey : I'm good thanks. Thanks for having me.


Terry Mallin  : Pleasure, absolute pleasure. And just to be clear from the start guys me and Tristan are not qualified lawyers, this is not legal advice.  This is just 2 people who are passionate about manufacturing but for an understanding of GDPR, having a discussion and giving you in sort of layman’s terms how it affects you at your business. So Tristan, over to yourself then it could be good to get an intro so what is GDPR?



Tristan Bailey : Yes I’m glad you asked, so with collecting data when that comes from online website forms, collecting data for newsletters or product information or even for employees and collecting CDs or new data for new hires. This data often holds personal data that covers individual people and their movements. So what GDPR covers and that's where the crossover happens, is it covers the collection, storage and processing of that personal data.  And the personal data is things like someone's name, someone's date of birth, someone's personal e-mail address, things that are tie able to the person and not the business.


Terry Mallin : That makes sense.  I'm guessing it's-- you know you’ve touched on new employees that could also be existing customers and potential new customers, so if you’re getting some new leads coming through the website of people who are looking to work with us as a manufacturing organisation, what do we need to do to stay compliant?


Tristan Bailey : So there’s a regulation that covers the capture and processing of the data, so this covers all your past customers and stuff, as well as going forward. So in many cases you have to go through and audit the data that you're collecting and find where there is personal information in that, and if consent was not given to using that data for other purposes or for- it hasn't been given for a long time, you will likely have to collect that again and go back to those customers. The data that therefore we're talking about it's quite all-encompassing, it's not just saying keep one or two of these fields in your CRM, in Air Space system special. It's the right to be informed, so the right to know what this data is and what it's going to be used for and this is granular, so you can't just ask someone to sign up say for a newsletter and then be using that to contact them for other uses too, if you haven't made them aware in advance, the right to access that data.  

So there is some new rules that will come in that people can request the data that you have on them, the personal data you have on them, and you've got a short window of time that you have to be able to provide that in a form say a CSP or just a text file to provide the data you have.  Part of that is therefore also for the right to rectification, they're allowed to ask and be able to update and keep that information up to date which obviously can be useful for you too, you don't want to be storing out of date information on people.



It goes on, they have that the right to erase them, so if someone's decided they don't want to work with you or don't want information from you anymore, they have the right to opt-out at that granular level, so just from marketing, just from sales calls, just from other piece of information, but they also have the right to just say “please delete all personal information for me”. And this for some systems can require a re-assessment of how that system works, because the system may rely on key pieces of information like the person's e-mail address or some other piece of key information and that information now needs to be removed from the system but you don't want your system to fall over.  Just before I do the other points, there is some differentiation between that business use and the rights, and I’ll go unto the rights in a minute. There is-- You have to state what right you have to hold this information because if there is a need for that information for say a business transaction, someone has asked for an order or shipment and you quote, you're perfectly entitled to have that information.  But if the information is just being held on the off chance or for future use, then the use is not the same.   

There's a restrict on processing, so for example some people I see say when we’re using websites or have marketing databases of emails of that information, that can't be copied off and put to a different location or sold on and used by a third party unless the customer is aware of it. So you do have to be aware even if you're buying in-lists or buying in association with new partners to do that your diligence with them too.

There's also the right to—and to data portability that extends from being able to see that information, that for some companies it's going to be less so with manufacturing companies and often more with maybe the software vendors and the people that maybe have that information that the information can be processed. You may have this with some HR functions of being able to import and export that data, the right to portability we see this often more in the energy companies, or different things where you may have a vendor who may be with one gas company, one electric company and you decide to move to another one that your information, your setup and your system installs can moved and passed on where that is that personal information.


Terry Mallin  : And Tristan still on the basis of-- if you’ve got existing data at the moment, how would the manufacturing company go about giving people the ability to opt-in to future communications?


Tristan Bailey : That's the point that they do set out is that it's clarity, it’s written in clear understandable language, so sometimes you will need to re--  visit either your marketing or your privacy policies, terms and conditions to make sure that those bits that refer to opting-in refer to what you're opting in and it's nice and clear. It definitely means that, say for email-marketing and pieces like that, the double opt-in systems where there's definitely a record of that someone has opted-in, because the pieces that you need to both audit your internal systems for where this data is going and where it's going to be stored, but also you need to store when someone authorized you to-- when they gave their consent and where? So you're going to need to be able to store that in your systems of a date and time and where it came from, that consent; was it on an online form, was it in person, was it somewhere else that this information came from? And then just to follow back on it that question of therefore the re-consent, a lot of people going back and looking at their lists again, if those people in your data sets you haven't been in contact with or they haven't been doing business with you for a while, it's definitely worth going back and re-engaging with them.  

This is good for a business case anyway of warming up those leads, seeing whether they've got a new new project on, a new need at this time of year, but also therefore that you can get them to consent-in and record that information again. Otherwise there is grounds that you should be removing and deleting that information from your system.


Terry Mallin  : Some people maybe reading this and actually be thinking “I don’t even have a system”. What could people do to gather the existing data that they’ve got and be able to try that as a certain process that can be done if you’ve not got a specific system in place?


Tristan Bailey : You have in-house to start with, following unto that is speaking to a company such as mine or a similar local company that can come in and help you evaluate what’s possible with your current system and definitely going back to vendors.  

The requirement is for you to know how your systems work, but also all of your partners.  You need to make people aware of which partners you're using, where their data is going to be shared, now if you're not sharing this personal information, if you don't have so much of a personalized system then that is not going to have some depth to it, but certainly in the sales and marketing functions, there may be third party vendors that you're using to collect that information and share and integrate to produce your campaigns and collect data on people.  And you need to go back to those vendors and ask them what are they doing? And get copies of their terms and their adherence to GDPR.


Terry Mallin  : Making sure that the gathered data is systemised and documented about where that person is coming from and when they opted-in to e-mail marketing is important. So then moving on to discuss the various sales funnels that converts from an online website, what you’re doing is gathering a lot of new data..

So from a process and procedure point of view people need to ensure their privacy policies on websites cover etc.. can you give me a little bit more on that?



Tristan Bailey : Certainly so, speaking through with your legal counsel and the other parties that you need to update your terms and conditions and your privacy policy. Those are standard requirements that you definitely need to make sure that they’re clear and available, both on your website and for requests from other sources and that information then can be used for people to be aware of where that is, going into the sales funnels, you need to be able to when payments signs up for say e-mail marketing or webinars or white papers, those links, and what people are opting into are made clearly available to people.


Terry Mallin  : And I think one of the important aspects that we discussed, a lot of manufacturing companies will attend conferences and trade fairs and the fact that this will also apply to electronics and business cards at these type of events, is that correct?


Tristan Bailey : Yes totally. So I mean being at a conference or a trade show is a big expense and obviously the most value is being able to convert some sales after and following up with people who have visited your booth. But you do again GDPR doesn't just cover digital media, it does cover the consent of that person. So if someone's come and visited your booth, you've got a big goldfish bowl just drop your business cards in to win a prize on the day, that's not giving consent. If they haven't also signed a paper and that they're giving you consent for that data, that's not valid to take away and start sending the marketing or sales calls afterwards. Now, there is a little cover to it is, it is the personal parts of the information, so if someone's giving you a generic business address, generic business details that are around the company and are not around the person, it is valid.

So B2B communication where you are talking to that company for a business need and not related to their personal data, then that is possible and the GDPR that's not covering but as soon as you're taking maybe their personal interests or other notes that you may take on a sales call to help improve your relationship to them, that's when you need to take advice as to seeing where you move from that company and business case, use of that data into the private parts the data. So there may be some parts you can keep and some parts that you need to be aware of, that you can only keep around for a certain amount of time and then you need to have a good practice of deleting and clearing that information out.


Terry Mallin  : Looking at the potential consequences, what are the consequences if you breach GPDR?


Tristan Bailey : It's a little bit unknown as to how quick they're going to move when it comes in but as it covers anyone who lives in an EU state, it doesn't matter where the company is, so the company doesn't have to be in the EU, and say like the UK, if we leave the EU,  we will still be covered and for both the UK citizens and for anyone we're doing business within the EU, they have levels that they can work through from a warning, to a reprimand, to a suspension of data processing which would mean you couldn't process any of your information, you couldn't use any of your personal information up to the top level and the one that a lot of people are talking about is 20 million EUR or 4% of your annual  global turnover, whichever’s the greater. So they've got a good hammer to wield if people aren't being careful with the information

Terry : I would like to tank Tristian for the insight today, for more information or to make contact with Tristian please visit his website at www.holdingbay.co.uk or email tristan@holdingbay.co.uk.


Interested in recruiting the best people for your manufacturing company? Please arrange a 15 minute business ignition call with us today



Helping Manufacturing Leaders across the UK to attract the best talent for their manufacturing business


Currently there are no comments. Be the first to post one!

Post Comment