How to become GDPR compliant like Manchester United.

The GDPR, a phrase that overwhelms most marketeers. With only two months to go until the new legislation comes into effect, and given there’s a lot to take in, we have put together some information* to help you become GDPR compliant and learn how it could affect your business.

What is GDPR?

The General Data Protection Regulation, or the GDPR, is an attempt to update the Data Protection Act of 1998, which was created at a time before Snapchat, Instagram, Twitter, or Facebook even existed.

As you can imagine, the language, context, and framework of the Data Protection Act is a little outdated, and doesn’t really help us when it comes to understanding how to manage and process audience data in a world where data is everything, whether this stems from using an app to signing up for a marketing email.

The Data Protection Act is being replaced with a new piece of law on 25th May 2018, implementing the ‘GDPR.’ The new Act aims to ensure that any personal data collected is only obtained for specific lawful purposes, is fairly processed and adequately protected. It essentially extends the scope of current Data Protection legislation, rather than radically changing it.

How will the GDPR impact you?

Ah, the difficult question! Stating how the GDPR will impact your business is something of an impossibility at the minute, given that we’re still three months away from seeing the final legislation. However, it’s sensible to expect a couple of key areas you’ll need to consider to be GDPR compliant.

  • Your ‘Data Policy’ Document Is Going To Need Dusting: Being completely honest, we know that the vast majority of businesses create a data policy for their website, and probably don’t revisit it all that often. However, it’s pretty likely this document is going to need revisiting and updating in line with new terminology and referencing of GDPR
  • How Do You Actually Get Customer Data: It won’t be enough to ‘sort of’ know where a client’s email address came from anymore. Instead, it’s likely you’ll need to know how you got this data, how the user gave their consent (making sure the user gave explicit consent for you to use the data in the manner you have, too)
  • Internal Processes Will Need To Be Checked: It’s pretty likely that you will need to review your internal data collection policies. For example, you’ll need to be able to provide customers with a digital copy of all of their personal data, if required, and be able to stipulate how their data is being used
  • Understand Data Processors / Data Controllers: This terminology we’re likely to hear a whole lot more of, but you need to understand what they both mean. To boil this down to a super-simple explanation, the first point of contact for the ‘subject’ (user) will be the data controller. If you receive information from a third-party though, you are a data processor. In this instance, you need to make sure the person/business you got the data from (the controller) is GDPR compliant

Becoming GDPR compliant

You’re probably wondering how does Manchester United come into all of this?

Well, there’s a very good lesson you can learn from Manchester United (the greatest club in the world…) when it comes to becoming GDPR compliant as part of your marketing strategy.

As a United fan (you’d never have guessed) and someone who is genuinely interested in how GDPR will impact digital marketing, it’s been interesting to observe how the club has gone about tackling GDPR, ensuring they’re doing everything possible to comply.

Clearly, the club (like a lot of businesses), has some reservations over how they got everybody on their email marketing list, and, as such, wants to ensure that following the 25th May 2018, everybody who chooses to be emailed by Manchester United has made a clear and conscious effort to opt in.


GDPR Manchester United

Source Manchester United

The club has set up a page on their website, to direct users to ‘re-subscribe’ to email notifications. The new form demonstrates a clear willingness by the club to ensure that everybody they choose to email after the introduction of GDPR, has made a clear and conscious effort to stay up to date.

GDPR Manchester United

Source Manchester United

By integrating this a part of their wider marketing strategy, the club has drawn attention to their intentions of becoming GDPR compliant, taking the matter seriously. They’ve even gone to lengths of players filming videos and voice-overs about the importance of GDPR, and why they’re contacting fans. If you’ve been to Old Trafford recently, you may have noticed they even display GDPR adverts up around the grounds too.

We also recently caught up with Luke Pritchard, Corporate & Commercial Solicitor at Poole Alcock, about United’s approach to GDPR.

By starting afresh and taking a proactive approach, Manchester United have given themselves a head start in the race to be GDPR compliant. Their innovative methods of marketing the “opt-in” process mean they are likely to have retained a significant bank of data. Though not everybody has the global reach of Manchester United, many smaller businesses can learn from the way they have engaged their customers in seeking permission to retain their data.

Whether we like it or not, GDPR will cause a big shift towards how we collect and manage data. Although this will mean a change of processes for a lot of businesses, we think an update to the Data Protection Act was long overdue, and hopefully, GDPR will encourage businesses to implement better processes for managing data.

Of course, our teams will be supporting clients in their aims to become GDPR compliant, from our ProSupport web maintenance team who are on hand to support our clients with the practical elements such as adding in opt-in checkboxes to forms, through to our Marketing team, who are supporting clients in promotional campaigns to encourage users to re-opt in.

Contact a member of our team to see how we can help ensure your business is GDPR ready for May 25th.

*please note this is not legal advice, in which we suggest contacting your solicitor for advice specific to your business.

Written by David Berry

Head of Performance & Analytics