The Boost Hospitality Podcast is back for another season! We are now in Season 7, and we are currently on the eighth episode! In this episode, we're talking about GDPR. I've got Sean Rogers from My Legal Club.
My Legal Club is a fantastic new service that is a one-stop-shop for all of your legal and accountancy services. Sean is a very clever guy, and he's on the ball and the point with all things GDPR. He's going to introduce himself a bit more about his career in My Legal Club, and we're going to delve into the topics, which is some of the core basics that you need to be doing year on since it become law in UK and Europe, we're going to talk about emails, talk about your website, make sure you stick around to the end, because they are doing a free assessment for your business. Sean's a great guy, and I recommend that you check it out in full.Â
What does it mean for sharp small business owners in the UK right now? And how is it potentially affecting them as we speak?
A lot of the rules in essence that were brought in pretty similar things that were in place anyway, the problem was that the Data Protection Act wasn't being enforced. And in essence, they serve its purpose. Now I'm a practising solicitor. I grew up, I suppose in the law, in the northwestern claims and civil litigation.
We all know about you know, the cold call on PPI RTA, everyone's up so everyone can completely understand why they have such importance at that level and cold call and nuisance calls. But then at the other end of the scale, and you see in stuff to come out in the press today about Amazon, Google, loads of stuff to do with other health services, sold information being sold.
And everything's going on with Cambridge analytics, all sorts of stuff. It means that data and the sensitivity of data is vital. Now. I think the problem is, as we benefit typical lawyers, I can say that being a practising filosa probably made this and the government far too complicated.
I don't think the regulations are that easy to read and absorb, I think from for everybody, especially business owners, is why, of course, you want to be compliant. But what you need is a layman's, easy to read the guide, laying out precisely what it means to you have what areas of your business you need to focus on. And ideally, you need the right templates, and every sort of businesses a little bit different, generally speaking, you want to have the templates and the systems in place. And I don't think there's much to be scared about as possibly what people may think and what's out there.
I think some of the more prominent organizations, some of the vast operations out there for things to be scared about, and I think you're going to see a lot of publicity over the next couple months, which is going to speak people and as an example, this week alone, there's a big financial leasing company, but I'm told as last passports last utility bill, most people's bank information loss that email addresses.
It's not just a fine that will come. You're going to have to pay compensation to people for that. We're talking about large organisations here. Well, now as I say passports, utility bills, loads of really sensitive stuff. I think people in the SME sector, yes, sometimes need to be dedicated to this.
And perhaps some small resources need to be dedicated to this, which I'll explain and go into, but it's nothing that I would be concerned about. If you're going to bury your head in the sand to absolutely zero, then yeah, you probably have got a few concerns about it, but spend a little bit time I people, I honestly don't think you've maintained in compliance with them straightforward.
What is the essential thing that My Legal Club can recomment that everybody needs to be doing if you've got a website in recording to be compliant with the GDPR?
The first thing I would say, about any website nowadays, is Google for SEO purposes, likes secure sites. You can get things like SSL certificates that are cheap. Google loves them. That's where you'll get the green padlock, and in the browser, so you go on websites that are nice and secure. That's what your company's companies and with excellent products and software within the Memphis, cybersecurity and so forth, then it starts you start pointing for your website.
And I think with SEO Google being so important; it's a no, go to that strategy. So if you're not already done that, and have a chat with whoever you host your website with a look again, the SSL certificates and check on protection measures, they have in place there. And I think the starting point will be to make sure that your privacy policy, your privacy notices, cookies, everything.
So you'll know yourself. I think you always a good starting point for me is gone. Some of the big brands, some of the organisations that you you admire from afar, do not copy and paste, any circumstances, any of the information both you'll see the notices.
The ability to accept preferences, reject preferences, find out more information and be able to see what their cookie policies are privacy notices, etc. And the privacy notice is critical. Because actually, which I'll go on to on the GDPR what you need to do which many domes is have a privacy policy and PR policy that you mirror in all your contracts with vendors.
So pretty much what you can have on the website is almost going to be mirrored with any suppliers because you might have suppliers where you're sending clients personal data to them, and for whatever service or reason maybe, or they might have access to that. So you want to make sure you're mirroring those agreements.
And I would have a look at how you see on your website, have a look at what does your website do to request or record or manage consent and information. That's your starting point, perfect hosts, right website providers, a lot of excellent up to date like cocky plugins and things like this, which means you're still responsible for that. That's an ideal starting point. So an excellent host, the unique web developer will be able to provide you with perfect standard templates to at least start from and then the second thing that I would go on to do that is repetitive This is fantastic. Some of the big businesses love real good disclaimers on there. And someone hacks your website for information on there or explicit information on there, and you know, you want to be really careful, if you have, you know, you might have a blog, where you allow people to post comments on the bottom of it and who monitors who moderate, not necessarily things to GDP are more just go practice for your brand and your business. And only the best practice.
So I think in your terms of use, you can explain a little bit in there about how you want people to use the website and do it in layman's terms, I think you are best almost avoid in the law in terms of the way that you explain this. And that as part of the regulations. It's essential that laypeople can read this.
And also, you might even want to have a vulnerable person policy on that as well. And just the coverage, basically and I think that's the best practice obviously on your website. I believe the two key areas that everyone in this set going to be looking at is one, can you build your email list? So how are you going to get people to sign up to that newsletter? How you're going to get people to engage with the blogs or your articles or whatever it is you do?
And then the second section is on how you get bookings online. And what does that process look like? So starting with the newsletter and the blogs for suppose and, you know, you must ensure that you have compliance emails and SMS marks and preferences in there may not all overlap with what we're talking about later in terms of marketing, the MoMA, certainly on the websites. People need to engage and opt-in positively.
I have seen some sites where they have newsletter signup; you don't have to take any boxes for marketing. Others pre-populate them ticks; then they'll go, so you need to make sure that the users are fully aware what the sun and not to have a positive opt inbox if you like no auto-enrollment and if you want to Do things via SMS that you need that tick box in there as well.
And then obviously, again, a good web developer and the host will have these for you to test you for trial, you can use a development site. And so it doesn't have any downtime on the site that you use. And, and, and you can make sure that that provides a proper clean code so that if you have a challenge, you know, exactly a person signed up, what they opted in for and what the date was. You can sync that with whatever CRM system you use, and there's loads of news nowadays.
And that information can be stored on someone else's server on a big PLC, if you like, where that information is there for us to download if ever requested by the individual terms of online payments and bookings. And I don't know whether you know, your listeners and the viewers also take payments online and reservations, and it's sensible to include what the processes in terms of use, and you know, as an example, to use one of my go cards who's holding the data centre bank details?
This kind of thing? Curates that link, and what type of information do you need for that? Explain why that's the information that you require to proceed. And then again, you know, a lot of that needs to be called clear communication with the web developer.
Making sure we've got the correct cybersecurity in place. And I think if you cover them off, then your website's going to be the strongest anybody else's in the sector.
So what you're saying, in essence, is make sure that whatever data is on your website, is the same that has been sent to these PMS. Is that what we're saying?
Yes, you use my legal Corp as an example, you know, don't hide anything on it go on the home page, you'll see, we were firm with someone security for the SSL certificates. We use Salesforce as our CRM system, and we integrate that with go Carlos, you know, we're not going to sell go cardless direct debit system.
So in our terms of use, we explained we don't hold our card details, the membership information that you sign up for, we have to use that because we use WooCommerce as one of our commercial partners. So, yes, 100%, I would make sure on your website, you explain all these things, because remember, when people are incredibly nervous about this over the next year because of the story, they're going to come out in the trash Madison's going through an appeal at the moment to do with the GDPR issue.
As I say, when news breaks off this other article of lost passports utility bills, you're almost getting into the realms of people being scared to put the details in online. You know, I only had a call from a message today about automated messages she's receiving through the HMRC, scam and all these kind of things going on, people are nervous about it.
So I think that the more reassurance you can give on your site, in terms of significant third-party providers that can be trusted, that, you know, receiving that information and you're not withholding the vast majority of this, after only going to help you I think in terms of people want them on-site and feel safe, and then open proceed with the book and say,
Any tools or apps or anything that you could recommend any standard stock policies? Do you have that in My Legal Club?
Before going into anything, it's always worth, you know, dedicating half an hour to do some research yourself. That's the most crucial thing no matter who, if you do this article, mobile device or outsource anything to anyone I think doesn't matter what service or sector it's in, I think it's good to do some free research, the Ico websites. Whatever you think of this government's exposed as well, the government website has plenty of information on it within that gives you a perfect starting point like sale, under no circumstances, knowledge, go to some of the really big websites, or some of your competitors about what they're doing, what they're not doing.
And we'll be launching, and I think a trillion GDPR profit product very shortly. And we want to try and offer people the ability to do a quick sort of online assessment, which will be free so that people can use a kind of traffic light system, see where they're up to on compliance. And then we'll have a range of different products to support them if they want to outsource. And we're going to make sure there's plenty of free information on there for people who want to digest that and do it themselves — no issues with that whatsoever. People want to do free of sessions. They can then with purchase, data or the report as an example. To give them a list of things that they need to put in place to make sure that it's operational.
And it'll be easy for them; I think to do that themselves if they then want to. And that's I'm not doing that myself. It's a top law firm that I'm using, convinced them to charge reasonable prices for once you get top-quality service from leaving GDPR lawyers at unbelievable prices.
And then if you want the law firm to do the work for you, again, crunch the numbers with them, and it is affordable. And I'm just putting the final pieces to it before we launch. So we've got links to insurance directors, and officers cover all sorts of stuff where if you want to go belts and braces on it from a GDPR point of view, we're talking about a couple of emails and less a lot less than 1000 pounds.
We're talking in the hundreds here for a full solution provided by a law firm. And alternatively, people will be able to use our site and the free assessments as a bit of a resource kit for those that will prefer to do it themselves and each other people might might value doing it themselves dedicating a fair few hours to it orders might want to use a law firm for back on that indemnity insurance wish to go over a couple of emails and then not worry about it and get on with doing what you want to do.
So now hopefully we can provide some support for everybody. Nice.
What are the best standard practices in My Legal Club that people should be a dare into with this show moving forward in a post GDPR world?
Yeah, 100% I see this from a lot. I won't name them, of course, but I see this from a lot of big organisations.
I think I'm going to get themselves in a little bit of my video. And it's still unbelievably people. You know, if you're using someone big, I say use MailChimp or something equivalent to MailChimp, and example, they're good at having like the unsubscribe or opt-out options in there. But I still see stuff from other companies that don't use that kind of product, which are not included and evident about the mistake that people make is that don't use and read the book, you might have an existing client, for example, and then actually, you're perfectly entitled email, or whatever that problem is, for example, I'm starting a train station right now.
So I bought some train tickets with the agent, and they're perfectly entitled to text me to say, reminded about your train tomorrow, remind that train and say, your train has been delayed as per usual with original whatever. What they can't then do unless I've opted in, it starts sending me text messages or emails Two days later, to say that they're offering a discount on services to London or they've got a new line going to lead or whatever it be. That's where people Having making big mistakes on GDPR, adding people into their list where they've been a client or former clients.
And then again, the problem with this without scaring anybody is you'd have to take GDPR into Google. And all you're going to see at the top are lawyers. Now, it's happened over the last eight weeks. And because of some of the significant fines that are going to come out some of the significant issues that are going to plant, this is going to be publicised heavily. And I think people are going to start being told look; you need to be seen, checking what emails you receive, what's received, where do you get your OPT in? And have you had an email data?
Last year, now it was our and the way the court view this in very dim light. So if you lose email addresses, you're liable to compensation and fines, you don't have to prove any loss, and that's not to spook anyone at something that's the big operation for that affects the most important thing for the people listening to this. Have a look at your email list double-check that we opted in for email, marketing and SMS. If the clients from Prague are coming into force, I would drop them another email and check what their preferences are.
And again, a good web developer and a good host will have easy to use, like newsletter opt-ins and things like this. So it should not be a big problem people, either, you know, former clients or you've been marked, not object, it's worthwhile just contacting them again, saying you're on our email newsletter list. You're here before GDPR. You see me still happy. Just a reminder, you can always unsubscribe.
And that would be my website. I would say you've got to make sure as a saying that your email list has people in it as many preferences and probably the biggest problem for the people listening now, which I've seen in other businesses is when they not in this sector, but using local area brokers, people who use mortgage As an example, people use mortgage brokers, insurance, whatever industry you want.
When there's a middleman like booking.com, as an example, or Airbnb, it might be that they're capturing email preferences and email marketing often, when that then completes you. They've opted in for your specific markets. And so you need to get them opted in before you market to them too. And to be honest, I don't think that you've got anything to worry about it. But I wouldn't be surprised if next year you start getting a few people email, opt-in, where they'll get this check.
If nothing else, you don't want the administration not to be honest with you. So yeah, that would be my recommendation, separate your email list, and to people who have pre-GDPR comments, all the people are enjoying and subsequently and double-check.
But if you're asked, Can you prove that they often into you, or you have you made a mistake, but if you've made a mistake, no problems with this. It's not like losing an email. They send an email list.
They said that they get into many reports and while they liked the transparency of that business on understanding them of the threshold is, I think as long as you use losses have got real good on subscribe. You just being honest with people, which shows a great report to look, we value GDPR sincerely, we want to make sure that you all in, you've got the ability to opt-out, we want to keep sending you all these great offers and services. If you're not happy, please hit the unsubscribe button and then you've got a cleanser straightaway.
So the other thing is that if you're providing value, and if you're providing people on your email list with great value, and you're not annoying them, so they're not getting an email every two hours. You're not going to have any problems I, in essence, I'm not saying for one minute, ignore your GDPR compliance obligations, if you will provide an incredible value to them. And it's something that they enjoy reading, and you provide great content, you should make this part of the content, you can say, look, this is how a call centre this for us to be compliant. GDPR This is how serious we take your bookings want to take you through, have a look at some of these new stories about some of the prominent organisations that have been found for this. That's not off.
This is how to take it. This is how we operate. So anytime you want to talk with us, you want to come back to us nothing to worry about. You know, this is what we've done internally. This is what we've done, are we these are the solicitors we've engaged. You could make great content out of this. And I think as long as you're providing excellent value to people and it's not selfish,
So not the big problem nowadays of changing the topic of this of the show. People are sick of being salty. Now it's more American model, which is providing incredible value. And making people believe that they're getting 80% value and you have your 20, the bad and the wrong end of the deal, and then building that rapport and then the sales will come after that. Focusing your time on great content, I think is more important than the size of the list necessarily, and how often you use that list because if you've got great content, the file will grow. People will stay people will read it.
The important thing I think for and to consider is who has access to your logins and passwords I suspect most of the personal data is going to be stored with prominent organizations like we've referenced before your booking.com might be with you going to court offices whatever your internet banking key thing is thing you know, you might have stuff in your WordPress dashboard and your site as an example might have things in MailChimp about all your subscribers, you might have stuff in Salesforce was perfect example of book, who was your login details? And are you login into your accounts in like putting hotspots basically where people can rob your login and password?
And allow the tight-knit group of people like your web developers to download stuff onto their laptops, download material onto the PCs, put things into Excel spreadsheets, they're the little dangerous for you because you only need one person to fall out with you. And potentially that you can post on the internet or email list or whatever. I think while still while you leave personal data with Google policy organisations, you've got nothing to worry about. Just remember there are the login details and the ability to export boards.
So I think what you do is an essay when you work with third parties, have your privacy policy. There's a contract so, for instance, a using a social media management team, or you use a web developer, you someone freelance to do something you can have a no you're not permitted to download reports. You are not allowed to save these on your PC, laptop, whatever you're not allowed to work in this kind of org said areas if you like where we think we're going to be at risk.
Know more about Sean Rogers of My Legal Club
Listen to the full podcast on iTunes or Anchor or visit Boostly Hospitality Podcast for the full list of episodes!
