Don't delete your entire database for GDPR

Pub favourite Wetherspoons shocked the country recently by announcing that it was deleting its entire customer email database.

It’s said that this was a move to eliminate any risks related to GDPR, the incoming General Data Protection Regulations that, from May 2018, will see businesses face eye-watering fines for data breaches or for contacting customers and prospects without their explicit, opted-in consent.

Wetherspoons confirmed this decision was made with data breach risks in mind, telling Wired: “following the data breach in December 2015 Wetherspoons has been reviewing all the data it holds and looking to minimise.

“We would rather not hold even email addresses for customers. The less customer information we have, which now is almost none, then the less risk associated with data.”

Under the new regulations, businesses could be fined a minimum of £17.5m or 4% of global turnover – whichever figure is higher.

There has also been speculation around whether Wetherspoons ‘lost track’ of which customers had consented to receiving marketing emails. A number of high profile businesses have hit the headlines recently having been fined for unlawfully emailing customers. Honda, Flybe and Morrisons all fell afoul of the current Privacy & Electronic Communication Regulations (PECR), which currently only fines up to £500,000. However, with GDPR around the corner, the consequences of emailing databases without consent will prove far costlier.

Wetherspoons initially informed customers that it has cleared its database and pledged to no longer send email newsletters because customers consider this “intrusive”. The company’s CEO John Hutson laid this out in an email, with a promise to promote deals and special offers on its website and social media including Facebook and Twitter.

Many have called Wetherspoons’ decision sensible and admirable; we think it’s a bit extreme.

Whilst businesses need to prepare for GDPR as soon as possible, if the right measures are put in place, there’s no need to go to these lengths and delete entire customer databases. Wetherspoons has an undeniable presence on the British high street and beyond, and might consider email marketing or holding customer data unnecessary. But for many businesses, customer data and email communications are critical. As an IT support company, we couldn’t operate without holding essential contact information on our customers.

Email marketing is likely an ineffective tool for a business like Wetherspoons, with little transactional value generated from email newsletters filled with offers. Social media and its website can be valuable tools for disseminating vouchers and special offers, and it can remove the need for an email marketing platform.

To avoid a data breach, there are a number of steps you can take to identify, protect and maintain your data. By utilising our Personally Identifiable Information (PII) Discovery tool, powered by TermSet’s ScanR technology, you can identify any sensitive data you hold across your documents and various data sources. The Qlik business intelligence bolt-on we offer takes this to the next level, allowing you to bring your data together from various sources to manage and report on it, and provide valuable insights that will drive your key business decisions.

It should go without saying that cyber security is essential to protecting your business-critical data, but many business owners are operating under the pretence that it’ll never happen to them. But the reality is cyber criminals don’t discriminate, and with data now more valuable than ever, cybercrime is only going to become more prevalent and more financially viable. It can be tricky to know where to start with security, so we’ve got it covered.

We’re running a GDPR blog series where we’ll be tackling each step in your journey towards GDPR compliance, and you can read the first two below:

GDPR: Where do you start?

The cost of GDPR

We’ll also be hosting GDPR webinars on three of the key topics – protect, discover and management and reporting – from September onwards with our security and data experts. Keep checking the events section of our website for sign up dates.

Finally, after the incredible popularity of our GDPR roadshows, we’re hosting two more GDPR events in Newcastle and London – these dates will be confirmed soon.