Many of you have been receiving loads of emails about compliance with GDPR - as have we. So we thought we would write a quick list to help clear a few things up....
'Express permission' is exactly that - you need to have a tick box on your site, normally on your contact form, saying something like 'I am happy for company X to send me news and marketing information' if they don't tick it, you can't market to them.
3. Legitimate business use
However, you can still contact them for other reasons if they are your clients - otherwise how do you manage your business? This is part of the 'Legitimate Business use' clause of the act. You can also keep their data, even if they request to have it deleted, if it forms part of the legal obligations your company has, ie to HMRC.
5. Other stuff
There is more stuff you need to do as a business, that is related to your operations and not just your website. A good place to check is the ICO, they have a handy tool to take you through simple checks to see where you are on the road to compliance.
As long as you are working towards compliance on the 25th May, but haven't quite got there yet, that is good :) Being totally compliant would be amazing, but the ICO recognise that there is lots to do and that not all of us will be there on the 25th.
The main purpose of these regulations is to make sure that you are holding peoples data safely, not selling it to others and that you are sending your stuff to people who actually want it.