In the final days of the rush to comply with the much-anticipated GDPR legislation ahead of the 25th May deadline, we discovered a ‘soft opt-in’ ICO clause.
In plain English, this clause says is that if you give me verbal approval (during a Consultation, say) for me to send you my newsletter – in which there is always an ‘unsubscribe’ option – then your actual ‘opt-in’ written permission is not required after all, which is a great relief to everyone!
The actual wording – and this is taken from Page 2 of the GDPR Advice Sheet: Communicating with Patients (©Technology Tamed Limited 2018) headed ‘Marketing to Existing Patients’ – is:
‘The ICO has produced some specific guidance on communicating with existing “customers”, confirming that in most cases you do NOT have to contact your existing patients before May 25th to obtain their explicit permission to continue communicating with them.
This is what the ICO says: “131. Although organisations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’. This means organisations can send marketing texts or emails if: · they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person; · they are only marketing their own similar products or services; and · they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.” *
Although this is not mentioned specifically in the GDPR Regulation text the ICO has confirmed that soft opt-in is permitted under GDPR. This means you may continue to email or text existing patients to tell them about new goods and services such as new therapists joining your practice as this would be deemed to be soft opt-in.
Note that you must provide a simple method for your patient to opt-out of receiving further marketing communications. This means having a clear option to unsubscribe from marketing emails (which is easy to do if you use a program such as Mailchimp) and in text messages giving the option for the patient to reply using a term such as “STOP” to remove them from the marketing database.’
You may remember that the ICO is short for the Information Commissioner’s Office, an independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
I hope that’s clear for everyone and that we can now all move forward in the knowledge that we are all compliant!