GDPR and Refer a Friend

Transcript of the Video

Good afternoon ladies and gentlemen, Suzanne Dibble here data protection expert, coming to you raw and uncut. And I'm exceptionally pleased to be able to say good afternoon rather than good evening, it's the first time that I've managed to do a video in the day for a while now. And the reason for that is I wanted to grab five minutes between feeding the kids and putting them to bed, etcetera, to answer what I thought was a great question in the group earlier today, which was all about refer a friend scheme. You know the type, where you're on some, normally quite trendy website, and they have a cool looking box that says, "Refer a friend here, and you'll get so much percent off your next order."

Now, of course, the problem with refer a friend scheme typically is that the friend is giving you the emails of the other friend, without that other friend having consented to them doing that, or indeed to you, processing the information, the personal data about them. So, the first thing that we must always think about is what is our legal ground for processing? And I went through those legal grounds in my two hour training, if you haven't yet watched that, please do go and watch it because it gives you a brilliant overview of GDPR, and just gives you a good grip on the principles so that you don't have to ask umpteen questions about X, Y, Z, because you'll be able to work it out yourself. So please do go and watch that, it's free, the link to go and watch that is in the pinned post. So do go and have a watch of that if you haven't already.

So, the starting point for most things is what is my legal grounds for processing that data? Now, consent is just one of those legal grounds. Saying that in this instance, I’m not sure if any of the others would apply. The other one that potentially might apply is legitimate interests, but I think because the friend wouldn't expect to hear from you because it would be an out of the blue communication, then you couldn't rely on legitimate interest. So you probably are looking at consent.

Now, to even send them an email, in theory, you should be getting them consent. So what you actually need to do to make your refer a friend scheme a GDPR compliant, is that you need to find a way of facilitating a friend to communicate with the other friend. So you could have a bit of software that enables the friend to fill in a form and then the email is sent from the friend to the other friend so that you're just facilitating that introduction if you like.

And then what you would do, obviously there would be some incentive to the friend for being referred, they'd probably get a money off discount code, or something like that. And then, if they fill in that form, the friend that's been referred, if they fill in the form that says, "If you sign up for our newsletter you'll get 15% off your first purchase," or whatever that might be, if they take that first positive action then it's at that point that you can then email them and say, "Here is your voucher code," or whatever it is. And at that point put a tick box in there to say, "We'd love to send you details about our other products and services that we think you would find of interest. Please tick this box to consent to do so." Or, "Please click on this link," if you're using a tagging system through Infusion Soft, or something like that.

So, I think that's probably the main thing to work out how to do. I don't know if there's any snazzy software that does it for you, but if there is a way that you can encourage the friend, and facilitate the communication of the friend directly to the other friend, but you're giving them the information and the discount code and the form, and all of that kind of stuff, then I think that that will be compliant.

So there you go, just a quick video. If anyone knows any of that software.