The anticipated arrival of the General Data Protection Regulation (GDPR) on May 25th promises to provoke pan-EU pandemonium across any business or organisation handling the data of EU citizens. The GDPR aims to give clients more rights when it comes to their data. So, what does this mean for musicians?

Simply put, the GDPR is an extension of the current Data Protection Act (originally put in place as of 2004), but it can be the source of many a headache for self-employed artists who don’t have the luxury of hiring a personal Data Protection Officer (DPO). Essentially, the new legislation puts customers in greater control of their personal data and stipulates that businesses must:

1. Be able to provide tangible evidence that a fan or follower has allowed you to use their data, such as pulling a report on mailing list subscriptions from your website analytics.

2. Comply with Subject Access Requests (SARs) within 72 hours: if a fan or follower asks to see all data you have on them, you must present it within the given deadline.

3. You must delete all data held on a fan or follower, if requested to do so.

4. You must be able to transfer a fan or follower’s data in a meaningful format and via an agreed method if requested.

5. Store accurate and relevant data on a password-protected computer or cloud-based server, that has up-to-date cyber-security software, for no longer than necessary.

In an oversaturated ecosystem, it comes as no surprise to discover that bands spam fans with upcoming events to boost ticket sales, and approach venues with promotional material in the hope of cutting through the noise and bagging a gig. In fact, some artists go to extreme lengths to grasp new opportunities.

Recently, one band disclosed to me their investment in a “database” of contact details for venues, with the intent to make speculative approaches for gigs. While I applaud their ingenuity and this acknowledge that it may be a temptation for many readers, there are drawbacks to this technique that require serious consideration when new GDPR laws come into place.

Purchasing information from third parties might seem like a time-saver, but it may end up costing more in the long-run. The GDPR places responsibility at everybody’s feet; if you have not taken reasonable measures to ensure that the data was obattained in line with regulation, you are suceptible to some heavy fines.

Information that is freely available in the public domain can be used and stored as each individual sees fit. However, if the data has a personal identifier, it falls under the classification of personal information. For instance, if you are storing a generic venue e-mail address (e.g., there is little to consider. On the contrary, if the e-mail address contains a name (e.g., it qualifies as personal data, and must be acquired, stored and processed in line with legislation. Purchasing information from third parties might seem like a time-saver, but it may end up costing more in the long-run.

If you insist on inundating venues and fans with unsolicited marketing e-mails, it could negatively impact engagement. Have you ever unfollowed or blocked someone because they insist on filling your inbox with irrelevant junk mail? If you gain a reputation for poor marketing etiquette, you may find it impacts your reputation on the scene, resulting in less bookings – and less income as a result!

Coming from somebody who works in PR, venues and fans will favour personalised e-mails that haven’t been obviously mass-mailed, and will be much more likely to offer you a gig or buy your tickets.

Moving forward, whether you are storing personal data for venues or fans, and intend on adding them to your mailing list, it is critical to gain their permission to do so; consent can no longer be inferred from silence or tick boxes.

With regards to revamping existing mailing lists, it is advisable to offer everybody on it the opportunity to revise their options; this could be as simple as sending an e-mail to the mailing list saying something along the lines of “We are updating our records to ensure we are meeting the requirements of the General Data Protection Regulation (GDPR). If you wish to continue receiving our promotional e-mails, please click the button below, otherwise we will remove you from our database.”

While it is a frightening prospect to ask venues and fans if they still wish to receive your promotional material – for fear of a modest mailing list become even less impressive – there is a surprising advantage: a smaller list of actively-engaged potential clients offers the opportunity to personalise content and target it with more accuracy. Similarly, you may notice a higher conversion between the number of clicks from links in e-mails, and ticket sales or event attendance. Why carry around dead weight in your mailing list?

So with the clock ticking toward GDPR implementation on 25th May, take some time to revamp your client database. While it might seem like an unnecessary complication, your fans will appreciate you for respecting their rights and reviewing your marketing strategy will “force” you into thinking more creatively (both major benefits for you, as an artist).

The moral of the story here is to get compliant. Once you’ve done that, get ready to watch the punters roll in!