A guide on 6 steps you need to take to be GDPR compliant

Now you’re up to speed on what GDPR is, we’ve put together a checklist of actions you can start taking now to be ready for when it comes into place in May 2018.

1. Be transparent with your data

That means checking you have the basics right before you do anything else. You need to know how you’re collecting data, where it is being stored and how it is being used. Don’t forget that everything from your website analytics and campaign tracking, to your CRM database, is included.

Run an internal audit so you know what data you have and consolidate where possible. It will make your data management process run much more efficiently.

2. Get your permissions sorted

Start planning consent into all of your campaigns now, or even better, run a specific opt-in campaign. Make sure the cookie policy banner on your website doesn’t follow implied consent, and if it does, change it so you’re getting explicit consent.

There must be a positive opt-in and consent cannot be inferred or assumed from silence, pre-ticked boxes or inactivity. Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.

3. Keep a record

GDPR requires organisations to document and provide evidence of storing, managing and using data. It must be readily available no matter where you are in the marketing chain.
Consumers have the right to access what personal data of theirs is being processed, as well as the right to be forgotten / erasure to ensure they receive no further communication.

4. Responsibility to keep it private

Privacy needs to be clear and at the forefront of an organisation’s plans to managing data. Develop a system for the safekeeping of personal data and identify areas that may need to be strengthened.

Pseudonymisation is recommended as the most effective means for protecting customer data; it is defined as “the processing of personal data in such a way that the data can’t be attributed to a specific data subject without the use of additional information”.

5. Make it someone’s job

Dedicate the management of data to an individual or team, depending on the size of your business and its operations. Make sure they are informed with the latest developments to ensure your business is GDPR compliant.

6. Take advantage of time now

GDPR doesn’t come into force until 25 May 2018, so do what you can now and have peace of mind knowing you’re already compliant. There are some quick wins you can put into practice; gain consent, be transparent and be relevant. Don’t deliver marketing communications for the sake of running a campaign.

In the long run, your end customer will thank you.

Need a reminder of what GDPR is?

No Comments Yet.

Leave a comment