The 10 things you need to know and do now about GDPR


The General Data Protection Regulation (GDPR) comes into force in May 2018.

For most firms, it will have a dramatic impact on the way you collect, store and use personal data.

And with commentators suggesting that GDPR has the potential to be the next PPI scandal, it’s vital that you get it right.

For many firms, compliance will demand wholesale changes to your data processing systems and procedures. For Marketing teams, this represents a massive piece of work to ensure you do not breach regulatory requirements.

Here we look at the 10 things you need to know and do now to prepare.

1.  Understand your firm's responsibilities

     Getting a clear picture of what you need to do is the first step. In March this year, the Information Commissioner’s Office clarified the requirements of the new
     legislation – you can read more about what’s required here.

2.  Carry out an audit

     Review your current approach. What processes do you have for data protection and storage? How is data used? How do you get consent? This will give you an
     idea of the amount of work you need to do.

3.  Identify whether you need a Data Protection Officer 

     The rules are not 100% clear, but it looks as if all public sector organisations will have to appoint an in-house DPO – an individual who will take responsibility for
     data protection. Private firms can decide whether to appoint a DPO or outsource the work. (If you decide to outsource, read more here about some of the
     compliance pitfalls to avoid.)

4.  Risk assess and set priorities

     Time to comply is limited. You need to carry out a risk assessment to identify key areas to focus on. Any systems that hold sensitive personal information
     should be a priority.

5.  Identify external sources and experts that can help you

     The GDPR has spawned a range of consultancies, conferences, guides and other support to help you to comply. Identify whether any of these can benefit you.
     Sometimes, a little external expertise can make all the difference in setting and achieving your objectives. 

6.  Write a clear action plan

     With time limited, you need clear actions and responsibilities. If you have a DPO, whether in-house or outsourced, they can help you to build an action plan. Set
     SMART goals with clear deadlines to help you break down and tackle the GDPR challenge.

7.  Make sure everyone is on board

     The need for GDPR compliance needs to be stressed from the top of your organisation. Ensure your senior management get behind creating a culture where
     good behaviours are embedded. Meeting the GDPR requirements is not optional, and the penalties are severe.

     If any firm is deemed to be in serious breach, they face potential fines of up to €20 million or 4% of the firm’s global revenue.

8.  Get your internal communications sorted

     Anyone who deals with data needs to understand the importance of GDPR compliance. Read about how it will affect your Sales team and what your
     Compliance colleagues need to know.

     Make sure anyone who will be affected receives clear guidance on what they need to do.

9.  Prepare for a grilling by the Data Protection Commissioner

     If asked, could you explain:

  • Where you hold your clients’ and contacts’ data
  • How it is accessed, and by whom
  • How it is shared, both within and outside your organisation
  • How you enable people’s personal information to ‘be forgotten’

     You need to understand and be able to evidence the way you are addressing the regulation’s demands.

10. Understand your obligations if there's a data protection breach

      Under GDPR, all companies and organisations will have just 72 hours to notify data subjects of a breach – or may be fined. Are you confident that your   
      processes enable you to identify and report on a breach within these timescales?

      The GDPR is just the latest in a long line of regulations affecting Marketing teams. Hopefully these 10 tips will help you build a plan to tackle its requirements. 

      For more tips and hints for compliant financial promotions, you can download our Marketing Guide to Compliance.  It covers nine key areas that marketing 
      needs to know about financial promotions and compliance and you can read a copy

New Call-to-action