There’s a myriad of information, guidance, horror-stories, rumours of huge fines and other noise around the new GDPR.
It’s no wonder that marketers can find themselves confused and even stunned into inactivity when it comes to getting started with a GDPR compliance project.
Unfortunately time is not on your side as the GDPR comes into force on 25th May 2018.
Knowing where to start and turn your attention to first is what this blog aims to achieve.
Using the resources that follow, we’re confident that you’ll be equipped with the best tools to feel confident and assured that your future marketing strategies are compliant with the GDPR.
In addition, we’ve cherry-picked specifically those resources that will be the most help to marketers.
Sometimes, in order to get the right information you need, you’ve got to hear it directly from the horse’s mouth.
Happily, the Information Commissioner’s Office (ICO) who are in charge of rolling out the GDPR have produced some really useful resources.
Firstly, there’s the Extensive Guide which explains the various elements of the GDPR and helps organisations to implement the requirements: find this here
Secondly, for those that want a more ‘flash in the pan’ checklist of what they’ll need to sort, this 12-step checklist will highlight the steps you can take right now to ensure that your marketing campaigns and your business is compliant.
The Direct Marketing Association have also produced their very own guide to the GDPR.
Their extensive resource is well worth sifting through as it contains tons of useful information including legislation updates and webinar recordings, all of which specifically relate to the marketing industry.
Here’s an example of what else is included – this is quick read which summarises nicely the role and responsibilities of marketers around the GDPR.
Data Controller or Data Processor?
If you’re not yet sure which category your organisation falls into, then check out the ICO definition and guidance on both terms here.
Once you know how your organisation handles data, you can start to work through these checklists for tracking your progress to compliance.
Privacy & Documentation
Here is another ICO-produced checklist which will help you to create GDPR-compliant privacy notices.
Also worth having a read through is the guidance on what documentation to hold.
The Horrors…They’re Not All True!
The Information Commissioner, Elizabeth Denham, wrote a very helpful myth-busting article which puts to bed a few of those ‘tales’ that have been circling around.
For example the vicious rumour that ‘dentists will no longer be able to ring their patients to remind them about upcoming appointments’… is not true.
What about my suppliers?
You may have heard that the GDPR requires you to ensure that your third party vendors are also complicit?
The consideration to be made here is in instances where a data controller uses a data processor. Essentially, there must be a contract in place.
Here’s a useful checklist produced by the law firm Mayer Brown which lists some of the issues to consider when reviewing the agreements.
Before long you can take deep breath and start longing for summer!
Please note that this article is intended for informational purposes only, representing the views of the author soley, and is not intended to constitute legal advice.