GDPR: A resolution you need to keep | DMA

Filter By

Show All

Connect to


GDPR: A resolution you need to keep


Hands up if you’ve failed your New Year Resolutions? Drowned your sorrows in #DryJanuary? Don’t worry, you’re not alone. If there’s one resolution you need to honour for 2018 however, which will pay your business and your marketing dividends, it’s being GDPR ready. Even if you’ve done nothing of significance yet, there is still time to get some key pillars in place.

With broad and far-reaching implications, organisations must understand and comply with the new legislation and demonstrate that compliance. But beyond these technical requirements, brands will also be required to change their marketing emphasis for the long term to grow permissions through compelling, highly personalised and engaging experiences.

We’re often asked to help our clients demystify the new regulation into practical, actionable steps. Here’s some of that advice on how to get started on your own GDPR journey.

1. Carry out a review of the data you capture, retain and hold across your business. Couple this with an assessment of your data security, making any necessary compliance improvements needed to align to the new regulation. Unless these foundations are right, there is little point in going on to update your privacy policy and data capture techniques. You'll need to ensure that you hold opt-in permission by each separate marketing channel, and that these are recorded and time and date stamped before any post-GDPR marketing is contemplated.

2. Ideally you should then appoint a Data Privacy Officer or a person acting as such. When you have everything in place you should register your company with the ICO as a data controller, paying the appropriate fees.

3. Once this is done, you can then begin to prepare the key policies and procedures necessary to comply with GDPR and create a wider data protection policy, if you don’t have one already. As the regulation specifies, you will also need to create and test two new processes; a data access request (also known as a subject access request) and a data breach reporting process. Visit the ICO website to work through excellent practical help in the form of the Data Protection self-assessment checklist to help establish the requirements you need to consider for your organisation.

4. Then is the time to think about changing the emphasis of your communications to drive positive engagement and build meaningful, long-term and rewarding relationships with your customers. Brands must earn, nurture, retain, grow and maximise permissions, giving them the ability to carry on the conversation.

For more practical advice, best practice and thought leadership, visit our dedicated GDPR microsite.

Written by John McDermott, Chartered Marketer and Head of CRM at Jaywing.

Hear more from the DMA

Please login to comment.