How to prepare for GDPR - What we're doing | How to prepare for GDPR - What we're doing | DMA

Filter By

Show All

Connect to


How to prepare for GDPR - What we're doing


Here at fastmap, one of the key components of our research in the last couple of years has been helping organisations prepare for GDPR, whether that be through providing data driven recommendations towards consent and legitimate interest, or through our GDPR workshops. However, while helping other organisations is all well and good, we at fastmap are also subject to the regulation changes and the restrictions that come with them. With this in mind, this article is written to demonstrate some of the ways in which we introduced our GDPR strategy, to show that we ‘practice what we preach’.


As both researchers and an agency, it was vital for fastmap to distinguish between the two in our GDPR strategy. As such, we developed two different approaches to GDPR compliance.


As researchers, it is paramount that we anonymise participant data and remove personal identifiers (PI) as soon as possible, while at the same time maintaining access to the data we actually need for our research. We also need to ensure that we were maintaining ethical research standards and being transparent as to where their data is going and is being held. Fortunately, only minor changes were necessary as we already treated participant information with integrity and care.

Figure 1 shows a simplified version of our GDPR approach as researchers. The key take away from the flow diagram is that participant PI are anonymised and removed from our system shortly after the project has come to a close. That is not to say we remove the actual research data from our system, its just that there are no PI that can link survey responses to actual participants.

Figure 1


As an agency, more work was required to restructure our database to ensure GDPR compliance. A key issue was that there was a pre-CRM period, where we had insufficient information regarding consent of contacts in our database. On opening of our CRM, we updated our contacts and removed inactive contacts, however we still had a large number of invalid entries from the pre-CRM era. Figure 2 shows a simplified version on the problem.

Figure 2

To tackle this issue, we launched an email campaign with two main objectives. The first was to ask people from the pre-CRM era to reconsent to our marketing. The stages of this campaign are outlined in Figure 3. For contacts that we obtained in our CRM period, we simply sent an email notifying people of our new T&Cs and Privacy Policy. The outcome was a fully compliant and engaged database, which we can proudly bring forward post-GDPR.

Figure 3


Moving forward, fastmap will maintain compliance with GDPR and embrace a new data culture. We hope that GDPR will counteract data apprehensions that have been gathering like a storm in the past couple of years – as we discussed in a recent post on data fundamentalism – and business-consumer relationships will be strengthened. However, time will only tell in this case.

For more information about fastmap’s research into GDPR and data protection, Legitimate Interest, Consent and more, visit or get in touch with David Cole, Managing Director, fastmap on +44 (0) 20 7242 702 or

Hear more from the DMA

Please login to comment.