Back to Blog

Six things to consider to get your marketing team GDPR ready

Jamie Blagden

You’re all good for when the General Data Protection Regulation (GDPR) takes effect on 25 May 2018. Your company has studied GDPR, looked at guidance from the Information Commissioner’s Office (the UK data protection body), a plan’s been formulated and the Board are on-board. The company may smugly believe that everything’s on track but as a marketer have you thought of everything that you need to do? Will you be ready? Will your GDPR-era marketing leave your competitors green with envy?

1. Trust is the key to GDPR success

Our advice, start at the beginning. Get your Privacy Policy right first. Privacy Policies are not usually the first concern of the Marketing Department, this is true. But let us explain. Most Privacy Policies that you see right now would flunk the GDPR test – not only do they fail to comply with the many requirements of the new regulations, they’re written in another language – legalese. Here’s an example: 'Company X' is a company incorporated in the United States and the United Kingdom and is a member of 'Group' X, group of companies (we/us). The personal identifiable information that you submit to us will be processed in accordance with the relevant laws in your jurisdiction, etc., etc. – are you asleep yet? 

Why is this important for the Marketing team? GDPR heralds a new era of consumer control. Successful companies will be engaging and easy to deal with. They will create trust, and this trust will lead to greater data sharing and consequently improved results.

2. GDPR and marketing matters

Article 4 of GDPR states that consent is only legal if it is a ‘freely given, specific, informed and unambiguous indication of the data subject’s wishes’, in other words, in order to be compliant, your Privacy Policy and your data collection notices must be clear and concise. Hiding permission wording deep within Terms and Conditions – not acceptable. ‘Cleverly’ putting the wording after the submit button – not acceptable. Pre-ticked permission boxes – not acceptable. Companies that continue to operate this ‘smoke-and-mirrors’ approach will find their customers losing confidence.

3. Transparency Rules

Check the information you supply at each level of interaction with potential customers – online, on the phone, even in person. Make sure that it’s not only easily understandable, but also genuine. Build in simplicity at every stage. On top of this, think about every future use you may have for someone’s information. It’s much easier to get one permission when you on-board a prospect, than to have to go back and ask for approval of further uses.

4. Fit for purpose

Ask yourself – what personal information do we need for marketing purposes? Name, work address, work email and phone – fair enough. Age, sex, marital status – really? Start collecting race or biometric information and you’re into ‘special categories’ of data – an area where no B2B marketing department needs, or wants, to go.

Next – think about your existing prospect data. Are you going to be able to market to it after next May? This answer is – unclear. The European Union’s Article 29 Working Party has yet to give clear guidance on this subject. Strictly speaking the answer is – no. From 25 May 2018 only data that meets the requirements of GDPR will be usable, so for now assume the worst. Get your permissions in order – develop a compelling campaign, one that engages, one that has your prospects itching for more information or insight from you. 

5. Your biggest GDPR threat

Your company should then turn its attention to the biggest threat in terms of GDPR compliance. It's also your company’s biggest asset. Your staff. Spend time training staff on the importance of GDPR, and seek to create internal structures that make it impossible for human error to place you at risk. Treat personal information like money – don’t leave it metaphorically lying around. Ensure that only those that need access are granted access; and that they know how to treat data in compliance with GDPR. Loss of reputation could be even more damaging to your organisation than fines. The media and competitors will be waiting for someone to slip up.

6. Big box thinking

Lastly, for this episode, think outside the box. In the age of multi-media, who says the legally-required GDPR information needs to communicated in words alone? Even carefully crafted, clear and concise words? Why not an animation, why not video? Check out this clever video from UK Broadcaster, Channel 4.

Look out for our upcoming blog on what GDPR means for US companies and read our previous blog GDPR: What you need to know, or get in touch now.