Dan Telling
Dan Telling 22 November 2017

The final countdown: five key steps to GDPR success

With mere months to go until the General Data Protection Regulation (GDPR) comes into effect, it is dominating the news agenda and is a top priority for businesses. From retailers to charities and the manufacturing industry to financial services, the impact of GDPR will affect every organisation that handles customer data and will be far reaching.

Indeed, it has the scope to change the face of marketing completely. Yet behind the hype, there is much confusion from businesses of all sizes from across industry, which know that they have much to do to comply with GDPR, yet do not know where to begin.

While for many, compliance with GDPR may seem like a huge task, those that embrace it as an opportunity to lead the way in the new consumer democracy and demonstrate a new level of transparency and trust, will be the ones who ultimately win. Although undoubtedly a complex task, GDPR offers as many opportunities as it does challenges.

Understanding the requirements of GDPR is one thing, but being able to translate this into compliance is something else entirely. And of course the larger the organisation, the more complex the process.

With this in mind, what can organisations do to ensure they comply?

1. Map your data flow: conduct an audit

This is perhaps the most important step, and the one which every other element of GDPR compliance is built on. Get the discovery phase right and the rest will follow, get it wrong and the entire process will be beset with problems. By conducting an audit organisations can establish:

  • What data has been collected
  • Where it is being stored
  • Who is using the data
  • Why the data is being collected and its purpose
  • When permission was granted
  • Where permission was granted

As part of this process, businesses can also determine which legal definition they are processing data under. They will also be able to highlight where they may need to go through a re-consent process with customers, which can act as a great way to reconnect with individuals.

2. Examine your privacy policy

Providing privacy information is already a requirement under the DPA, but GDPR takes it a step further. It has a specific emphasis on making privacy notices understandable, transparent and accessible. Best practice here is to explain with each piece of data collected why it is being collected and how it will be used. This will make it easier for individuals to understand and also be repeatedly informed about how their data is being stored and used.

Of course the level of detail needed in a privacy policy will depend on the type of organisation. For a mail order company who just needs to collect names and addresses it will be fairly straightforward, for a large organisation such as Sky, it will be far more complicated.

What remains the same, regardless of the size of organisation or sector, is the need to take the opportunity to help empower customers and build trust. For example, organisations could look to integrate a permissions management dashboard into their privacy policies, which will not only give customers greater control, but will also enable businesses to use data more effectively.

3. Appoint a Data Protection Officer

Having a suitably knowledgeable person or team of people that focus solely on data protection is not a prerequisite of GDPR, but it will hugely help in complying with it and with data management and governance generally.

If there is not someone with this expertise already in the team, then businesses need to act now to train or recruit someone.

Their role will be two-fold, to act as someone individuals can contact regarding their personal data and also to cascade out information about GDPR and data protection across their organisation.  

The Data Protection Officer will also be key in helping to gain board level support, as once this is in place then half the battle is already won.

4. Educate everybody

Every single person within an organisation needs to understand the importance of GDPR and that there is a fundamental move within the organisation to treat data differently going forward.

This again demonstrates why a Data Protection Officer is so vital as they will play a pivotal role in ensuring this happens.

As GDPR compliance essentially involves implementing a new data strategy, it is especially important that the board fully understands the impact of GDPR and is on-board with making resources available to implement the changes.

5. Communicate externally

Once everyone internally understands the new data strategy and is aware of the role they need to play, businesses can then communicate their new approach externally.

It is hard to impress how important transparency with customers here is – and not for the sake of compliance with the new regulations, but for the good of the company as a whole.

Complying with GDPR is a massive task, but it also offers a unique opportunity to develop completely new ways of working that are based on the key principles of trust and transparency. If customer experience is the battleground of the future, then data is key to winning the war and GDPR is the perfect opportunity for businesses to rethink their approach to data and the enhanced customer relationships and experiences it allows.



Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
8 Digital Marketing Trends to Watch in 2023

8 Digital Marketing Trends to Watch in 2023

The internet has conditioned customers to demand instant gratification, and that’s only set to continue. In 2023, customers will expect a response time of just hours. No more sending an email and waiting days for a...

Azeem Adam
Azeem Adam 3 May 2022
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
The 3 Most Important Stages In Your Presentation

The 3 Most Important Stages In Your Presentation

If you want to deliver a presentation on a particular topic and you have to prepare yourself for it you should make sure that you go through several very important stages in order to craft a compelling, persuasive and...

Nicky Nikolaev
Nicky Nikolaev 16 February 2016
Read more
How to Encourage Customers to Post Photos about Your Brand

How to Encourage Customers to Post Photos about Your Brand

Visuals impact buyer behavior – there’s no doubt about it. But not just any visuals will have the impact you planned on your eCommerce marketing strategy. If the only images your customers see in relation to...

Luisana Cartay
Luisana Cartay 8 June 2016
Read more
Deep Link vs. Universal Link: Which One is Better?

Deep Link vs. Universal Link: Which One is Better?

Are universal link and deep link the same thing? There are some big differences, let's understand them.

Stefano Pisoni
Stefano Pisoni 17 March 2020
Read more