In an industry where the ability to effectively reach your intended audience is massively reliant upon personal data, the new GDPR is certain to have a colossal impact and to be a major cause for concern. Compounding this, the severe financial penalties associated with non adherence, mean it is imperative that organisations assess their marketing activities and bring them into line with GDPR best practice.
Whilst already in force in the UK, GDPR will not be enforced by the Information Commissioners Office (ICO) until 25 May 2018. Subsequently there is no case law available on the practical application of GDPR to marketing practices at this point, making it extremely difficult for organisations to effectively interpret and apply the new legislation. This leaves marketeers in some what of a sticky situation – you certainly don’t want to be the test case organisation for the ICO, but you don’t want to lose the ability to effectively market your organisation and reach your target audience.
Through my knowledge of; data protection legislation, previous case law relating to marketing and data protection, the ICO and the incoming legislation, I have identified some practical and easily implemented steps organisations can take to increase GDPR compliance levels within marketing activities.
Assess the current data you hold for marketing purposes. Are you holding irrelevant personal data which you don’t have any need for? Many organisations mistakingly collect too much personal data. Holding irrelevant personal data is not only a violation of GDPR but it increases the likelihood of a data breach. Make sure you are holding the information you need and no more.
- Streamline your data capture forms. As with the point above, only ask for and collect the information you really need.
- Train all your marketing staff in data protection. It seems an obvious one but in my experience marketing staff almost never receive data protection training and subsequently there is a lack of knowledge as to how data protection impacts on marketing practices. By training your staff you will empower them with the knowledge they need to identify data risks within your marketing activities and implement changes to ensure GDPR best practice.
- Risk assess your marketing department. Focus on the journey of data within the department; where and how it is stored, who accesses it, how it is segmented and how it is used for marketing purposes. By gaining a more detailed picture of the data flow within your department you will be best placed to identify areas for improvement.
- Update your policies. The ethos of creativity and innovation within marketing departments often results in a negative attitude towards policies and procedures. However policies can, if used correctly, act as a point of reference for staff, instilling confidence that their actions are data protection compliant. Further to this, up to date policies are a point of defence against the ICO, demonstrating that your organisation’s marketing activities are up to speed with GDPR best practice.
Following these four basic points will help you on your way towards a GDPR compliant marketing department!
Orlagh Kelly is a Data Protection barrister and a GDPR specialist. To learn more about the impact of GDPR on marketing and more techniques for legally compliant marketing under GDPR our e-learning course ‘Marketing and the GDPR’ is now available for purchase at briefed.pro/shop