DEMO

Book a demo!

Book a no obligation demo with one of our email experts. Discover how e-shot™ can help you:

One of our team will call you for a brief chat so we can cater the demo to your specific requirements and show you the relevant tools and features that will deliver you the best results.

Blog

GDPR

GDPR Consultations Retrospective

08 Sep 2017 by Sadie Burgess



For many marketing departments the potential impact of GDPR is a genuine concern, with some direct marketers fearing they will have to fundamentally change strategy. There is a lot of confusion out in the market place too, particularly around B2B marketing, contact list purchase and level of detail required for audit.departments the potential impact of GDPR is a genuine concern, with some direct marketers fearing they will have to fundamentally change strategy. There is a lot of confusion out in the market place too, particularly around B2B marketing, contact list purchase and level of detail required for audit.

So on 6th-7th September we held a series of one-to-one consultation sessions at our head office in Epsom to offer our suggestions, best practice advice and, in many cases, reassurance that compliance is realistically achievable by May 2018.

There were two key themes that ran through all the sessions;

1.      Reassurance of the best practical steps to take now

2.      Lack of knowledge of the tools available to ease the process of compliance

So for those who were unable to join us, here are our top tips of things that you can do now to prepare.


You are not alone

Not only should every direct marketing professional be thinking about how the legislative changes will affect them – but GDPR has significant implications for other parts of the business. From HR and operations to IT and infrastructure, GDPR has widespread implications around the business. So the first thing is to find out who else in your business is likely to be affected. By ensuring that you are part of a team focussing on compliance, sharing the responsibility and working together to develop the best procedures, processes and the systems you can work to minimise any additional burden for those required to manage and demonstrate adherence to the GDPR obligations. So, get a working party together and ‘share the love’.


It’s probably not as bad as you think

There has been a lot of scaremongering around GDPR, particularly from consultancy firms that are trading on fear. But for reputable businesses that are already following best practice for their direct marketing and have processes around data collection, security and disposal – the GDPR is not going to represent any meaningful change, it may just be a case of some new documentation, and audit steps – as the requirement for businesses to be able to demonstrate their compliance is more onerous under GDPR. So, don’t panic and take the process step by step.


Make sure you can easily meet the defined requirements

What I mean by this, with your current systems can you easily achieve the prescriptive requirements of

  • being able to provide all data held by an individual upon request and
  • being able to ‘forget’ an individual if they request it

And, once an individual is ‘forgotten’ are your processes capable of ensuring that they don’t get accidentally remembered i.e. through am automated data transfer or similar. Talk to your tech team (or supplier) and see what the technical solutions are to support you.


So from a marketing perspective where do you start?

We suggest starting by looking at your data with the 5 Ws in mind

  • Who do you hold data on currently?
  • What do you use that data for?
  • Where is it stored?
  • When (and where) do you collect new personal data?
  • Why do you contact your customers and prospects?

And two bonus questions to consider

  • How long is your customer life-cycle? (How long can you justify retaining their details)
  • How is this likely to change in the future based on your strategic plan?

By getting an understanding of these questions, and supplementing with answers to technical elements on where and how your data is stored and transferred – you are on the way to completing a Privacy impact Assessment (PIA).  Now whilst PIAs should be conducted at a business level, understanding the data you hold, how it is used and then defining you legal grounds for future contact, is the foundation of your preparations.

 

The practicalities of complying with GDPR will be different for different companies i.e. regularly contacting people under the age of 18 is going to have very different implications to if you are a B2B focussed organisation who only emails contracted clients. And whilst this statement isn’t rocket science, if you are currently consuming content from the web, whether it be webinars, blog articles like this or any other form of media reporting – it is all too easy to get caught up in the sweeping generalised statements designed to mis-communicate or invoke concern.

But just remember, the fundamental purpose of GDPR is to invoke trust and confidence for individuals that as organisations we are treating their data with care and respect and this is your opportunity to demonstrate your focus on customer satisfaction and your credibility as a trustworthy, professional business.


More like this...



Want to speak to someone about GDPR?

Request a no-obligation GDPR Consultation with one of our email specialists

Tags: GDPR

e-shot™ Insights