As much as you might like to close your eyes, put your fingers in your ears and pretend it’s not happening, it’s only a matter of months until the GDPR comes into force across Europe.
This new data protection law will significantly affect the way B2B marketers collect and process personal data, and imposes some seriously significant fines for non-compliance – up to €20 million or 4% of annual global turnover, whichever is larger. It introduces new and strengthened rights for individuals with regard to their data, imposes tougher obligations on firms in terms of data security and privacy, and creates a higher standard of consent for using personal data. But alarmingly, with less than a year to go in May, just a third of marketing and advertising business had even heard of it.
Our essential free download, Getting to grips with the GDPR: A B2B marketer’s guide, aims to provide a comprehensive overview of the regulation, its implications, and practical steps that can be taken to prepare. In the meantime, here are eight things you can do straight away to get on the path to compliance.
Eight practical steps to begin GDPR compliance:
1. Carry out an information audit
Look at how your organisation collects and uses information. Where is data collected and stored? Who’s able to access this data? What security measures do you currently have in place?
2. Raise awareness within your organisation
Most employees will have some connection to personal data the organisation holds and processes. Ensure they understand changes are coming, and the potential impact this could have on the business – and the potential penalties. Make sure senior management is engaged in the process, and establish cross-functional teams to tackle the challenges.
3. Review your privacy policies and statements
Look at what you currently tell users about how you use their data, and assess how far this goes to complying with the GDPR.
4. Assess your policies and procedures
Do you have formal guidance in place on what to do if an individual wants to know what information you hold on them, or if you had a security breach? Understanding the current situation will give you a foundation to put in place the required documentation.
5. Get in touch with your technology providers
Compliance with the GDPR may require changes and amendments to your systems, with regard to how data is stored or secured. Contact your suppliers to understand what steps they’re taking to become GDPR-compliant and support they’re offering their clients.
6. Find out whether you will need to appoint a data protection officer (DPO)
In certain circumstances, organisations will need to appoint a DPO.
7. Look out for updated guidance
The Information Commissioner’s Office and Article 29 Working Party will continue to produce advice and guidance on how to interpret and implement GDPR’s many provisions, so keep an eye out for updates.
8. Be careful
There are already rogue organisations offering spurious certifications for GDPR compliance officers or similarly unnecessary training. The huge scope and nature of the GDPR means you’ll likely need some help to prepare, but look closely at what’s being offered to ensure you’re not ripped off.