The complexity and scale of GDPR preparations felt overwhelming at times for all of us. But now 25 May has been and gone, we need to think about what happens next. Here are five things to consider, whether you’re on track, behind where you hoped to be or done and dusted.
Status check
Take a long hard look at where you are. Whatever stage you’re at, now is a good time to revisit the plan, give an honest appraisal of what’s been achieved so far and identify any gaps.
B2B organisations will be using unambiguous consent, legitimate interest, or a combination applied to different data assets (for example, legitimate interest for customers and consent for prospects), to justify the processing and profiling of personal data. Make time and space to assess processes surrounding these measures, and recalibrate as necessary.
Unambiguous consent is a demanding criterion, so consider whether strategies to achieve this are working, or if they need fine-tuning. If you’ll be relying on the legitimate interest provision, make sure you have conducted the necessary assessment test. It’s a good idea to interrogate the process to ensure it’s robust, transparent and stands up to scrutiny.
Security and technologies need to be reviewed as well, to ensure everything is in place and ready to go.
Prioritise
GDPR is highly complex and it represents a significant change to data protection in the EU. It’s been hyped up for the past 18 months, and potential penalties are fearsome. Naturally, it can feel like there’s a lot at stake. But try to keep perspective and understand that perfection may be hard to achieve.
It is important to make every effort to focus on key aspects of compliance and ensure you have them firmly in sight. So work out which areas within your business are most likely to infringe on people’s personal data and make them the top priority. From here, you can assess the challenges you face – from opt-in issues to technology requirements – then map out a path to address them.
Focus on the team
From GDPR weariness to lack of awareness, the attitude of people within an organisation can represent a significant vulnerability. It’s vital that all corners of the business are on board with what needs to be done. This is best achieved with a cadence of internal meetings to ensure alignment and consistency.
With so many stakeholders involved, GDPR compliance mechanisms need to be straightforward. Talk about the policies and invite different departments to contribute ideas to make them more workable. It needs to be made clear that this is a shared responsibility. Otherwise, a confused situation may arise, where everyone blames someone else for noncompliance.
Network
There are many online and offline sources of guidance from experts and officials. But it’s also helpful to discuss GDPR informally with your peers. Reach out to friends, talk to your LinkedIn network and attend events. Find out how B2B organisations are approaching challenges in the real world.
This is important, because it is hard to tell what will happen when the dust settles. Over time, best practice will emerge, and it will be possible to make informed, risk-based decisions surrounding areas where the regulation doesn’t offer prescribed measures. But for now, just asking other people what they’re doing could reveal new ideas, or simply put your mind at rest.
Look forward
How will you balance the reality of GDPR compliance with effective marketing? Set a timescale for assessing any impact on sales and marketing to establish whether they are still operating effectively, or if processes need to be adjusted. Let’s not forget the e-privacy directive either. Once the GDPR strategy is roughly in shape, any marketers using phone, email or text need to turn their attention to that.
What now?
Whatever stage you’re at on the GDPR journey, there are bound to be areas that need more work. But don’t beat yourself up about it. Most organisations are in the same position.
In the coming weeks and months, there will be more clarity surrounding the ICO’s enforcement of the regulation. We’re also likely to see companies talking more openly about what they’ve done to ensure compliance. Keep an eye on how this unfolds, and adapt your approaches in line with organisations that you respect or that operate in a similar way to your own.
Remember that nobody has all the answers. So have confidence in what you’ve done so far, and understand that it can evolve and improve over time.