There’s a lot to do from now until 25th May 2018, when the new privacy laws come into force.
Whether you’re at the start of your journey to become compliant or you’re well on your way, here are our top 10 tips to prepare for the juggernaut that is GDPR.
1. Assess your data processes
First, you’ll want to familiarise yourself with the way your organisation collects and uses customer information.
- How do you collect, store and record data?
- Who can access customer data?
- Do you already have security measures in place?
2. Review your current procedures
- Before putting any new policies in place, access your current situation will offer a firm foundation.
- What do you do if an individual wants to know what information you hold on them?
- What happens if you breach security?
3. Learn the potential penalties
If the new rules are breached, there are significant financial penalties. Fines could reach €20 million or up to 4% of global annual turnover of the previous year, whichever is highest.
Planning according to the set timeline (you have months left!) will help you avoid any heavy fines.
4. Get everyone on the same page
GDPR is going to be a game changer for everyone. It will cause a shift in thinking in organisations – moving away from the ticking boxes mentality to a privacy culture.
Accountability needs to be at the helm of your organisation’s approach to data management. Ensuring that everyone in your team understands the changes and potential risks to your business. Why not establish a team to tackle the new challenges and take on the responsibility?
5. Appoint a Data Protection Officer
While there is no formal requirement to appoint a Data Protection Officer, having someone who understands the legislation inside out could be a godsend – especially for larger sized businesses. This person will be on hand to work closely with other teams so everyone understands what their role is, negotiate any grey areas and help avoid breaching any rules.
6. Contact your suppliers
In order to prepare for GDPR, you will most likely need to make changes to your systems, in terms of how you store and secure data. Getting in touch with your suppliers now, you will be able to work together to ensure both are GDPR-compliant. Learn what your providers have in place, so you can establish what services you will need.
7. Get your wording right
How do you currently talk to users about using their data? Does this follow GDPR? If not, you need to amend your opt-in and opt-out statements. GDPR demands that consent is ‘freely given, specific, informed and unambiguous’. This means that pre-ticked boxes are a thing of the past. You will need to talk to customers in an age-appropriate, clear and understandable way.
8. Get consent from your customers
Before 25th May 2018, you will want to gain explicit consent from your current pool of customers and engaged data contacts.
9. Run double opt-in campaigns
Then, create an email campaign to tell them about the looming changes, why you need them to double opt-in and why this is good news for them. This will help to reassure your customers, show you’re being proactive and allow you to get as much data as possible to opt-in to your future communications.
10. Keep up-to-date with GDPR
Keep checking back to our GDPR page for updates and the latest advice on how to interpret and implement changes.
If you have any questions about your marketing and plan of action for GDPR, we’re here to help you and your team.