An experienced data professional who has been working within the direct marketing industry for over 20 years. Having spent 17 years as owner and MD of Data HQ Ltd his remit covers the whole of the management spectrum including; strategy development, organisational structure, company policy & procedure and product development.
The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018, which means we’re now only a year away from implementation.
GDPR effects every organisation that uses personal data from EU citizens. According to the Direct Marketing Association (DMA), it marks big changes in the way organisations manage their marketing - particularly how they seek, collect and record consent.
With the change in regulation looming, we thought we provide this handy guide to help you with your preparations. We have also produced this useful infographic
10 Step Essential Guide
- Understanding: what personal data do you hold? Organise a data audit which will help document what you have, where it came from and who you share it with.
- Awareness: ensure all key decision makers within the organisation are aware the law is changing to the GDPR.
- Regulation: review procedures to ensure all the rights individuals have are covered e.g. how you provide data electronically (and in common format), and how you would delete personal data if requested.
- Requests: plan for how the organisation will handle requests within the new timescales and provide any additional information that customers may demand.
- Processing: review various types of data processing your organisation carries out, identify the legal basis for carrying it out, and ensure this is documented.
- Consent: review how the organisation is seeking, obtaining and recording consent and whether any changes are required.
- Breaches: ensure the correct procedures are in place to detect, report and investigate a personal data breach.
- Officers: ensure there is a nominated Data Protection Officer or someone to take responsibility for data protection compliance.
- International: understand which markets your organisation operates within. If this is international you should determine which data protection supervisory authority you fall under.
Our insights in your inbox
We would like to keep in contact by sharing our newsletter, offers and new product information. Please click subscribe if you are happy to hear from us.