Make Peace with GDPR

GDPR isn’t really that scary. At its heart is sensible, responsible data usage. Protecting the consumer, particularly the most vulnerable, is positive for the marketing industry.


GDPR adn the value of personal data

GDPR challenges you to be up front about data; why you hold it and what you use it for. If you are a responsible, credible organisation you will already have transparent data gathering, storage and usage processes.

It’s time to stop viewing GDPR as a necessary evil and start to view it as an opportunity. Put all your data and data usage cards on the table. Think about the data you hold; consider its usage, flows and processes. Put your customers at the heart of what you do and define your rationale behind holding and using their data. GDPR will challenge you and your organisation but it can also empower you and your customer base to develop a more positive, open, and beneficial relationship.

If you think about yourself as a consumer, it’s all very sensible stuff. Here’s a few things you need to do to ensure you’re compliant – it’s not hard, in fact it is pretty straightforward:

  1. Be reasonable; only collect the information you need and only keep it for as long as you need it
  2. Hold data securely and make sure it’s kept safe
  3. Review your data processes; ensure transparency and accountability
  4. Empower your data subjects; make them aware of their rights and give them control over their data
  5. Create policies and procedures; formalise what you’re doing and why you’re doing it – have a rationale for all data storage and processing


Many people we talk to complain there isn’t enough formal guidance coming from the ICO, the government or the DMA. OK, that is true, but it is also understandable as the legislation is still in draft form with policy makers. There is a lack of formal guidance, however, this shouldn’t stop us from getting on with the job! Taking a ‘wait and see’ stance won’t be a sound defence when you find yourself in breach of GDPR and ePrivacy come May 25th 2018. Review your current operations, take a long hard look and ensure that everything you do is fair, accountable, and transparent.

Compliance is crucial.

Review all your data-related processes and operations and be sure you can justify your approach.

Consent is key.

Well, it might be, we’re not yet sure. The ePrivacy regulation may provide B2B marketers with the ability to continue to use existing data under legitimate interest, but this is yet to be confirmed. We would recommend you work on the basis consent will be needed to continue direct marketing to your customer base. Don’t try to trick people into consent, it’s not nice and it’s not clever. Never pre-populate an opt-in box and always keep the wording simple. Consent will be rapidly withdrawn if consumers feel they have been duped, and worse still, you could be facing a fine.

Are you ready for GDPR?Get your GDRP ducks in a row

Once you’ve reviewed you data and its usage and are sure your processes are transparent, justifiable and accountable you’ll need to create your privacy policy. Key elements to this include:

  • Making it visible and available from your website
  • Reference the policy at all points where data is collected
  • Be clear about
    • What data you are collecting
    • why you are collecting it
    • how it will be stored
    • how long it will be stored for
    • what it will be used for

GDPR fundamentals

GDPR might seem an insurmountably scary prospect, but your worries are probably unfounded. If your organisation is credible and your data gathering, storage and processing is beyond reproach you will be fine. If your approach is based on fairness, transparency, honesty and accountability you won’t go far wrong!

For more information, and to quell your GDPR fears further, read Kingston Smith’s informative and concise post on the positives of GDPR.

Post author