One month to go until Data Day – Practical steps for compliance

By now, you will have no doubt heard endless presentations on general data protection regulations (GDPR) at networking events and will have an inbox full of emails from different organisations requesting you opt-in to legitimise their marketing efforts post May 25th.

So, what are you doing about the data that you hold?

Hopefully, you have had some time to:

  1. Identify what data you are storing, where it is and who has access to it; known as data mapping.
  2. Decide what you are going to do to ensure you are compliant. Make sure you have clear actions assigned for all the data you hold, with realistic deadlines prioritising tasks accordingly.
  3. Consider what policies and agreements need to be amended. You might consider contacting a solicitor to advise on these changes.

Once your plan is set in place, use it as a roadmap towards compliance and involve your whole team; the changes to UK data law will affect their everyday tasks. So:

  1. Leave enough time for staff training. Getting the whole team involved in GDPR compliance will get the job done faster and provide greater understanding of the changes among individuals.

Once you have completed your data map and trained your staff, it could reveal that your email marketing database is the weakest link in your data landscape. Years of adding contacts from networking events or conferences will have created a large database without clear audit trail. It is important to communicate clearly to the entire list, asking to refresh their consent. So:

  1. Schedule two consent campaigns at least a week apart from each other – one to the entire list, the second one to the non-opens of the first email. Make sure the copy conveys urgency and there are clear CTAs for users to follow.

Your email campaign software should have some advice on how to do this best with their system. MailChimp has provided handy templates which are completely customisable and support your compliance process.

The consent campaigns will leave you with a smaller, but richer, more targeted database which will have better impact than before.

May 25th should be a firm deadline in your diary, but don’t panic if you cannot deliver everything by then, the ICO has advised that, at this stage, they require that you have a solid plan with clear actions in place.

While you’re here, why not learn more about digital trends. Read ‘Make the most of digital trends for your small business’ here.

For official advice, please consult the Information Commissioner’s Office – all information in this blog is KOR’s interpretation of the new regulations and should be used as guidance only. If in doubt, please contact a solicitor.