How to ensure you comply with new data regulation GDPR

With enhanced data protection regulations set to come into force on May 25 2018, the implications of the General Data Protection Regulation (GDPR) will affect your company’s marketing efforts - so make sure you understand what it means for your marketing.

GDPR is a legal requirement which will ensure businesses take greater responsibility for the acquisition, storage and distribution of personal data.

How will GDPR affect your business? The answer is likely in a big way.

Research has found that only 25% of existing data will meet the new GDPR requirements and, as any business found to be noncompliant will face fines of up to four per cent of their annual turnover or up to €20,000,000 (whichever is greater), it’s essential that you make sure your business data and processes are compliant with the new regulations.

How will GDPR impact marketing?

GDPR will affect five critical areas of your day-to-day business marketing:


  1. Data acquisition

Data acquisition is a critical element of the new GDPR requirements. Crucially it affects your own data as well as any 3rd party data that you may be acquiring or using as part of your marketing communications. The obligation for data security is shared between the data owner and data handler. This means that if you are relying on 3rd party sources for the supply of any or all of your marketing data, it is your responsibility to demonstrate sufficient due diligence to show that the data that they supply to you is compliant.

Equally, if you are relying on 3rd parties to handle your data, such as an agency to process your email marketing campaigns, it is up to you to make sure that they are handling your contact data in a compliant way.


  1. Opt-ins, opt-outs and consent to communication

Under the new rulings, ‘Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.’

This new guideline means your prospects and customers must agree that the data they submit can be used and that they can be contacted by your company. If you regularly issue email marketing campaigns or collect data on your website you’ll need to make some changes in light of GDPR.

In particular, the terms and conditions that a prospect or customer agrees to will become much more significant and must be recorded to demonstrate not only that a contact has signed the terms and conditions but specifically the terms they signed at that time. You must get permission from your contacts relating to both the content of your communications and the method of contact.

It is also important to understand that consent is not the only reason for storing and using contact information. Legitimate Interest, defined as a legitimate use for a business and falling within reasonable expectations of the customer,  is also acceptable. In this case you must be able to document and demonstrate the considerations you have made when deciding to utilise this data.  

  1. Giving consumers a way to access and remove data

GDPR is designed to give consumers more control over how their data is collected and used.

Under the new regulations, individuals have the right to access personal data concerning them as well as the right to have personal data erased where it is no longer necessary in relation to the purpose for which it were originally collected. If an organisation does not remove data when asked, they will be in breach of the regulation.

  1. Data storage and handling

A key element of GDPR is to minimise the risk of data breaches, promote responsibility amongst organisations to protect their customer data and to encourage data minimisation. Fundamentally this means only capturing and storing information that you have a plan and purpose for using.

In real terms, this will typically mean a review and audit of your data collection requirements to bring it in-line with your plans for using the data. For example, if you only communicate with your prospects via email, you have no reason to retain their mobile phone numbers.

In addition to this, it is likely to result in the need for a review of data storage and handling procedures and policies to ensure that employees throughout the business are sufficiently aware and considerate of the issues relating to data security.  

  1. The legal process for processing personal data

In order to check your business complies and avoids hefty fines, you’ll need to ensure that your data collection is closely monitored and is only used for the purpose for which it was originally collected.

Your business should perform an audit of the types of data processing carried out and identify the legal basis for processing the information you keep.

Preparing your business for GDPR

No business can afford to ignore GDPR - any business which holds and uses personal data of individuals within the European Union (EU) will be affected by the new regulations regardless of their location. It’s essential that you read up on the regulations and determine what they mean for you and your business so you can take action to ensure you have the correct controls in place by May 2018.

It’s possible that GDPR may cause temporary difficulties for marketers as the industry gets used to the new practicalities of the regulations but, we feel that it might just bring about new and more targeted marketing methods with sensible use of data - so good news all round for businesses and individuals.

By being more transparent, marketers will avoid the murky waters of automatic opt-ins, hidden information and mass distribution of email marketing. It’s an opportunity to do things better - with GDPR in place, businesses will be targeting the people who want to hear from them likely leading to higher engagement rates.


With less than a year to find out what GDPR  means for your marketing and put necessary changes in place, get in touch with the r//evolution digital team.

Posted by Adam Blenkinsop
on October 31, 2017