GDPR Checklist for Marketers [Infographic]
With GDPR coming into play from 25th May, 2018, both marketing and IT teams across organizations are trying their best to be compliant. If your company is in the EU and / or process information about EU citizens you need to be GDPR compliant. Many companies based outside of the EU may also hold / process data relating to EU citizens and they need to consider GDPR too.
As marketers, we collect enormous data about every individual user / prospect through sophisticated CRMs, marketing automation and analytics systems. Consequentially GDPR will have tremendous impact on how marketing processes run and in many cases will need significant overhaul of entire marketing function. We have created this simple GDPR Checklist for Marketers which will help understand the requirements and be compliant.
Click image for larger view
GDPR Checklist for Marketers
- It is concise, transparent, easily accessible and written in plain language
- It provides a clear overview of how you will use the data
- Provide the identity and contact details of the data controller and data protection officer
- Clearly identify all third-parties who have access to the data
Review existing contact database
- Check if the existing database is completely opt-in and if the opt-in consent has been recorded
- You need to re-confirm opt-in for emails where
- contacts are sourced from third-parties
- No opt-ins are recorded
- unspecific opt-in
- No opt-in for certain ways you wish to use the data
Get opt-in from existing subscribers
- It is advisable to run a campaign to get opt-in from existing subscribers and record them
- This might require a series of emails and the opt-in rate is typically very low, unless your existing list is already a solid opt-in
- Make sure your opt-in email clearly mentions how you will use the data
- If user do not opt-in it is advisable to delete the users from your database
Review all website forms
- Forms are the primary point of data collection on any website and you need to ensure your forms have the relevant explicit opt-in mechanisms, for collecting new user information
- Ensure opt-in consent is recorded explicitly for each purpose for which you want to use the data.
Get your sales team onboard
- In most cases it is your sales team that reaches out to your customers that the marketing team collects
- Educate your sales team on the implication of GDPR. You can reach out to a user only for the purpose he has given the consent.
- So if a user has subscribed to your newsletter while downloading a whitepaper – he has not consented to receive emails/calls from your sales team.
- Establish a process to record consent for contacts your sales team sources from trade-shows and other channels
Review third-party data sharing
- Review all third-parties who has access to your data. Do they need access to all of it? What do they use it for? Revioke access where possible.
- For all external partners / vendors who access your data, confirm that they are GDPR compliant, ask them on what they are doing to ensure compliance
- if you are using Google analytics, anonymize IP addresses and ensure you are not collecting or sending any PII to Google
Audit and sign-off from legal
- Document everything that you have done to be GDPR compliant.
- Ask your legal team/counsel to conduct a thorough audit of all your marketing assets and processes and sign off on it
- While involving legal is expensive, the fines involved are way heavier, so better be safe than sorry.
This is a basic step by step guide that will help your marketing function to be ready for GDPR compliance, however, this is not legal advise, nor is this exhaustive. It is advisable to go through GDPR – www.eugdpr.org in details and understand the full extent of this regulation and take professional legal advise where needed.