GDPR Checklist for Marketers [Infographic]

With GDPR coming into play from 25th May, 2018, both marketing and IT teams across organizations are trying their best to be compliant. If your company is in the EU and / or process information about EU citizens you need to be GDPR compliant. Many companies based outside of the EU may also hold / process data relating to EU citizens and they need to consider GDPR too.

As marketers, we collect enormous data about every individual user / prospect through sophisticated CRMs, marketing automation and analytics systems. Consequentially GDPR will have tremendous impact on how marketing processes run and in many cases will need significant overhaul of entire marketing function. We have created this simple GDPR Checklist for Marketers which will help understand the requirements and be compliant.

Click image for larger view

GDPR Checklist for Marketers

Start with Privacy Policy

Review and update your existing privacy policy. Ensure –

It is concise, transparent, easily accessible and written in plain language
It provides a clear overview of how you will use the data
Provide the identity and contact details of the data controller and data protection officer
Clearly identify all third-parties who have access to the data

Review existing contact database

Check if the existing database is completely opt-in and if the opt-in consent has been recorded
You need to re-confirm opt-in for emails where
- contacts are sourced from third-parties
- No opt-ins are recorded
- unspecific opt-in
- No opt-in for certain ways you wish to use the data

Get opt-in from existing subscribers

It is advisable to run a campaign to get opt-in from existing subscribers and record them
This might require a series of emails and the opt-in rate is typically very low, unless your existing list is already a solid opt-in
Make sure your opt-in email clearly mentions how you will use the data
If user do not opt-in it is advisable to delete the users from your database

Review all website forms

Forms are the primary point of data collection on any website and you need to ensure your forms have the relevant explicit opt-in mechanisms, for collecting new user information
Ensure opt-in consent is recorded explicitly for each purpose for which you want to use the data.

Get your sales team onboard

In most cases it is your sales team that reaches out to your customers that the marketing team collects
Educate your sales team on the implication of GDPR. You can reach out to a user only for the purpose he has given the consent.
So if a user has subscribed to your newsletter while downloading a whitepaper – he has not consented to receive emails/calls from your sales team.
Establish a process to record consent for contacts your sales team sources from trade-shows and other channels

Review third-party data sharing

Review all third-parties who has access to your data. Do they need access to all of it? What do they use it for? Revioke access where possible.
For all external partners / vendors who access your data, confirm that they are GDPR compliant, ask them on what they are doing to ensure compliance
if you are using Google analytics, anonymize IP addresses and ensure you are not collecting or sending any PII to Google

Audit and sign-off from legal

Document everything that you have done to be GDPR compliant.
Ask your legal team/counsel to conduct a thorough audit of all your marketing assets and processes and sign off on it
While involving legal is expensive, the fines involved are way heavier, so better be safe than sorry.

This is a basic step by step guide that will help your marketing function to be ready for GDPR compliance, however, this is not legal advise, nor is this exhaustive. It is advisable to go through GDPR – www.eugdpr.org in details and understand the full extent of this regulation and take professional legal advise where needed.