Ok, so everyone is already talking about GDPR – and rightly so, the clock is ticking and now is not the time to stick your head in the sand. But what exactly should we all be doing to make sure we comply? At our recent Digital EDGE event Paul Maylon from Experian set out four very clear actions that’ll help us all do just that.

But before we start, here’s a quick reminder of what GDPR is:

The General Data Protection Regulation or GDPR is a set of rules for what customer data we can collect, how we collect it and what we can do with it. It is like Data Protection on steroids. These new regulations come into force on the 25th May and cover any online identifier that can be linked back to an individual. This means that pretty much all the data you have collected on your customers and prospects is going to need to comply with these new regulations.

The aim of GDPR is to reinstate the trust between people and businesses where data is concerned. The onus is on getting companies to be more transparent and to work more collaboratively with the people whose data they’re collecting. The negative impact of the Cambridge Analytica and Facebook data disaster is a case in point as to why this is so important.

Here’s what the guys at Experian recommend you do:

1. Take stock of your data

First up, you need to find out what data you have – this is the discovery phase. Take a look at all your data sources – your own data, data you hold on the cloud and any bought-in 3rd party data. Pull absolutely everything together to get a very clear picture of your data landscape. Don’t forget to use any transactional data to give further information on dates, times and privacy policies agreed to. You will undoubtedly find you have far more data sources and far more data held than you thought you did.

2. Assess the consent you have

This phase focuses on profiling the data and finding out whether you already comply with GDPR.  Do you have the date stamp ie when the data was collected? Do you know what the consent was given for? This could vary widely between different data sets – for example, does Y mean yes to opt in or opt out? Do you have a database that overrides any other databases? Can you delete any data that you don’t use to minimise risk? What unknowns have you discovered?

3. Set up a single consent view

This is the main aim of this process. It is about moving away from multiple disparate databases to collating the data in a connected way so that you can match all consents to an individual. You will need a date stamp, details of how the consent was given and what for, to know that you were clear on why you were collecting the data and that people had the opportunity to opt out. You also need to make sure that if consent changes in the future that you can update the details in one database and that this will automatically update across all databases where information about this individual is held.

4. Set up a permission platform

For the future, you will need a quick and easy way to record all consent given and all the information needed to comply with GDPR. The aim of GDPR is to gain trust, which we as marketers should see as an opportunity. Ultimately, people who trust companies, share more information, which will in turn allow us to gain greater insight into the people we want to target. Good luck!

Still after more info? Take a look at this info-graphic that we think summaries GDPR down to a tee!


If you like what you see and you’d like to come along to one of our events then get in touch with [email protected] for more info. We also host other smaller, more sector specific events throughout the year so keep an eye on our social channels, and the events section of our website for all the details.