EU GDPR Compliance checklist: What You Need to Know
We hope you know what it is! I won’t be surprised if you don’t.
According to Hubspot survey, just 36% of marketers have heard of GDPR, while 15% of companies have done nothing, and are at risk of non-compliance.
That’s plain sad. But, we are here to help you out
GDPR will affect how the marketing companies store, obtain, manage and process personal data of EU citizens (whether or not you are based in EU is immaterial).
Did you know that the potential fine for non-compliance can go upto €20 million or 4% of their global annual revenue (whichever is greater)?
I think GDPR has all your attention now. Of course, you cannot afford to ignore this!
The EU GDPR Compliance Checklist for B2B Marketing
Here is a GDPR checklist you need to do follow in 2018
#1: Data Mapping And Accountability:
Not only do you need to conform to GDPR, you also need to demonstrate that.
So, what can you do to embed this culture in your organization?
A. Start with an extensive data audit to understand your obligations under GDPR.
It is simple, ask yourself
- What data do you hold?
- Why do you need that data?
- What do you do with it?
- Where is it held/stored? and
- How do you process it?
- Who is it held by?
- What tools do you use? Do not forget to consider the information store in any marketing tool like Marketo or Hubspot. Check the agreements you have with these providers because they are processing personal data on your behalf.
In case the data is across platforms or locations, you should consolidate it at a central location.
B. Provide extensive training and awareness to your employees and staff
C. You are also required to ensure the security of the data against any unauthorized use, disclosure or alteration using “appropriate technical and organizational security measures”. These could be –
- Security measures like encryption and pseudonymization, and
- data minimisation (you are allowed to collect data which is limited for the intended purpose of collection
Wasn’t that obvious?
A. Transparency is the heartbeat of GDPR and you need to know all the “Why’s” we discussed above.
This requirement revolves around one important question
Do you really NEED to hold this data?
Remember, your risks increase with more personal data.
B. It is important to review and update the privacy terms and conditions that are shared with customers to record any changes you have made.
C. You also need to have a data retention policy. Under GDPR, you are allowed to store data to fulfill the intended purpose only. If the purpose is over or the relationship is terminated, you should have a clear policy of how long will you be holding the data and the justification behind it.
You cannot be sneaky with subscriptions or sending marketing emails.
GDPR has changed the opt-out practice to opt-in which means that users can receive marketing emails ONLY IF they consent to receive it.
Consent should be freely given, specific, informed, unambiguous and provided by ‘clear affirmative action’.
- Pre-ticked boxes are no longer valid.
- Consent cannot be presumed
- You need to ensure that the person who is consenting is who they claim to be. For this purpose, you can send a follow-up email asking for confirmation.
- You need to carry out a re-permission campaign. The consent you obtained before GDPR came into the picture (even though legally) will not be considered. So, review consents.
- For the purposes of lead generation, we all develop content. When the users part away with their information, we tend to use it to send them other material. This cannot be done any longer with EU citizens. If you want to do this, you can add a simple checkbox (for consenting to receive marketing materials) to each lead magnet page/form.
Your opt-ins should have this clearly stated along with the above:
- What they will be receiving
- How will they receive it
- What is the frequency of this
- Who will have the access to data (including any third party) and details if the user wants to contact them.
#4: Data Subject Rights:
Users have the right to control their data under GDPR. This has created a buzz in the marketing arena
You know why, right?
Users have a “right to be forgotten” i.e. you may see an influx of requests to delete data from your database. Users can withdraw their consent at any time as well as restrict the use of personal data for only prescribed purposes.
It doesn’t end there! You also need to ensure that users know about this right of theirs.
Work toward putting a mechanism to comply with this.
These are a few important changes you need to comply with before May 2018.
Yes, GDPR is a step toward gaining control of your personal data. You need to remember that the data is not yours, it is of that individual. Comment below and let us know if this was helpful.