Digital Marketing Institute: “Marketers must share responsibility for GDPR compliance”

With just one month to go until the new General Data Protection Regulations (GDPR) come into effect, the Digital Marketing Institute, which sets the global standard for digital marketing education and practices, has said that marketers must take more responsibility within organisations when it comes to preparing for, and upholding, GDPR compliant practices.

According to Forrester research released at the end of 2017, 39% of organisations were still almost completely unprepared for GDPR compliance. The report also found that there is an over-reliance on IT departments to lead the charge within organisations on GDPR compliance, with 53% reporting that the Chief Information Officer was the ‘owner’ of their GDPR compliance program.

Aaron McKenna, Managing Director, Digital Marketing Institute commented: “While cooperation with IT and legal is hugely important, there is still an onus on the marketing department to pull their weight in ensuring their practices are GDPR compliant. The head of the digital marketing department must educate themselves, their team and even the sales team as to the changes necessary to their marketing consent practices and the importance of those changes to the organisation.”

The Digital Marketing Institute has created a comprehensive GDPR checklist for marketers, which outlines in eight steps how digital marketers can review their current situation and make changes to ensure their databases and practices are GDPR compliant.

The 8 steps to marketing GDPR compliance are summarised below:

1. Ensuring your privacy policy is in line with the prescriptive guidelines set out in the GDPR legislation
2. Auditing your current databases for opt-in consent records for each way in which you wish to use that personal data
3. In cases where you find consent has not been given or recorded, create campaigns to reach out to those contacts to re-request opt-in consent
4. Improve opt-in consent processes going forward, ensuring customers are actively opting-in for each way in which you wish to use their data and that consent is recorded
5. Educate the marketing department and the sales department on the new marketing consent processes, covering the importance of compliance, and which databases they are permitted to use for certain sales and marketing activities
6. Audit third parties who have access to the personal data of your customers. Review whether they need such levels of access, their own GDPR practices, and whether you need to add any relevant information regarding them to your privacy policy. Digital marketing agencies should also audit their own levels of access to their client’s databases and request decreased levels of access to remove any personally identifiable information if necessary
7. Create a streamlined process for freedom of information requests, where a full response can be provided within one month and personal data can be completely expunged on request
8. Prepare a crisis communication plan for a security breach

As the GDPR deadline draws closer – coming into effect on 25 May 2018 –  many companies that are not yet prepared may start to panic. However, McKenna continues: “While there has been a lot of alarming headlines about GDPR, mainly that the fine for non-compliance with GDPR regulations is equal to 4% of annual global revenue or €20 million, remember that this is the maximum fine, and will likely be reserved for repeat offences. If you follow our guidelines and document your process, you can show you are doing the utmost to comply with the regulations. We also strongly recommend that you work in close collaboration with your IT team and legal team to ensure there are no loose ends regarding compliance.”

You can find the full ‘Definitive GDPR Checklist for Marketers’ on the Digital Marketing Institute blog.