With just one month to go until the new General Data Protection Regulations (GDPR) come into effect, the Digital Marketing Institute (DMI), which sets standards for digital marketing education and practices, has said that marketers must take more responsibility when it comes to companies preparing for, and upholding, GDPR compliant practices.
Forrester Research reported that at the end of last year, 39 per cent of organisations were unprepared for GDPR compliance. The report also found that there is an over-reliance on IT departments to lead the charge within organisations on GDPR compliance, with 53 per cent reporting that the chief information officer was the ‘owner’ of their compliance programme.
Aaron McKenna, managing director, DMI, said while cooperation with IT and legal is important, there is an onus on the marketing department to pull their weight in ensuring their practices are GDPR compliant. The head of the digital marketing department must educate themselves, their team and even the sales team as to changes in their marketing consent practices and the importance of those changes to the organisation.
The DMI has created a GDPR checklist for marketers, which outlines in eight steps how digital marketers can review their current situation and make changes to ensure their databases and practices are GDPR compliant. These are the eight steps to marketing GDPR compliance:
- Auditing your current databases for opt-in consent records for each way in which you wish to use that personal data.
- In cases where you find consent has not been given or recorded, create campaigns to reach out to those contacts to re-request opt-in consent.
- Improve opt-in consent processes going forward, ensuring customers are actively opting-in for each way in which you wish to use their data and that consent is recorded.
- Educate the marketing department and the sales department on the new marketing consent processes, covering the importance of compliance, and which databases they are permitted to use for certain sales and marketing activities.
- Create a streamlined process for freedom of information requests, where a full response can be provided within one month and personal data can be completely expunged on request.
- Prepare a crisis communication plan for a security breach.
With GDPR coming into effect on May 25, many companies that are not yet prepared may panic. While there has been a lot of alarming headlines about GDPR – mainly that the fine for non-compliance with the rules is equal to four per cent of annual global revenue or €20 million – it is the maximum fine and it is likely it will be reserved for repeat offences.
The full ‘Definitive GDPR Checklist for Marketers’ is on the DMI blog