Top five tips to prepare for GDPR
Blog

Top five tips to prepare for GDPR

In today’s customer-led world, handling consumer data is a business critical issue for organisations if they want to reach the right audience, in the right way, at the right time.

With new General Data Protection Regulation legislation coming into effect in May 2018, getting data right will also become a legal imperative and could result in big fines – potentially up to €20 million or 4% of global annual turnover, whichever is the greater – for organisations found to be in breach of the regulations, making it even more crucial for businesses to get their house in order now.   

Here are my top five tips for getting started, and making sure business leaders and marketers are compliant with the new legislation.  

  1. Start now. Commence planning your General Data Protection Regulation change programme now as there are several steps required to ensure your organisation is compliant before May 2018.
  2. Find or hire someone that will make your GDPR problem interesting. If you can make the problem compelling and the solution constructive, you will bring people on board with the change programme. The ideal person for the job will be someone who is working with customer data to develop insights for your organisation, as they understand how the business wants to use data.
  3. Identify which processes may cause harm. Make a ‘hit list’ of the processes that are most likely to cause harm to an individual, or the organisation. For example, a GP clinic managing health-related data could cause serious harm if patient data is mishandled, whilst losing the ability to send email marketing messages to your entire marketing database is also harmful. Once potentially damaging processes are identified, describe how the data flows through each process to visualise potential risks.
  4. Identify the external threats and internal errors posed to data management processes. Have you used a third-party agency to create a data capture device, website or landing site?  Make sure they are GDPR knowledgeable and can write programmes and privacy notices that comply with GDPR. Internally, your organisation needs to mitigate errors by ensuring staff are appropriately trained, and records of training are kept.
  5. Put an Information Governance Framework (IGF) in place. An IGF includes a risk register that can help demonstrate your accountability by documenting how you review and act upon data management issues, especially by those with the appropriate levels of experience and responsibility.  

If you’d like to learn more about GDPR and the revised ePrivacy Regulations, view CIM's GDPR webpage for the latest information, advice and guidance.

Duncan Smith Course Director and GDPR Expert CIM
Back to all