See our latest news articles
GDPR covers all areas of business. How you use data for marketing purposes is a key element of this, and this is where we are focusing our advice. For many companies, a central plank of their marketing will be their database of existing clients and prospects; we’ve written a separate blog on how to make sure this meets the requirements of the new Regulation.
For advice on other areas of GDPR compliance, please see our recommended advisors at the bottom of this blog.
To be compliant, your record needs to show that you have a data protection policy in place: that you have thought through how it is being used in your organisation (the purpose for retaining the data), how it is being stored and whose responsibility all of this is. So, the first thing your record needs to have is the contact details of responsible people within your organisation.
Who these are will depend on the size of your business and your location, but might include:
There will always be data breaches – that’s a fact of the digital age. But you will have a much better defence – should the worst happen – if you can demonstrate that you have proactively developed a policy to keep retained data to a minimum, that you only use it for legitimate reasons and that you have adequate security processes in place.
You therefore need to have a record of:
As well as demonstrating your data protection policy, you also need to evidence that your database itself complies with GDPR. This means keeping a record for each contact of what they have agreed to (the purposes for which they have agreed you can hold their data, eg direct marketing, third-party marketing) and when they agreed to it.
What’s more, you will have to ask your contacts at regular intervals if they are happy to stay on your database (annually will normally be sufficient), so your records also need to show the dates of subsequent consents and, again, exactly what they agreed to.
You will need to supply this in an electronic form. An Excel spreadsheet will suffice; if you have a CRM system or use a package such as MailChimp, you may be able to generate this automatically through the software (your provider should be making sure your they are offering you the necessary facilities to meet GDPR requirements).
Read our previous blogs on the GDPR in relation to marketing:
For advice on other areas of GDPR compliance, please email our recommended advisor: firstname.lastname@example.org