One year on from GDPR

By Isla Munro

5 minute Read


  • News

It's been one year since the GDPR came into force on 25 May 2018.

The ICO created the law to ensure individuals have greater visibility over how organisations analyse, protect and use their personal data.

What we have learnt in the last 365 days....

  • Prepare - make sure you have mapped your data flows, that you understand how your data has been gathered and where consent came from
  • Implement - continue to communicate with your existing customers, ensuring there are clear opt in or opt outs where necessary on your marketing materials
  • Review - check your performance against your GDPR plan. Understand how your opt outs are working and if they could be improved. Make sure you keep a secure suppression list
  • Common sense - if it doesn't feel right then it probably isn't! A lot of common sense comes into play with GDPR. Treat your customer data like you would like a company to treat yours
  • Legitimate Interest - is the trusted route to communicate with cold prospects via mail. There are three elements to the legitimate interest basis. It helps to think of this as a three-part test. You need to: identify a legitimate interest; show that the processing is necessary to achieve it; and balance it against the individual's interests rights and freedom.

Isla Munro image

About the author

Isla is an experienced Managing Director, marketeer and leader. Driven by creative data led solutions, she takes pride in providing the best direct marketing campaigns and strategies. As Dragonfly’s Managing Director, her goals include delivering growth not just for her clients, but her team too. Isla sits on the Royal Mail Strategic Mailing Partnership board and the DMA Scotland committee and has spoken at many industry events on topics including GDPR and direct marketing.