It’s been one year since the GDPR came into force on 25 May 2018.
The ICO created the law to ensure individuals have greater visibility over how organisations analyse, protect and use their personal data.
What we have learnt in the last 365 days….
- Prepare – make sure you have mapped your data flows, that you understand how your data has been gathered and where consent came from
- Implement – continue to communicate with your existing customers, ensuring there are clear opt in or opt outs where necessary on your marketing materials
- Review – check your performance against your GDPR plan. Understand how your opt outs are working and if they could be improved. Make sure you keep a secure suppression list
- Common sense – if it doesn’t feel right then it probably isn’t! A lot of common sense comes into play with GDPR. Treat your customer data like you would like a company to treat yours
- Legitimate Interest – is the trusted route to communicate with cold prospects via mail. There are three elements to the legitimate interest basis. It helps to think of this as a three-part test. You need to: identify a legitimate interest; show that the processing is necessary to achieve it; and balance it against the individual’s interests rights and freedom.