Here are our 5 tips for getting started, and making sure business leaders and marketers are compliant with the new GDPR legislation.
- Start now: Plan your General Data Protection Regulation change project now because there are several steps required to ensure your organisation is compliant before May 2018.
- Find or hire someone that will make your GDPR problem interesting. If you can make the problem compelling and the solution constructive, you will bring people on board with the transition. The best person for the job will be someone who is already working with customer data and developing insights for your organisation, as they will understand how the business uses data.
- Identify which processes may cause harm. Make a list of the processes that are most likely to cause harm to an individual, or the organisation. E.g., a medical practice managing health-related data could cause serious harm if patient data is mishandled, whilst losing the ability to send email marketing messages to your entire marketing database is also harmful. Once potentially damaging processes are identified, describe how the data flows through each process to visualise potential risks.
- Identify the external threats and internal errors posed to data management processes. Have you used a third-party agency to create a data capture device, website or landing site? Make sure they are GDPR compliant and can write programmes and privacy notices to comply with GDPR. Your organisation needs to mitigate errors by ensuring staff are appropriately trained, and records of training are kept.
- Put an Information Governance Framework in place. An IGF includes a risk register that can help demonstrate your accountability by documenting how you review and act upon data management issues, especially by those with the appropriate levels of experience and responsibility.