A guide to GDPR for the Marketing function

The second in our series of GDPR guides targeted at specific functions, this time focusing on the marketing department. This bite size guide will cover the top preparations and key themes you should concentrate your efforts on ahead of the May 2018 deadline if you work in a marketing department.



With the General Data Protection Regulation (GDPR) deadline just around the corner, it is important to consider how it will impact you and the way in which you collect, process and store information about the people you market to.

Any data that you collect, process and share about customers, event attendees or your team members, must still comply with its six principles.

Top three preparations

As with all things related to how you collect, use and share personal data, there is a lot to be done to prepare your marketing teams for 25 May 2018, but we are focusing on the three main ones as we see them.

Know your data

Get as clear a picture as possible of the state of your marketing database(s), and the quality of the relationships with the people in there. You need to understand clearly how they got there and what interactions you have been having ever since.

Educate people

You should know, in detail, what third parties are doing to collect and/or process personal data on your behalf, including how and where they are storing and sharing that data. This must include third party applications and online services.

Improve processes

You need to know what your business is doing with the personal data you are collecting and using for marketing purposes. Other parts of your business may also be using it for similar things.

Top themes to focus on

Data Mapping

Under GDPR it is vital that you are only collecting personal data that you actually need and have a robust, business reason for having. A data mapping exercise will help to flush out personal data that is not required, being shared excessively or being used for customer segmentation/profiling.

Fair Processing

You will need to obtain explicit consent in order to contact people for specific marketing purposes. It is important to build an ‘opt-in’ process during data capture that tells people why you want their data and what you will be doing with it, including any profiling and segmenting.

Privacy by Design

Your marketing processes should consider privacy at all stages. You should plan ahead to ensure the data you collect is relevant for every stage of your campaigns.

Any changes to a campaign, both in the planning and execution stages, must consider the impact on the data.

Download the information here in this handy one page takeaway guide

We have a whole host of other supporting material on this subject which can be found here.

Published date:  10 February 2018

Written by:  Stephen Bailey

comments powered by Disqus

Filter By Service

Filter By Date