In six months’ time, you will be in the last phase of ensuring your business is ready for the new General Data Protection Regulation legislation. And whilst many businesses might be thinking of adopting a ‘wait and see’ approach, the hefty penalties for non-compliance alone are enough to convince you to start looking at the changes you’ll need to make right now.

The General Data Protection Regulation (GDPR) is Europe’s new legal framework for data protection laws. Its aim is to give people back control of their personal data, and comes into force in the EU in May 2018. It brings with it huge changes to how personal data can be collected and used by organisations. With potential fines for failure to comply of up to €20m or 4% of global annual turnover, it’s important to ensure your business is ready for the change.

Greater protection for consumers

Although it may seem the GDPR is an unwanted data protection headache, from a marketing perspective, this is a great opportunity to refresh how you approach the collection and use of customer data. Under the GDPR, stronger rights are given to individuals over how organisations process their data. Expect to clearly inform your customers on how your brand will use their data. It’s also important to note, individuals will be free to request the data a brand holds about them. And, if that data is incorrect or no longer relevant, request that it is either corrected or deleted.

Build trust into your brand perception

Under the GDPR, you will need to explain why you’re collecting personal data and what processing will happen to it. All of this will be in addition to obtaining very specific consent from your customers. You can wave goodbye to ambiguous explanations, vague ‘third party’ references and pre-ticked boxes. As a result of this transparency, consumer confidence should increase for brands that are being open and honest about their use of personal data.

Have better consumer engagement

Yes, consumer consent for the use and collection of their personal data will be very specific. Which inevitably means you will receive less data. However, that data should have a greater overall value as the consumers not only understand why you need it, they’re happy for you to have it. So, not only does the value of data increase, your brand will also see better engagement from its customers.

Where do you start?

First things first, audit and map out your customers’ data journeys within your organisation. This will bring up opportunities to minimise the amount of data processing, as well as highlight exactly how you will use each piece of data. Then comes the reviewing stage. Review and document your legal basis for processing personal data, as well as review all consent and privacy notices. For those of you dealing with large scale processing of sensitive data, you’ll need to carry out a Privacy Impact Assessment. This will cover what, why and how personally identifiable information is being collected, used, accessed, shared, safeguarded and stored. Next, you’ll need to review your breach notification processes. Finally, assign a Data Protection Officer if you require one. The one thing we absolutely recommend to you is to seek advice on what’s required of your organisation, so you’re fully prepared for the GDPR.

James Royce is the Technical and Operations Director at Mackman, a Sudbury-based full-service marketing agency.

Next month, we’ll be looking at how to achieve successful branding with Mackman’s Creative Director, Bruce Burgoyne.

If you would like one of the specialists at Mackman to provide a comment or write an opinion piece for your publication, give us a call on 01787 388038, or email