As you’re no doubt now aware, May 2018 is GDPR month. From inboxes to news articles, brands have been rushing to ensure compliance or risk bankruptcy-inducing fines. There are some reports suggesting the majority haven’t quite got there yet, with little in the way of a GDPR guide outlining what you need to get right.

However, we see it as an opportunity for organisations to up their data game not just for the May 25th deadline but continuing beyond. Being more responsible when collecting and using data will allow you to do more brilliant things with it. To prepare your organisation for the long-term, you need to change your organisation’s culture around using and protecting data.

Change is coming, and it’s for the better

Many might view the regulation as a thorn in its side. But it offers an unparalleled opportunity to gain the ongoing trust of your customers. It might even set your organisation apart from the competition.

Those that are in the best position have used the process of getting GDPR-ready as an overall catalyst for change. Teach your employees about the value of their data, the importance of securing it, and how it benefits consumers. In this way, you’ll set your entire organisation up for future data success. The work doesn’t stop on May 25th, it’s really only beginning.

A customer-first mentality

When it comes to our role as a GDPR guide, we have been advising organisations to take the view that whatever is right for your customer is ultimately going to be right for your business. Time has been of the essence with GDPR but it shouldn’t just have been about hitting the May 25th deadline. The organisations that will win at GDPR will continue to review and refine it as part of their wider data strategy. This is what we think businesses should be doing to continue to make GDPR a game-changer:

1.Keep your customers up-to-date

GDPR legislators took a customer-first approach when developing the regulation. It makes sense, therefore, that you do the same. You need to keep your customers up-to-date with all uses of their personal data. Under GDPR, personal data belongs to the individual that it relates to. You’re simply borrowing it with their permission.

2.Set everything out clearly

Strip ‘jargonese’ from your company. The quickest way to lose customer confidence is to make your communications hard to understand. Nobody outside your data team is likely to understand what Bayesian probability is, so don’t use words like it in your writing. Set everything out clearly including:

  • How you intend to use their data
  • What data you need from them
  • Where and how it will be stored (emphasise security and privacy)
  • How long it will be stored for (and that it will be deleted when not needed anymore)
  • How it benefits the customer3

3.Tell customers how they benefit

The last point is critical. Nobody is going to hand over their data if they believe only your organisation will benefit from it. Make it clear that using their data is in their best interests. If it’ll lead to more tailored marketing, then let them know. Likewise, if you need it in order to recommend future products then communicate that point. Never ever spam your customers. Make them that promise, because everyone worries about being spammed when handing over their contact details.

4.Educate your wider team

Everyone in your organisation needs to understand the value of customer data and to respect it. Educating them on the value of their own data can help. Set up workshops where they have to swap their data for valuable items – it could be a bottle of wine, some chocolates, or even an experience day if you’re feeling generous. In any case, make it clear that when someone hands over their data, it’s akin to handing over cash.

Make sure any training is done for new starters and that there are regular refresher sessions. Your GDPR guide could be seen as a dry subject by many, so try to keep the training fun, but informative. Make it relevant to your employees and they are more likely to engage with it and remember the training throughout their work days.

5.Don’t just leave it to IT

Being GDPR compliant shouldn’t be left to your IT team or CIO. Marketing, HR, finance, and customer support all need to be involved. Because GDPR affects an entire company (and its consequences will be widespread) it’s the responsibility of all employees who use or come into contact with data.

6.Getting technical…

The technical side can be trickier. Rolling out changes across a lot of different systems takes time. as does discovering where all customer data is located. Often, data is kept in silos created by departments, campaigns, technology solutions and so forth. To solve this, you must prioritise the biggest gaps in your data governance; the ones that are most likely to fail GDPR standards. In a time-limited period, this is the best way to approach it. Longer-term, you’ll need to revamp all your data governance processes to a privacy-first, customer-centric approach. If you haven’t done this in time for the 25th May deadline then get a fast, prioritised action list together and make a plan.

After securing the data, decisions have to be made over who needs access to it. From compliance and cost point-of-view, only keep the data that you are actively using. Foster an environment where everyone treats data with respect and is held accountable for its ethical use.

7.Find a community

As you navigate the vast requirements of GDPR – some of which are tough to unpick, building a community is essential. There are many GDPR guide or compliance groups available. Some are set up by vendors, and some by CIOs or data leaders who are trying to navigate the regulation. Take a look on LinkedIn and Facebook for the groups. There you’ll find discussions over how to practically implement the requirements, along with advice. These groups will be invaluable in the long run. They won’t just get you prepared for the enforcement deadline, but will help you unpick the tricky regulation in the future.

Tech versus customer-led

There are two distinct approaches to GDPR compliance and ongoing implementation.

  • Customer-led: this is driven by the marketing team primarily. It looks at the business’ requirements and how to align this with the strategy
  • Technology-led: this will fix security and look at the business’ data quality. It is less of a strategy, and more like a plaster-stick solution

For CIOs implementing a tech-led approach, we recommend that you get legal advice in partnership with marketing. Let the marketing team understand that they have a significant responsibility under GDPR, and the full impact it has. And don’t forget your customers, they need to be engaged for your organisation to comply with GDPR.

GDPR doesn’t stop on May 25th

GDPR is forcing businesses to do data better. Businesses that manage their data better are more profitable, competitive and efficient. Broadly speaking, your continued GDPR compliance hinges on these actions:

  • Put your customers first
  • Recruit data champions
  • Communicate the business-wide responsibility for data (and its value)
  • Create a clear data vision and strategy that benefits your customers

GDPR is causing huge change within many organisations. It is what many businesses needed in order to sort out data infrastructure and quality. Ultimately, it will offer many organisations the chance to start afresh with their data functions. GDPR will improve the way companies collect, process, and store data. That can only be a good thing for organisations, customers, and every one of us.


Written by Jason Foster


See all
Kate Sargent

How does the role of the 1st & 2nd generation CDO differ?

Watch now

The Possibilities and Importance of Data and AI for the Insurance Industry

Read more
Diary of a CDO - Ashley Brinegar

How have you won champions around the business?

Watch now
profile image

Content Access.