SlideShare una empresa de Scribd logo

Are you GDPR Ready? Checklist Whitepaper

Serversys
Serversys

Designed to empower all EU citizens to take greater control of their data, the General Data Protection Regulation (GDPR) will reshape the way organisations worldwide (who process data from the EU) approach data governance, data protection and privacy. This paper summarises a seven-step practical approach to achieving GDPR compliance with your CRM and marketing systems.

Software
1 de 11
Descargar para leer sin conexión
GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 MAY 252018
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 2 Introduction The Seven Cornerstones for GDPR Compliance 1 Data Protection Officers 2 Data Security 3 Consent 4 Data Accuracy 5 The Right to be Forgotten 6 Breach Procedures 7 Training The Serversys Approach – Our Data Quality and Consent Processes Recommended Action Checklist Prior to 25 May 2018 Recommended Action Checklist Post 25 May 2018 Other Resources Contents
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 3 Back to Contents Designed to empower all EU citizens to take greater control of their data, the General Data Protection Regulation (GDPR) will reshape the way organisations worldwide (who process data from the EU) approach data governance, data protection and privacy. Despite the UK’s decision to leave the EU, the government has confirmed that GDPR will form part of UK law and will come into force in 2018. So, what does this mean for your organisation? In a nutshell, any company that stores or processes personal information about EU citizens must comply with the GDPR. The wide-ranging GDPR requirements that relate to how B2B and B2C companies process, store and protect customers’ personal data include: You can only store and process personal data after obtaining consent that is explicit – rather than implied All data must be freely given, rather than under the duress of not being able to access your services You have an obligation to allow individuals to see their own data, and to release a copy of any data you hold about them in a commonly readable format so that they can transfer data from one service provider to another An individual can demand all data be removed from your database – but you will have to retain their email address to ensure you do not re-import their information as a ‘new’ contact You must notify the relevant data protection authorities – in the UK this will be the Information Commissioner’s Office - within 72 hours of a data breach, and any affected individuals if the breach affects their fundamental rights But that’s not all. From the 25 May 2018 your organisation will not only have to comply with the GDPR – it will also have to be able to demonstrate compliance. Failure to do so may expose your business to high fines – up to 4% of the annual turnover or 20 million Euros, whichever is higher – reputational damage, and/or loss of business opportunities. This paper summarises a seven-step practical approach to achieving GDPR compliance with your CRM and marketing systems. Introduction 1. Data protection officers 2. Data Security 3. Consent 4. Data Accuracy 5. The Right to be Forgotten 7. Training 6. Breach Procedures Our recommended seven cornerstones for GDPR compliance
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 4 Back to Contents 1. Data Protection Officer 2. Data Security The GDPR will clearly create a significant data protection processing overhead on companies. The regulation also recommends that organisations establish a data protection function to manage this. While not all organisations will need to employ a dedicated Data Protection Officer as initially feared, Article 37 of the GDPR states that organisations that need to employ a DPO are: All public authorities Organisations where the core activities involve “regular and systematic monitoring of data subjects on a large scale” Organisations processing “special categories of personal data, such as personal, biometric or health data” For the business owner of customer data, this function should reside outside of the marketing division and IT as it’s important that they take an independent view of data protection. Even if your organisation isn’t required to appoint a dedicated DPO, we’d recommend giving someone the role of “Data Protection Lead”. As well as being responsible for ensuring privacy is at the heart of all that your company does, your Data Protection Lead will also report to the board. While there is no qualifications requirement, we’d recommend the Data Protection Lead undertakes a 5-hour learning course as a GDPR Practitioner. Here’s an example of an online provider we’d recommend for this type of training: https://www.melearning.co.uk/ Data security plays a prominent role in the new GDPR. For this reason, a good starting point for demonstrating compliance is to audit who has access to personal data and how data is used. For example, do third parties have access? Do you have a separate e-marketing platform, or does data get passed through to third party systems? If third parties are involved, you will need to ensure these are registered as Data Processors and are contracted to your GDPR policy. You will need to understand what the minimum requirements are for this contract, as outlined on page 16 of the ICO’s publication Data controllers and data processors: what the difference is and what the governance implications are. Other actions you will need to undertake include: Review security and restrict access for those users who don’t require data access. Limiting access to sensitive fields wherever possible demonstrates you have taken reasonable steps to secure your data. Limit the export capabilities of users in CRM if their role does not require such capability. You will need to document and regularly review who has this capability.
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 5 Back to Contents Audit emails so that if a data breach occurs, you can investigate effectively – for example, if a person leaving the organisation exports data from the system and sends it to an external address. If you don’t have these audit capabilities, then consider moving to an email platform that does such as Office 365. Take steps to ensure third parties apply the same standards as you and restrict access to records that have positively consented to this third-party access. If you do share data with third parties, it’s very important that when a contact opts in, you have a privacy notice that explains this and why. You will have to be crystal clear about who you are sharing the data with, and not just use generic words like Companies or Partners. You should ensure that you have a process for removing access quickly to employees if they leave your organisation or sooner, if you believe that they are at risk of misusing the data. Are the connections to your system secure? Ensure you regularly update your security measures like firewalls, two-factor authentication, anti-virus, and phishing protection. We recommend that you regularly train your employees on phishing techniques and consider stronger technologies to defend against these. An example of this is Microsoft Advanced Threat Protection. Are you able to remotely wipe devices and storage? Remember that you will need to demonstrate that you have taken all reasonable measures to secure data, so it’s highly recommended to document all the steps that you have taken and ensure that you see this as an on-going process. The GDPR considerably strengthens the conditions for consent and you will need to make sure that your organisation’s email and marketing practices comply with the GDPR. This means marketers need a clear affirmative consent action – you can no longer use a pre-ticked checkbox on a form, long rambling terms and conditions or soft opt-ins at in-store checkouts. GDPR does not stop you from communicating with customers and clients where there are reasonable grounds to do so (legitimate interest). For example, sending commercial communications regarding the operation of the contract with them. However, GDPR does give people the absolute right not to receive marketing communications from you. Your organisation will need to show ‘provable consent’ – a requirement that will call for more database fields to record proof of consent, the consent statement, the shelf life of the data, as well as when and where consent was obtained. You should also note that: Consent must always be freely given by the user and not bundled in with a contract. There must be clear opt-in capability to relevant information. You cannot have pre-ticked boxes and must be clear about what you are planning to do with the data (privacy notice). 2. Data Security contd 3. Consent
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 6 Back to Contents Users must have the capability to remove consent and you should make them aware of this prior to getting consent. You shouldn’t assume consent is given forever. The ICO (Information Commissioner’s Office) recommends that you ask for re-consent every two years. With this in mind, we recommend linking up e-marketing opt-in preferences with CRM, or even better using a preference centre web site that users can access to maintain their consent and see your privacy notice. This consent should be audited, so you can demonstrate when and how someone’s opted- in and what they were told you would do with their personal data. Remember, you will need to ensure that consent is not be confused with terms and conditions. B2B organisations should consider making sales and account managers review consent with clients, giving them the ability to manually send the consent email to encourage opt-in. When marketing to individuals in businesses, ideally you should add consent fields to views and forms in your CRM, ensuring these are in prominent positions so that users can clearly see who has opted into what. Consent can be given verbally, but this should be documented very carefully including the date time and specifically what a contact was told and consented to. This can be harder to record and as such we would recommend using an automated electronic approach as a failsafe. Remember your obligation is to prove compliance and all the above steps will help you demonstrate this. Finally, you cannot rely on historic consent if this does not conform to the new GDPR requirements. Some companies are concerned that not being able to blanket email prospects will have a detrimental impact on their marketing capabilities. But we’d suggest that this is a great opportunity to move your strategy to better digital platforms that may well generate greater success. Aim to start building an organisational culture that recommends people follow your digital channels, so that you expand your potential audience beyond data traditional methods. You can download the ICO’s consent checklist from here: https://www.serversys.com/Consent_Checklist.pdf 3.Consent contd Privacy Policy Privacy by design or default is another key requirement of GDPR that will force a shift in how organisations think about personal data. When collecting information on your website or any other means that contains personal information, such as an email address, you are required to share a very clear and concise privacy notice. This should cover at the minimum the following: What information you collect Why you collect it Who you share it with What you do with it How long you keep it How individuals can access the information you hold on them Right to be Forgotten information How individuals can appeal to the ICO Your privacy policy should be in clearly understandable language, should identify by name any third parties you share date with and what these will do with it.
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 7 Back to Contents The GDPR accuracy principle requires companies ensure that personal data is accurate and, where necessary kept up to date. That means that every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay. Key actions to take to ensure your data is accurate include: Removing any historic records from systems that are no longer required by your organisation. Implementing a process to ensure personal data is removed after a set period of time if there is no reason to keep it. Make sure that when you update a record, this change is also reflected on third party systems. For example, if you change someone’s name you will need a process in place to update the accounts system, e-marketing tool and any other third-party systems of suppliers involved in working with you. Remember, data retention is a core consideration of GDPR compliance. Keeping stale records will increase your risk of non-compliance. Keep in mind that removing them will also limit your exposure if there is a data breach. Using marketing lists Does GDPR mean that you can’t buy any marketing lists again? No, it doesn’t. But you will need to ensure that you have an adequate contract with the list provider and take all reasonable measures to ensure that the subjects have opted-in and are aware that you would be given their personal details in a way that is compliant with GDPR. On the first communication to them or within a month, whichever is sooner of recording you should make subjects aware of the source of the information and give them the ability to amend their opt-in and see your privacy policy. 4. Data Accuracy 5. The Right to be Forgotten GDPR introduces the right to be forgotten. That means that any individual has the right to request that their data is deleted from your records. If you receive a request from a contact that they want their information deleted, you will need to have a process ready to handle this. This process should include reviewing if you have a contractual or legal reason to hold onto their data before you go ahead and implement the deletion request. Anonymising records If you anonymise a record, in other words, remove any reasonable ability to relate the data to a living person, then it is not subject to GDPR. You may wish to do this for reporting on things such as number of leads, where the actual data subject is not relevant. This anonymisation should be comprehensive, ensuring that no one can ever relate the record back to the person.
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 8 Back to Contents The GDPR introduces a much stricter regime for reporting data breaches. You are required to notify data subjects “without undue delay” and to inform the national data protection authority within 72 hours of a data breach being identified. 6. Breach Procedures 7. Training GDPR should be viewed as an opportunity to build good data governance and improve your marketing effectiveness. Implementing the processes and procedures that relate to GDPR compliance will give you cleaner and more organised data, and ultimately better results. For example, your e-mail campaigns will be more targeted to active marketing lists. Which will generate improved performance. You should also consider expanding your digital capabilities, making better use of platforms like LinkedIn and Twitter to compensate for any declining marketing capability that results from your GDPR compliance activities. The final pillar of your GDPR efforts will be to ensure staff are fully trained on data policies and best practices for keeping customer personal data safe. You should also ensure they are trained to use techniques such as anonymisation. Our recommendations include: Use an online training platform for GDPR, where you can demonstrate that you have trained your employees on GDPR if you are audited. Online courses are available from online providers like www.melearning.co.uk/gdpr/courses. Build GDPR obligations into employment contracts, ensuring that staff understand why data protection is important, what personal data is, and the consequences of non-compliance. Build a company ethos of data protection, ensuring that everyone is aware of their individual responsibilities when handling personal data as part of their role. This means you will need to prepare a plan that kicks into action in the event of a breach, ensuring that marketing and communication teams are fully prepared for such an eventuality. Your action plan should include: Appointing someone who is responsible for the data breach investigation and reporting it to the supervisory authority. Reviewing the obligations of any third parties, such as an outsourced IT company, ensuring they are obliged to notify you in the event of a data breach taking place.
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 9 Back to Contents We have appointed a Data Protection Lead with clear responsibilities who reports to the board. Employees have GDPR responsibilities built into their contracts and GDPR training is mandatory. Consultants are required to pass a GDPR Practitioners course. Our Data Quality and Consent Processes All data that is stale has been removed from our CRM, Accounts and SharePoint systems where documents are stored. We have emailed all our remaining contacts with a link requesting they opt-in to communications. These opt-ins clearly show what the purpose of the communications are, how their data will be used and where it is stored (Privacy Notice). These links are unique for each individual contact, so when they land on our communication preference centre, the system knows who they are. A contact can return to the preference centre, enter their email address and receive an email that has a link directly to amend their preferences (Consent). All opt-ins are audited in our CRM system, so we know when a contact last consented or not. Each new contact added to our system is automatically sent the opt-in email for consent. Our account managers review any preferences that clients have not opted-in for and discuss the merits of opting-in with them directly. An account manager can send a link to the contact to amend their preferences. After three months, any records where the client hasn’t opt-in and where we do not have a commercial contract are considered for purging. Based on when a contact last updated their opt-in preferences, every two years we will reset and resend a preference update request to contacts that have initially opted-in but have not transacted with us. Our overall GDPR policy includes regular reviews of data security, breach and privacy plans. We only use EU datacentres and monitor the security of these proactively. The Serversys Approach
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 10 Back to Contents Recommended Action Checklist Prior to 25 May 2018 DATA AUDIT - Is my data handled by Third Parties? PRIVACY NOTICE - Do my data capture forms have a suitable privacy notice? REVIEW EXISTING CONSENT - Does my current consent meet GDPR requirements? Review our helpful Consent Check List at https://www.serversys.com/ Consent_Checklist.pdf. SECURITY - Have you reviewed the security of your systems and removed unnecessary access and permissions? CONTRACTS - Do your contracts with Third Parties cover the requirements for GDPR? PURGE - Have you removed unnecessary data from your system? TRAINING - Have you trained your staff and kept a training register? PROCESS - Do you have appropriate processes in place should a data breach occur, or a contact wishes to exercise their right to be forgotten required? If someone requests a copy of their records, can you do this efficiently in a timely way? Recommended Action Checklist Post 25 May 2018 TRAINING - Do you have a process in place to train new and existing employees on GDPR? RE-CONSENT - Put in place a process to manage re- consenting every two years. PRIVACY POLICY - Review and keep reviewing. THIRD PARTIES - Are they still honouring your GDPR policy? RISK - Are your security measures up-to-date? Ensure you review access and permissions regularly. PRACTISE - Playout a data breach, a right to be forgotten request and a request to see your records. DOCUMENT - Keep all the measures documented so that if you are audited, you’re ready and don’t need to stress. 25.05.18 25.05.18 Recommended Action Checklists if
A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 11 Back to Contents https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf https://ico.org.uk/for-organisations/resources-and-support/data-protection- self-assessment/getting-ready-for-the-gdpr/ Need Help? If you need help with GDPR or an advanced Preference Centre then why not get in contact and talk to one of our trained GDPR Practitioners. www.serversys.com +44 2038 843804 gdpr@serversys.com Other Resources

Recomendados

How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?AllBusinessTemplates
 
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardGDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardCorporater
 
Employee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPREmployee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPRGDPR Course
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018Fraser Hay
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 

Recomendados

How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?AllBusinessTemplates
 
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardGDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardCorporater
 
Employee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPREmployee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPRGDPR Course
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018Fraser Hay
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoDaniel Smith
 
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)WBDC of Florida
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPRSrijan Technologies
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case StudySagittarius
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
BigID PII Protection GDPR
BigID PII Protection GDPR BigID PII Protection GDPR
BigID PII Protection GDPR Fatime Traoré
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know Maddie Malling-May
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The OpportunitySagittarius
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR PresentationLuke Kyte
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaserLava Consult BVBA
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRPrecisely
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 
GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers Burst
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 

Más contenido relacionado

La actualidad más candente

Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoDaniel Smith
 
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)WBDC of Florida
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPRSrijan Technologies
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case StudySagittarius
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
BigID PII Protection GDPR
BigID PII Protection GDPR BigID PII Protection GDPR
BigID PII Protection GDPR Fatime Traoré
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The OpportunitySagittarius
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR PresentationLuke Kyte
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRPrecisely
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 

La actualidad más candente (20)

Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
 
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
 
Travelodge GDPR Case Study
Travelodge GDPR Case StudyTravelodge GDPR Case Study
Travelodge GDPR Case Study
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
BigID PII Protection GDPR
BigID PII Protection GDPR BigID PII Protection GDPR
BigID PII Protection GDPR
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
GDPR & The Opportunity
GDPR & The OpportunityGDPR & The Opportunity
GDPR & The Opportunity
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR Presentation
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for Ops
 

Similar a Are you GDPR Ready? Checklist Whitepaper

GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers Burst
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolutionDan Brookman
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
5 Questions Financial Institutions Should Ask About GDPR Readiness
5 Questions Financial Institutions Should Ask About GDPR Readiness5 Questions Financial Institutions Should Ask About GDPR Readiness
5 Questions Financial Institutions Should Ask About GDPR ReadinessAppian
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 ayeshaurooj104
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRBenjamin Dibble
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?Gareth Miller
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationPete S
 

Similar a Are you GDPR Ready? Checklist Whitepaper (20)

GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
5 Questions Financial Institutions Should Ask About GDPR Readiness
5 Questions Financial Institutions Should Ask About GDPR Readiness5 Questions Financial Institutions Should Ask About GDPR Readiness
5 Questions Financial Institutions Should Ask About GDPR Readiness
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
 
GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
 
Sage CRM and GDPR Overview
Sage CRM and GDPR OverviewSage CRM and GDPR Overview
Sage CRM and GDPR Overview
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
 
Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 

Último

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 

Último (20)

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

Are you GDPR Ready? Checklist Whitepaper

  • 1. GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 MAY 252018
  • 2. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 2 Introduction The Seven Cornerstones for GDPR Compliance 1 Data Protection Officers 2 Data Security 3 Consent 4 Data Accuracy 5 The Right to be Forgotten 6 Breach Procedures 7 Training The Serversys Approach – Our Data Quality and Consent Processes Recommended Action Checklist Prior to 25 May 2018 Recommended Action Checklist Post 25 May 2018 Other Resources Contents
  • 3. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 3 Back to Contents Designed to empower all EU citizens to take greater control of their data, the General Data Protection Regulation (GDPR) will reshape the way organisations worldwide (who process data from the EU) approach data governance, data protection and privacy. Despite the UK’s decision to leave the EU, the government has confirmed that GDPR will form part of UK law and will come into force in 2018. So, what does this mean for your organisation? In a nutshell, any company that stores or processes personal information about EU citizens must comply with the GDPR. The wide-ranging GDPR requirements that relate to how B2B and B2C companies process, store and protect customers’ personal data include: You can only store and process personal data after obtaining consent that is explicit – rather than implied All data must be freely given, rather than under the duress of not being able to access your services You have an obligation to allow individuals to see their own data, and to release a copy of any data you hold about them in a commonly readable format so that they can transfer data from one service provider to another An individual can demand all data be removed from your database – but you will have to retain their email address to ensure you do not re-import their information as a ‘new’ contact You must notify the relevant data protection authorities – in the UK this will be the Information Commissioner’s Office - within 72 hours of a data breach, and any affected individuals if the breach affects their fundamental rights But that’s not all. From the 25 May 2018 your organisation will not only have to comply with the GDPR – it will also have to be able to demonstrate compliance. Failure to do so may expose your business to high fines – up to 4% of the annual turnover or 20 million Euros, whichever is higher – reputational damage, and/or loss of business opportunities. This paper summarises a seven-step practical approach to achieving GDPR compliance with your CRM and marketing systems. Introduction 1. Data protection officers 2. Data Security 3. Consent 4. Data Accuracy 5. The Right to be Forgotten 7. Training 6. Breach Procedures Our recommended seven cornerstones for GDPR compliance
  • 4. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 4 Back to Contents 1. Data Protection Officer 2. Data Security The GDPR will clearly create a significant data protection processing overhead on companies. The regulation also recommends that organisations establish a data protection function to manage this. While not all organisations will need to employ a dedicated Data Protection Officer as initially feared, Article 37 of the GDPR states that organisations that need to employ a DPO are: All public authorities Organisations where the core activities involve “regular and systematic monitoring of data subjects on a large scale” Organisations processing “special categories of personal data, such as personal, biometric or health data” For the business owner of customer data, this function should reside outside of the marketing division and IT as it’s important that they take an independent view of data protection. Even if your organisation isn’t required to appoint a dedicated DPO, we’d recommend giving someone the role of “Data Protection Lead”. As well as being responsible for ensuring privacy is at the heart of all that your company does, your Data Protection Lead will also report to the board. While there is no qualifications requirement, we’d recommend the Data Protection Lead undertakes a 5-hour learning course as a GDPR Practitioner. Here’s an example of an online provider we’d recommend for this type of training: https://www.melearning.co.uk/ Data security plays a prominent role in the new GDPR. For this reason, a good starting point for demonstrating compliance is to audit who has access to personal data and how data is used. For example, do third parties have access? Do you have a separate e-marketing platform, or does data get passed through to third party systems? If third parties are involved, you will need to ensure these are registered as Data Processors and are contracted to your GDPR policy. You will need to understand what the minimum requirements are for this contract, as outlined on page 16 of the ICO’s publication Data controllers and data processors: what the difference is and what the governance implications are. Other actions you will need to undertake include: Review security and restrict access for those users who don’t require data access. Limiting access to sensitive fields wherever possible demonstrates you have taken reasonable steps to secure your data. Limit the export capabilities of users in CRM if their role does not require such capability. You will need to document and regularly review who has this capability.
  • 5. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 5 Back to Contents Audit emails so that if a data breach occurs, you can investigate effectively – for example, if a person leaving the organisation exports data from the system and sends it to an external address. If you don’t have these audit capabilities, then consider moving to an email platform that does such as Office 365. Take steps to ensure third parties apply the same standards as you and restrict access to records that have positively consented to this third-party access. If you do share data with third parties, it’s very important that when a contact opts in, you have a privacy notice that explains this and why. You will have to be crystal clear about who you are sharing the data with, and not just use generic words like Companies or Partners. You should ensure that you have a process for removing access quickly to employees if they leave your organisation or sooner, if you believe that they are at risk of misusing the data. Are the connections to your system secure? Ensure you regularly update your security measures like firewalls, two-factor authentication, anti-virus, and phishing protection. We recommend that you regularly train your employees on phishing techniques and consider stronger technologies to defend against these. An example of this is Microsoft Advanced Threat Protection. Are you able to remotely wipe devices and storage? Remember that you will need to demonstrate that you have taken all reasonable measures to secure data, so it’s highly recommended to document all the steps that you have taken and ensure that you see this as an on-going process. The GDPR considerably strengthens the conditions for consent and you will need to make sure that your organisation’s email and marketing practices comply with the GDPR. This means marketers need a clear affirmative consent action – you can no longer use a pre-ticked checkbox on a form, long rambling terms and conditions or soft opt-ins at in-store checkouts. GDPR does not stop you from communicating with customers and clients where there are reasonable grounds to do so (legitimate interest). For example, sending commercial communications regarding the operation of the contract with them. However, GDPR does give people the absolute right not to receive marketing communications from you. Your organisation will need to show ‘provable consent’ – a requirement that will call for more database fields to record proof of consent, the consent statement, the shelf life of the data, as well as when and where consent was obtained. You should also note that: Consent must always be freely given by the user and not bundled in with a contract. There must be clear opt-in capability to relevant information. You cannot have pre-ticked boxes and must be clear about what you are planning to do with the data (privacy notice). 2. Data Security contd 3. Consent
  • 6. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 6 Back to Contents Users must have the capability to remove consent and you should make them aware of this prior to getting consent. You shouldn’t assume consent is given forever. The ICO (Information Commissioner’s Office) recommends that you ask for re-consent every two years. With this in mind, we recommend linking up e-marketing opt-in preferences with CRM, or even better using a preference centre web site that users can access to maintain their consent and see your privacy notice. This consent should be audited, so you can demonstrate when and how someone’s opted- in and what they were told you would do with their personal data. Remember, you will need to ensure that consent is not be confused with terms and conditions. B2B organisations should consider making sales and account managers review consent with clients, giving them the ability to manually send the consent email to encourage opt-in. When marketing to individuals in businesses, ideally you should add consent fields to views and forms in your CRM, ensuring these are in prominent positions so that users can clearly see who has opted into what. Consent can be given verbally, but this should be documented very carefully including the date time and specifically what a contact was told and consented to. This can be harder to record and as such we would recommend using an automated electronic approach as a failsafe. Remember your obligation is to prove compliance and all the above steps will help you demonstrate this. Finally, you cannot rely on historic consent if this does not conform to the new GDPR requirements. Some companies are concerned that not being able to blanket email prospects will have a detrimental impact on their marketing capabilities. But we’d suggest that this is a great opportunity to move your strategy to better digital platforms that may well generate greater success. Aim to start building an organisational culture that recommends people follow your digital channels, so that you expand your potential audience beyond data traditional methods. You can download the ICO’s consent checklist from here: https://www.serversys.com/Consent_Checklist.pdf 3.Consent contd Privacy Policy Privacy by design or default is another key requirement of GDPR that will force a shift in how organisations think about personal data. When collecting information on your website or any other means that contains personal information, such as an email address, you are required to share a very clear and concise privacy notice. This should cover at the minimum the following: What information you collect Why you collect it Who you share it with What you do with it How long you keep it How individuals can access the information you hold on them Right to be Forgotten information How individuals can appeal to the ICO Your privacy policy should be in clearly understandable language, should identify by name any third parties you share date with and what these will do with it.
  • 7. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 7 Back to Contents The GDPR accuracy principle requires companies ensure that personal data is accurate and, where necessary kept up to date. That means that every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay. Key actions to take to ensure your data is accurate include: Removing any historic records from systems that are no longer required by your organisation. Implementing a process to ensure personal data is removed after a set period of time if there is no reason to keep it. Make sure that when you update a record, this change is also reflected on third party systems. For example, if you change someone’s name you will need a process in place to update the accounts system, e-marketing tool and any other third-party systems of suppliers involved in working with you. Remember, data retention is a core consideration of GDPR compliance. Keeping stale records will increase your risk of non-compliance. Keep in mind that removing them will also limit your exposure if there is a data breach. Using marketing lists Does GDPR mean that you can’t buy any marketing lists again? No, it doesn’t. But you will need to ensure that you have an adequate contract with the list provider and take all reasonable measures to ensure that the subjects have opted-in and are aware that you would be given their personal details in a way that is compliant with GDPR. On the first communication to them or within a month, whichever is sooner of recording you should make subjects aware of the source of the information and give them the ability to amend their opt-in and see your privacy policy. 4. Data Accuracy 5. The Right to be Forgotten GDPR introduces the right to be forgotten. That means that any individual has the right to request that their data is deleted from your records. If you receive a request from a contact that they want their information deleted, you will need to have a process ready to handle this. This process should include reviewing if you have a contractual or legal reason to hold onto their data before you go ahead and implement the deletion request. Anonymising records If you anonymise a record, in other words, remove any reasonable ability to relate the data to a living person, then it is not subject to GDPR. You may wish to do this for reporting on things such as number of leads, where the actual data subject is not relevant. This anonymisation should be comprehensive, ensuring that no one can ever relate the record back to the person.
  • 8. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 8 Back to Contents The GDPR introduces a much stricter regime for reporting data breaches. You are required to notify data subjects “without undue delay” and to inform the national data protection authority within 72 hours of a data breach being identified. 6. Breach Procedures 7. Training GDPR should be viewed as an opportunity to build good data governance and improve your marketing effectiveness. Implementing the processes and procedures that relate to GDPR compliance will give you cleaner and more organised data, and ultimately better results. For example, your e-mail campaigns will be more targeted to active marketing lists. Which will generate improved performance. You should also consider expanding your digital capabilities, making better use of platforms like LinkedIn and Twitter to compensate for any declining marketing capability that results from your GDPR compliance activities. The final pillar of your GDPR efforts will be to ensure staff are fully trained on data policies and best practices for keeping customer personal data safe. You should also ensure they are trained to use techniques such as anonymisation. Our recommendations include: Use an online training platform for GDPR, where you can demonstrate that you have trained your employees on GDPR if you are audited. Online courses are available from online providers like www.melearning.co.uk/gdpr/courses. Build GDPR obligations into employment contracts, ensuring that staff understand why data protection is important, what personal data is, and the consequences of non-compliance. Build a company ethos of data protection, ensuring that everyone is aware of their individual responsibilities when handling personal data as part of their role. This means you will need to prepare a plan that kicks into action in the event of a breach, ensuring that marketing and communication teams are fully prepared for such an eventuality. Your action plan should include: Appointing someone who is responsible for the data breach investigation and reporting it to the supervisory authority. Reviewing the obligations of any third parties, such as an outsourced IT company, ensuring they are obliged to notify you in the event of a data breach taking place.
  • 9. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 9 Back to Contents We have appointed a Data Protection Lead with clear responsibilities who reports to the board. Employees have GDPR responsibilities built into their contracts and GDPR training is mandatory. Consultants are required to pass a GDPR Practitioners course. Our Data Quality and Consent Processes All data that is stale has been removed from our CRM, Accounts and SharePoint systems where documents are stored. We have emailed all our remaining contacts with a link requesting they opt-in to communications. These opt-ins clearly show what the purpose of the communications are, how their data will be used and where it is stored (Privacy Notice). These links are unique for each individual contact, so when they land on our communication preference centre, the system knows who they are. A contact can return to the preference centre, enter their email address and receive an email that has a link directly to amend their preferences (Consent). All opt-ins are audited in our CRM system, so we know when a contact last consented or not. Each new contact added to our system is automatically sent the opt-in email for consent. Our account managers review any preferences that clients have not opted-in for and discuss the merits of opting-in with them directly. An account manager can send a link to the contact to amend their preferences. After three months, any records where the client hasn’t opt-in and where we do not have a commercial contract are considered for purging. Based on when a contact last updated their opt-in preferences, every two years we will reset and resend a preference update request to contacts that have initially opted-in but have not transacted with us. Our overall GDPR policy includes regular reviews of data security, breach and privacy plans. We only use EU datacentres and monitor the security of these proactively. The Serversys Approach
  • 10. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 10 Back to Contents Recommended Action Checklist Prior to 25 May 2018 DATA AUDIT - Is my data handled by Third Parties? PRIVACY NOTICE - Do my data capture forms have a suitable privacy notice? REVIEW EXISTING CONSENT - Does my current consent meet GDPR requirements? Review our helpful Consent Check List at https://www.serversys.com/ Consent_Checklist.pdf. SECURITY - Have you reviewed the security of your systems and removed unnecessary access and permissions? CONTRACTS - Do your contracts with Third Parties cover the requirements for GDPR? PURGE - Have you removed unnecessary data from your system? TRAINING - Have you trained your staff and kept a training register? PROCESS - Do you have appropriate processes in place should a data breach occur, or a contact wishes to exercise their right to be forgotten required? If someone requests a copy of their records, can you do this efficiently in a timely way? Recommended Action Checklist Post 25 May 2018 TRAINING - Do you have a process in place to train new and existing employees on GDPR? RE-CONSENT - Put in place a process to manage re- consenting every two years. PRIVACY POLICY - Review and keep reviewing. THIRD PARTIES - Are they still honouring your GDPR policy? RISK - Are your security measures up-to-date? Ensure you review access and permissions regularly. PRACTISE - Playout a data breach, a right to be forgotten request and a request to see your records. DOCUMENT - Keep all the measures documented so that if you are audited, you’re ready and don’t need to stress. 25.05.18 25.05.18 Recommended Action Checklists if
  • 11. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 | Page 11 Back to Contents https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf https://ico.org.uk/for-organisations/resources-and-support/data-protection- self-assessment/getting-ready-for-the-gdpr/ Need Help? If you need help with GDPR or an advanced Preference Centre then why not get in contact and talk to one of our trained GDPR Practitioners. www.serversys.com +44 2038 843804 gdpr@serversys.com Other Resources