GDPR resources from my travels, a toolkit to help your 6 month plan
Through speaking engagements and questions from readers, this month’s theme has become GDPR, so time to share GDPR resources.
But, for now, it seems the primary concern for many data, analytics & insight leaders, is GDPR. That is not surprising with less than 6 months until compliance will be enforced.
For that reason, I’ve seen my breakfast briefing events, with both PracticeWeb and MyCustomer, be over subscribed. In fact later this week I will be sharing again, with RMDS, about the importance of focussing on data quality in your planning.Before I post a debrief of that next breakfast briefing, I want to quickly share with you some GDPR resources that I have found useful. Anyone working in this space attends a variety of training and events, to ensure you stay up-to-date. So, to save you the time, let me share the resources that I’ve found most useful, from those travels.
GDPR impact on Marketing Supply Chain infographic
To start, I’m delighted to share this infographic, produced by Gregg Latchams solicitors (based in London & Bristol). I received this useful visual summary through attending a half day workshop hosted by Ketl. It proved to be a really useful event, bringing together digital marketing leaders to learn & discuss GDPR impacts. I must also recommend Ed Boal, their Head of Digital Media Technology, as an excellent expert speaker on GDPR.
That event focussed on the impact GDPR has across a marketing supply chain. Given the large number of implications to highlight, I appreciate how simply this infographic positions key questions for each stage. A useful visual checklist to help marketers identify their key challenges:
GDPR, how to explain it to your customers
Almost every time I speak on GDPR, at different events, someone will ask for positive examples of response to GDPR. Most often, they mean examples of privacy notices or wording asking for marketing consent.
Now, there are a number of marketing advisory bodies starting to issue some of these positive examples, including the IDM, DMA & Data Protection Network. But, it also helps to see ‘real world’ commercial examples used by organisations who will be living with the results. For that reason, I think econsultancy have done us all a favour, by publishing this list. In this blog post they share their list of 10 ‘best practice in obtaining marketing consent’. Useful ideas, to prompt thinking of what is appropriate & compliant for your business:
With the General Data Protection Regulation (GDPR) due to come into force in May 2018, there are already lots of resources out there to help guide you towards compliance. However, there are fewer articles that point to companies who are already exhibiting best practice.
GDPR, educating yourself with more detail
Given this blog exists to support technical leaders and genuine expertise, I don’t want to stop at just pretty pictures. However informative, today’s data leaders also need to get their heads around the detail.
I’ve benefitted from learning via a number of sources, including The IDM’s one day training course and online certification. But, the most detailed checklists I have found useful are those published by Practical Law. I will share links to a number of these. One aspect that I found particularly helpful was their inclusion of a paper advising employees on the impact for employees. Too many businesses are equating GDPR compliance with customers, when employee/shareholder/citizen rights can be just as challenging.
Here are four detailed practical guides from the experts at Practical Law:
- Overview of GDPR (more detail than that sounds, but accessible)
- GDPR key provisions and what businesses should be doing (usefully comprehensive checklist)
- GDPR toolkit (useful collection of links to resources covering all aspects)
- GDPR implications for employers (advice on impact of employee rights)
GDPR, always worth returning to the source
All good insight leaders, whether with a data, analytics or research emphasis, know the importance of returning to sources. So, it would be remiss of me to complete this list without doing so. It can be too easy to assume that both the EU and the ICO would be wordy or esoteric. In fact both have made an effort to share useful content.
Given the volume of material and detail available, the resources published by the EU can seem more daunting. However, these include not only the full text of GDPR (legal articles & interpretation ‘recitals’), but also some handy summaries. Their site is also reasonable to navigate. So, why not take a look?
Overview of the right to protection of personal data, reform of rules and the data protection regulation and directive.
Within the UK, this regulation will be interpreted/enforced by our supervisory authority, the Information Commissioners’ Office (ICO). Clearly the amount of incorrect advice or fake news in circulation on social media has annoyed the latest ICO (Elizabeth Denham). I’m pleased to see that as a result she has wisely taken to blogging. Her recent blogs are worth reading, even if only to understand how she sees the priorities and her likely approach to enforcement:
Visit the post for more.
GDPR resources, do you have other useful ones to share
Before I prompt the same tsunami of content as customers will receive from ‘re-permissioning campaigns’, let me emphasise ‘useful’.
I have no monopoly on expertise or useful content on this topic. So, if you have an infographic, checklist or summary that has helped you, please do share. If anyone has a longer story to tell, I’m happy to offer to interview any CDOs who have achieved GDPR compliance. Plenty of lessons for us all to still learn along that journey!