GDPR is here. Make sure you are ready.

A simple guide to GDPR to make sure you are compliant.

Story Highlights

  • Why Should You Care? Fair question. GDPR includes substantial fines for non-compliance. Article 83(5)(a) states that infringements of the basic principles for processing personal data, including the conditions for consent, are subject to the highest tier of administrative fines. This could mean a fine of up to €10/20 million, or 2%/4% of your total worldwide annual turnover*, whichever is higher. (* It's complicated.)

On May 25, 2018, the most comprehensive modification to data protection in over two decades becomes effective: the European General Data Protection Regulation (EU GDPR). The GDPR consists of 11 chapters and 91 articles that outline the specific requirements and regulations organizations must comply with pertaining to the rights of individuals and their personal data.

While there are clear benefits to GDPR, not only for individuals but for enterprises as well, the change is nonetheless a major one, and many companies may be struggling to determine exactly what changes they’ll need to make to ensure compliance.

The EU General Data Protection Regulation (GDPR) sets out a new, unified privacy law for Europe. The new law is relevant not just to businesses established in Europe; it will also apply to entities worldwide that provide goods and services to individuals in Europe, and online platforms and other website operators that are accessible from Europe. – McDermott Will & Emer

As marketers, we represent the voice of the customer. The best possible outcome is that Marketing provides the customer with information considered valuable and we should do this for all customers, not just the EU.

One way to provide valuable information to customers and prospects is to use a preference centre.

Forrester defines a preference centre as follows: “The business practice of systematically collecting, managing, and utilizing explicit customer preferences – about frequency, channel, content, interests, and intent – in outbound communications. These preferences are managed in a centralized repository and collected in a user-facing portal known as a preference centre.”

Preference management provides you with the ability to honour your customers’ needs, improve marketing ROI, and comply with GDPR regulations. Customers can identify how often they want to receive communications from you and on which marketing channels – email, text, blogs, etc.

Recent research from Business.com indicates that companies with a great customer experience will drive revenue growth. Your preference centre should be interactive and it should immediately update across devices.

There are many ways to enhance your customer’s experience, below are a few tips to help you:

  • Collect only the needed information.
  • Required versus optional fields: Every field should not be required – only the fields that are relevant for the user experience. For example, if the subscriber opts into email, then the preference centre should require the email address; if the subscriber opts into SMS, then their mobile number is required; and so on.
  • Pre-populate forms: Use the customer data from your marketing database to save the subscriber time and inherently provide a better experience.
  • Global unsubscribe: A global unsubscribe operation is required. CAN-SPAM opt-out law also requires marketers to enable this feature in real-time.
  • Access and security: The preference centre should be easy to access and should require authentication only if the subscriber intends to update his/her information or preferences.
  • Verification of a subscriber’s preferences: The marketing automation system should send an email to the subscriber asking him/her to confirm the subscription. The system should present a clear confirmation screen and save the subscriber’s response. The system should send an email verifying any changes made to the subscriber data.
  • Segmentation: A preference centre must connect with the marketing database. Only those subscriber selections should be sent to a subscriber.
  • Reporting: On-demand reports should be available showing all subscriber changes and requests. Data validation and alert system: A set of data validation rules and related alerts are needed when unusual activity is detected.

Marketing Systems

Both your marketing database and your marketing automation system play a role in complying with GDPR and providing a quality customer experience.

Your marketing database should be responsive without API limits and/or transaction bottlenecks. It must process multiple real-time transactions from all data sources daily: Web, email, social, and other marketing channels. Most important, it must be able to create a single record for a subscriber to include all the subscriber’s information globally. New data from the subscriber should update existing data. The database should allow for integrated reporting for a subscriber from all marketing channels.

The marketing automation system should be cleaned daily using the data in the marketing database. (Vendors are available that can assist.)GDPR-businessman

User Acceptance Testing

A best-practice for the preference centre includes user-testing of the layout, navigation, and content. Here, the focus is on ensuring easy task completion and organizing the layout into logical groupings of preferences and interests.

Data Protection Officer

GDPR requires that companies have a data protection officer. Under Article 37, data protection officers must be appointed for all public authorities, and where the core activities of the controller or the appointment processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data” (such as race or ethnic origin, political preference, religious or philosophical beliefs, and the like).

Although an early draft of the GDPR limited mandatory data protection officer appointment to companies with more than 250 employees, the last version has no restriction.

Though GDPR may seem difficult, it will be less so if you think Customer First. That mindset is what marketing is all about, and GDPR only moves us closer to achieving it. 


For a comprehensive checklist, checkout NGData.

Problems with managing your data? Quidtree is a data management system specifically designed your you, the marketer, in mind.


Liam Trimble

Hailing all the way from New Zealand, Liam brings a unique kiwi twist to the world of marketing. An extensive background in customer-focused jobs gives him his edge when it comes to knowing what the customer wants.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this:
Skip to toolbar