The General Data Protection Regulation is due to come into force across the EU in just over a year’s time. In this follow up to our earlier blog, where we offered an overview of the regulation, I plan to explain how professional service marketers should prepare for its enactment by providing you with a Countdown to Compliance on a month by month basis.

in Part 1 we will concentrate on May through October. Feel free to share this to all your data and CRM colleagues in your network – they will thank you for it in the long run!

For the sake of convenience I have organised the Countdown actions into the following categories:

A – Action   |   I – Influence   |   M – Measure.

                      Or AIM for short.

May 2017

This month’s actions are all about laying the foundations for compliance.

This involves checking off some specific actions, but more importantly identifying the stakeholders within the firm that you are going to need to work with.

  • ACTION: Confirm your legal basis for data processing.
  • INFLUENCE: Identify within leadership the key individuals that you will need to work with to implement the firm’s GDPR plan.
  • MEASURE: Run a report on your CRM system (and other systems if you have them) that enable you to segment contacts by your confidence in the quality and completeness of their Consent Status e.g. explicit consent, implied consent, no consent.

May 2017

This month’s actions are all about laying the foundations for compliance.

This involves checking off some specific actions, but more importantly identifying the stakeholders within the firm that you are going to need to work with.

  • ACTION: Confirm your legal basis for data processing.
  • INFLUENCE: Identify within leadership the key individuals that you will need to work with to implement the firm’s GDPR plan.
  • MEASURE: Run a report on your CRM system (and other systems if you have them) that enable you to segment contacts by your confidence in the quality and completeness of their Consent Status e.g. explicit consent, implied consent, no consent.

May 2017

This month’s actions are all about laying the foundations for compliance.

This involves checking off some specific actions, but more importantly identifying the stakeholders within the firm that you are going to need to work with.

  • ACTION: Confirm your legal basis for data processing.
  • INFLUENCE: Identify within leadership the key individuals that you will need to work with to implement the firm’s GDPR plan.
  • MEASURE: Run a report on your CRM system (and other systems if you have them) that enable you to segment contacts by your confidence in the quality and completeness of their Consent Status e.g. explicit consent, implied consent, no consent.

August 2017

One of the big changes in the legislation is the increased obligations on data processors, so it’s not enough simply to put your own house in order you need to make sure that those processing data on your behalf are in good shape too.

  • ACTION: Evaluate your contracts with 3rd parties and determine if you need to speak with your suppliers and/ or review their tighten their contracts.
  • INFLUENCE: You are going to need to involve purchasing (or whoever has responsibility for managing contracts) as you are almost certainly going to need change some of your supplier vetting processes to ensure that they are meeting their obligations.
  • MEASURE: Evaluate the number of times that data was processed on your behalf and if you can determine how often that data was taken off-premise or connected to remotely.

August 2017

One of the big changes in the legislation is the increased obligations on data processors, so it’s not enough simply to put your own house in order you need to make sure that those processing data on your behalf are in good shape too.

  • ACTION: Evaluate your contracts with 3rd parties and determine if you need to speak with your suppliers and/ or review their tighten their contracts.
  • INFLUENCE: You are going to need to involve purchasing (or whoever has responsibility for managing contracts) as you are almost certainly going to need change some of your supplier vetting processes to ensure that they are meeting their obligations.
  • MEASURE: Evaluate the number of times that data was processed on your behalf and if you can determine how often that data was taken off-premise or connected to remotely.

August 2017

One of the big changes in the legislation is the increased obligations on data processors, so it’s not enough simply to put your own house in order you need to make sure that those processing data on your behalf are in good shape too.

  • ACTION: Evaluate your contracts with 3rd parties and determine if you need to speak with your suppliers and/ or review their tighten their contracts.
  • INFLUENCE: You are going to need to involve purchasing (or whoever has responsibility for managing contracts) as you are almost certainly going to need change some of your supplier vetting processes to ensure that they are meeting their obligations.
  • MEASURE: Evaluate the number of times that data was processed on your behalf and if you can determine how often that data was taken off-premise or connected to remotely.

Next Steps:

Are you ready for GDPR?