9 steps towards GDPR compliance

With barely two months until the deadline, and deafening noise around GDPR, people are panicking. We put together this simple list of practical steps you can take, to work towards compliance.

Step 1. Get your privacy policy up to scratch
Work with your legal team or a consultant on the wording of your privacy policy, to let people know what data you will gather and what you will do with it.

Step 2. Audit your current databases for opt-in consent
Determine whether you have explicit consent to use personal data within your current database and identify precisely which purposes contacts have given consent for.

Step 3. Re-opt-in campaigns for current databases
If you don’t have clear consent for all your data, create engaging campaigns to request contacts to opt-in or re-opt-in for the purposes for which you wish to use their data.

Step 4. Create a process for opt-in consent
Implement a process to gather the required level of opt-in for new contacts. Don’t rely on an opt-out mechanism. Gain separate consent for each way you wish to use data e.g. sales, research, profiling etc.

Step 5. Get the sales team on board
Unless contacts have given explicit consent for the sales team to contact them, this practice is no longer permitted. Ensure your sales team are switched on to the upcoming regulations and aware of the importance of opt-ins.

Step 6. Review who has access to your databases
Work out which third parties you share data with and how they use it. Only use trustworthy partners and make sure you have contracts in place that include data provisions.

Step 7. Have a streamlined process for information requests
Work out where all your data is stored and develop a process to track and respond to requests for information. You must provide a full response to requests within one month.

Step 8. Prepare for a security breach
Take this as an opportunity to plan for the worst. Test your systems for robustness and outline the process you will use when the inevitable happens.

Step 9. Don’t panic
The important thing is to start the journey, including documenting your process, so you can show you are doing the utmost to comply with the regulations.

We provide GDPR compliance assistance tools through our modular SaaS platform. For details, visit Salpo.com/GDPR, email GDPR@salpo.com or call 0333 8000 029.