Seven last minute ways to prepare for GDPR (if you haven’t already done so)

Are you ready for GDPR? Or are you beginning to panic that you still don’t know what it requires? Here are seven last minute ways you can prepare for GDPR.

With GDPR on the horizon, many businesses are scrambling to get their house in order. But don’t worry if your business is one of them – or worse, you haven’t even started yet and don’t know what to do – direct mail marketing experts Romax have prepared seven tips to help you.

Before we get started, it’s important to note that this article contains general tips to set you in the right direction. At no point should it be construed as legal advice. If you’re unsure of anything, please do seek legal counsel.

Seven last minute ways to prepare for GDPR

So here are seven last minute ways you can prepare for GDPR (if you haven’t already done so).

1) Familiarise yourself with the legislation

Reading the GDPR legislation should be your first step. It will help you gain an idea of what your responsibilities are. It’ll also help you become familiar with what kind of data this legislation aims to protect. This includes:

Name.
Address.
ID numbers.
Location.
IP address.
Cookie data.
RFID tags.
Health and genetic data.
Biometric data.
Racial or ethnic data.
Political opinions.
Sexual orientation.

2) Do a complete audit on all the data you currently have

You need a complete data audit if you currently hold data on EU citizens. Find out:

Exactly what you hold.
If consent was gathered.
How it was processed.
Where it’s stored.
How secure it is.
What risk factors there are.
If you actually need all the data.

If you find that much of the data is unnecessary for your business operations, consider getting rid of it. If you have a huge mailing list with a significant percentage of inactive users, consider sending out a campaign asking them to opt back in; unsubscribe those users who fail to respond.

Think about storage too. Gather all your data assets and store them securely in one place, making it easy for your company to find data and serve requests from customers who are drawing upon their right to access subjector right to be forgotten.

If you’re unsure about any of the above, now is the time to get professional advice on developing a GDPR compliant data processing plan

3) Plan for minimal data collection

Going forward, make it a policy to collect only data that is essential to your business objectives. You’ll be surprised at how many businesses collect data they don’t need simply because they ‘may’ need it at some point in the future. This kind of unused data can become an unnecessary liability. So identify and focus on what data is actually needed.

4) Update your marketing strategies

Because of the active consent element of GDPR, you’ll need to modify both your traditional and digital marketing strategies. Active consent simply means you can’t assume consent, or use tricks to gain consent (such as pre-ticked boxes). Instead the consumer needs to actively opt in, and you need to record and store that consent as evidence should you come under ICO investigation.

So if you collect data via print material, you may need new print assets; forms will need to make it clear what the data will be used for, with a clear opportunity to opt in. It’s the same for websites that have a data capture strategy in place.

You’ll also need to have a plan for storing the gathered consent. This is important because at some point you may need to prove that you’ve acted lawfully.

You’ll need stronger cookie notifications that allow users to deny cookies as well as give permission. This may require software solutions that enable users to disable cookies early on and still be able to use your website.

5) Conduct a cybersecurity review

Cyber crime is on the rise and it’s getting very sophisticated year-on-year. So, if you rely on computer networks to store, collect and share data across your organisation, you need a cybersecurity review.

The questions you need to ask are:

Is the network safe and secure?
How easily can it be breached?
Are there potentials for data leakage?
Are the staff web-savvy?
Is the data encrypted?
Are devices protected from malware?

The aim is to put measures in place that minimise the risk of being breached and of sensitive data getting into the hands of criminals.

You may need to invest in better cybersecurity technology and staff-training to make sure members of your team don’t become entry points for malicious activity.

6) Audit third-parties that have been collecting data on your behalf

This is important because you are still liable for this data. It’s your responsibility to ensure that all third-parties are GDPR compliant.

So, for example, if you’ve hired a digital agency that manage direct marketing and data management on your behalf, you need to make sure they’re handling the data lawfully.

7) Consider appointing a designated compliance officer

If your company is big enough, you should consider appointing a compliance officer whose sole job is to make sure the entire organisation is adhering to GDPR. This may require significant investment in training, recruitment and employment costs etc. However, when you consider that businesses face fines of 3-4% of their annual turnoverfor non-compliance, it may turn out to be a cost effective investment.

Are you ready for GDPR?

The above list is by no means exhaustive. There are many complicated factors to consider when planning for GDPR. So, while the advice above should get you moving in the right direction, it’s not a replacement for effective planning and proper legal counsel.

If you need more help on becoming GDPR compliant, we recommend seeking professional advice. You can also read more tips on protecting your mailing list from GDPR here – but again, we advise seeking proper legal advice to ensure you are fully compliant.

Want more advice on how to prepare for GDPR? Read more about it here.

For expert advice on direct mail marketing and more, visit Romax, a market leader in print and direct mail services.

Photo by ev

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 19 days 13 hours 20 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_39226696_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_omappvp	11 years	The cookie is set to identify new vs returning users. The cookie is used in conjunction with _omappvs cookie to determine whether a user is new or returning.
_omappvs	20 minutes	The cookie is used to in conjunction with the _omappvp cookies. If the cookies are set, the user is a returning user. If neither of the cookies are set, the user is a new user.

Cookie	Duration	Description
centerVisitorId	7978 years 5 months 19 days 13 hours 11 minutes	This is a HTTP cookie used to track the individual sessions on the website. It helps the website to compile statistical data from multiple visits. This data is used for lead generation as a part of marketing purpose.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
view.ga79y7i4H2VjMus2eRJYqN.4ewaiz7cYMLxo2Fdorod4k	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5659118702428160	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5kjS2nejq2YcnYdvBnXie6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.6M3TmeJYUdaXk4bFFoEsPB	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.AcqHN2Jx4LPTHTaVuvgpj7	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.az9ENbabTdjyzXZhvGZLsH	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.BfndspJeShXfBzLLV9vgf6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.dExRyANhGorUfWBK88b8He	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.DLQVxHBCjsB8dSGzMQHEG8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.ecCiQ7LhtWkSkJ7TaZBNeg	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.FQVDyuAXgSZP6EjzQVc8vZ	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.gm24Y7zkcqfXLnVYsG45ua	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.Jngw8VouAHPooyWULt96v8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.JUp6DgKPEh2GnAKP6Hic9a	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.oXoiDpd347fYcUzoEogUp3	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.PxByyBFy44UYvo87EnhdAT	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.pXcNDvRdAUByFqYPw6mShD	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.QdALHubScinNuHaMzo6r4T	1 day	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.
_drip_client_6898597	2 years	No description
_drip_visitor_6898597	2 years	No description