Return to site

What do Easter and the GDPR have in common?

Answer: renewal! As marketers we will be engaging with customers and dumping old, exhausted leads.

What we will be left with is a shiny, new, cleansed list of contacts who are engaged and interested in what we have to say.

So, all sorted? I’m betting the answer in most cases is no. If you haven’t read enough already, here’s a few tips from a marketing perspective:

1 Don't panic

There’s still a lot of panic about marketing lists and whether you can continue to use them. But you don’t have to do what Weatherspoon’s has done and throw them out. They just decided that social media was a more powerful marketing tool for them.


First things first – are you registered with the ICO? Under the existing data protection regulations, you need to be. So, get that done. Then, read the ICO Guidelines they’re really helpful and will probably give you all the information that you need.

3 Data audits

Think about the data you hold on individuals, how you collected it and whether it will stand up to the new regulations. Which contacts fall under which basis for processing? Think about segmenting data into the different types, this will make it easy to keep track of changes.

For the uninitiated, there are six bases on which you can process an individual’s data:

a) Consent

b) Contract

c) Legal Obligation

d) Vital Interests

e) Public Task

f) Legitimate Interest

So, for example, you may not need to get consent from existing customers because that falls under contract.

4 Privacy statements

If you are a data controller, you should be setting up an agreement with the data processors. However, in many cases, the data processor will be a larger organisation like MailChimp so they will do the hard work for you.

You will need to ensure that data subjects are very clear on exactly what you are going to be doing with their data and who, if anyone, you are going to share it with. They will also need to know how to ask for it to be removed.

5 Document processes

Basically, document everything. If the ICO come calling, they can see that you have put some effort into it! You will need to document your processes including the following:

a) requesting consent

b) deleting data when asked

c) giving access when asked

the controller shall be responsible for, and be able to demonstrate, compliance with the principles.- Article 5(2)

So, get ready!

If you happen to be in the property industry have a look at, the only online training system designed specifically for you. For everyone else, there’s so much stuff out there, but once you have read the guidelines you should be all set.

Contact for further information.

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!