Select Page

Last week, ON24 hosted a webinar as part of their Insight50 series.

The webinar discussed regulation, focusing on how marketers can comply with the new data protection regulation coming into force on Friday (25th May).

The webinar was moderated by Andrew Warren Payne, ‎Director at ‎Market2Marketers. Panel members included:

  • Zach Thornton, External Affairs Manager, DMA
  • Abigail Dubiniecki, Specialist, My Inhouse Lawyer
  • Richard Preece, Director, DA Resilience

During the webinar, poll questions were conducted. The first question asked was: “Where is your company in terms of readiness for GDPR?”

The results revealed that:

24% of participants were fully compliant and have a process to ensure they stay compliant with ongoing change.

19% agreed they were compliant, but they don’t have a process to review their compliance with ongoing change.

48% admitted that they were not fully compliant but that they are taking steps towards it.

This suggests that although there are plenty of compliant organisations, some still have a way to go.

Below are some of the webinar’s key takeaways.

Five-step procrastinator plan

Mr Warren-Payne kicked off the first question asking “What last-minute action should organisations take if they haven’t taken action so far?”

Abigail Dubiniecki elaborated a five-step procrastinator plan on how late starters can get on the road to compliancy.

1) Know the law – go straight to the ICO website and its direct marketing guidance which has a useful lawful basis interactive tool. If an organisation conducts inbound and direct marketing they should look at the PECR guidance.

2) Know your data – this is critical for GPDR compliance and it has always been critical for PECR. Organisations cannot do things properly if they do not know what data they have.

3) Know what your legal justification and purpose is – marketers must know how to segment their database. This a skill can be applied to identify what the justification is, to determine the provenance of the database, the preferences the data subjects have and the purposes in which you are allowed to market to them. Not all of a database is treated the same, especially those that engage with B2B marketing. People are at risk of painting everyone with the same brush and then losing a number of potential contacts.

4) Trim the fat – most marketers use a tool for metrics, so it should be easy to find out how many people are reading their messages. If there isn’t any engagement then these contacts should be stripped away. The total cost of ownership for the disengaged is far greater than the actual value an organisation gets.

5) Go forth and market – but do it appropriately and maintain it. This can be done by establishing work flow and having a good record of processing activities so you know why you do what you. Training staff is also critical.

A tick box exercise?

“GDPR is anything but a tick box exercise. It is much more a contextual management of risk,” explained Richard Preece, Director at DA Resilience. “It is a demonstration that an orgnanisation has addressed risk management and made a judgement based on understanding the law,” he added.

GDPR isn’t a deadline. Continuous process is required and organisations should challenge the way they do things.

View GDPR as a positive

Zach Thornton, External Affairs Manager at the DMA explained that when he first started lobbying on GDPR a few years ago, the marketing industry was very negative about the regulation and deemed it to be the end of marketing. There has been a big change since then.

“DMA members are much more positive about it and have an ethos of turning GDPR into a positive and make it a unique selling point,” Mr Thornton said.

Bigger company challenge

One of the key questions asked was: “Can large providers refuse to sign a business’s processor agreement?”

Ms Dubiniecki explained that although it is the controller’s job to get sufficient guarantees, they should standardise as much as possible. Changes can then be made if needed with individual companies.

“Bigger companies are likely to have a DPO, who is required to act independently. By speaking with them directly, an organisation may be able to resolve a problem,” Ms Dubiniecki added.

To hear the webinar in full, follow this link.

By Laura Edwards, editor, GDPR.Report