GDPR for marketers
Katie Armstrong is Head of Marketing at brightsolid. In this blog she shares her knowledge from a cyber security business breakfast she attended.
I really disagree with the scaremongering tactics that surround the marketing of cyber security and data regulations like GDPR. I’m a firm believer that if you scare people, they stick their head in their sand and do nothing. If we want to ignite change, progress, positive steps towards protecting people and businesses…start talking about why cyber security and data regulations are great…and actually pretty cool (as Adam highlighted in his short presentation this morning). These things are here for your benefit.
This short blog highlights my GDPR takeaways from Intrinsic’s Cyber Security Breakfast. Credits to Intrinsic for putting together a smashing breakfast with interesting speakers on a topic that isn’t usually very entertaining.
What did I want to get out of the morning?
Marketers seemingly worst nightmare has descended (cue DUN DUN DUUUUU)…….GDPR (the nightmare part is actually untrue, but we will get to that), and I wanted to check that we have covered off all the checks and procedures for marketing data we store.
What is GDPR?
In a nutshell, the government are doing their best to give customers/citizens more power over their data. Good thing, right? So that means they are becoming a little more strict on how companies are sourcing, storing, processing, sharing and deleting data. The new rules make it clear that a person must explicitly opt in to receive marketing materials or associated sales information from companies. People also now have the right to be forgotten and request to see all data a company holds on them.
The Government want organisations to know and evidence:
- Where your data comes from
- How and where you store data
- What you do with it
- If you share with third parties
- How long do you keep data before deleting it
- That your data is secure and you have the correct processes and procedures to prove it
- And most importantly, has everyone you hold information on given you their direct consent to store it
I heard fellow marketers across the country groan, as I first did, when they learned of the strict opt in clauses – being enforced as of May next year by the way, and could be backdated. But actually, this is really good thing because it means that businesses and organizations will not waste time trying to serve people that don’t want to be served.
Clean data!!! Oh my days. GDPR has been the data cleansing demon we’ve been waiting for, because let’s face it – everyone runs for the door when you mention a data clean up. But this stuff is important! It helps you to be more effective as a business and also stops you being hounded by organizations that you haven’t the blindest interest in.
New knowledge alert!
The biggest knowledge bomb dropped for me this morning was that: if one of your partners is prosecuted under GDPR and you share information with them – you can also be liable. So, we need to collaborate and make sure our partners are also GDPR ready.
What’s the impact?
There is going to be a lot of press around the 5% annual turnover fines associated with breach of GDPR.
However, Adam and the other presenters this morning reassured us that if you could prove your business or organization is tacking the right steps towards becoming best mates with GDPR the fines would be minimal. The government want to work with organisations to best equip them with the knowledge and skills to meet GDPR requirements. It will be enforced. It will not be lenient. But at the same time – it’s not ‘out to get people’.
Next steps on GDPR for us?
The folks over at Intrinsic are going to help our Information Security department sense and double check all the things we’ve already put in place and make sure we’ve not missed anything.
Intrinsic are offering FREE risk assessments for data security and GDPR, which I think is great. You can contact John for yours by emailing him.
Ok – enough on GDPR before I start boring you. You can find the government guidelines here. They’re really straight forward (I managed to follow them and I’m not technical in the slightest).
Adam’s talk on cyber security was really good. He highlighted that the big guys don’t get this right either so everyone is in the same boat –SME’s, the good news is that you’re probably not as far behind as you think you are and if you already have security procedures, technology and strategies in place – you’re winning.
More free stuff!!
I love free stuff. Zepko are offering a small range of data protection/security services for free to help you. Like, domaindetect. A brand protection that you can use for your website to safeguard against hackers. All of the tools are listed on Zepko’s website here. Security is at the heart of everything we do. If you’d like to talk to Information Security team then you email@example.com or ping me directly firstname.lastname@example.org
I’m now reaching the word limit that pushes the boundaries of ‘short blog’ so I’ll sign off for now. Thanks again to everyone who made this morning really interesting.