Last year, the Information Commissioner’s Office (ICO) issued more than one million pounds in fines for data breaches. Most enforcement actions were against marketing agencies or related to in-house marketing activities.

Yes, the ICO has teeth and it’s not afraid to bite but, for smart marketers, there’s plenty of helpful advice to avoid breaching GDPR. Here are nine things marketers need to do now to make sure their customers and businesses are protected.

1. Start preparing for GDPR now

25thMay 2018 is a fixed deadline for GDPR compliance. We’ve already had a two-year probation period, so if you haven’t got your house in order, now is the time.

2. Audit your mailing list

Only 25 per cent of existing customer data will meet GDPR requirements by the May deadline, according to a study by W8data. The ICO could have a field day. To make sure you are compliant, check your mailing list for anyone where you don’t have a record of their opt-in and remove them.

3. Get new consents from data subjects

If you want to add old contacts back into your newly compliant database, make sure you have obtained their consent. They will need to demonstrably want to join your mailing list; by sending an automated email to confirm their subscription having been on your website, for example. The same applies to all new subscribers.

NB: they must come to you first, you can’t just email them outright asking if it’s OK to email them. Here’s a cautionary tale…

ICO fines Flybe and Honda…for “trying to comply with GDPR”

Don’t fall into the same trap as FlyBe and Honda, who were fined a total of £83,000 for breaking the rules, when they emailed people asking them to update their marketing preferences ostensibly without their consent. The ICO found them in breach of the Privacy and Electronic Communication Regulations (PECR). Ironically, both companies claimed they sent the emails to make sure their customer data was GDPR compliant.

Talking to The Register, Steve Eckersley, the ICO’s head of enforcement, said: “Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent is still marketing and it is against the law.” This same principle behind the PECR also applies to GDPR.

As Steve went on to say: “Businesses must understand they can’t break one law to get ready for another.”

4. Design new contracts with customers, partners and suppliers

Review your contracts to make sure they’re GDPR compliant, and have them signed off by May.

 5. Review how you collect personal data

If you’re relying on bought-in mailing lists, you may want to review this strategy. While it can seem daunting, there are other (more interesting) marketing tactics to guarantee an engaged and interested audience.

6. Launch a pop-up “subscribe” form on your website

This is all about getting people to self-subscribe to your mailing list. Depending on your preference form, this can also enable you to segment by content, media type and communications frequency.

7. Develop a content marketing strategy

People are generally happy to provide their basic name and email address if they think they’re going to get valuable content. So, create a content marketing strategy that provides your own high-quality materials such as white papers, guides and eBooks in return for visitor data.

8. Advise your sales team on social selling

Instead of trying to reach new prospects by email, educate your sales team in the art of social selling on media such as LinkedIn and Twitter, depending on your audience.

9. Review what data you collect

GDPR limits you to retaining only the bare minimum of customer data, so you need to understand the data you’re collecting in more detail. Delete any data you can do without. For submission forms, only ask for what you will need and what you will use.

To help marketers prepare for GDPR, the Chartered Institute of Marketing (CIM) has collaborated with Me Learning to develop an e-learning course. You can find out more by clicking here.