Disclaimer: Skaled’s expertise in Sales and Marketing helps provide you with a better understanding of how the new EU privacy laws might impact your business. This article is not meant to replace legal advice for GDPR compliance.
Preparing your team for GDPR compliance can get overwhelming.
As you’re well aware by now, GDPR compliance is not a one-time process. On the contrary, it will change how your sales and marketing teams collect, store and process personal data from now on.
Considering the regulation’s complexity (all 11 chapters and 99 articles of it) it’s hard to know what to focus on; business type, geographic location and the size of your organization will influence priorities, but a common set of best-practices stands out for sales and marketing leaders.
Keeping this in mind, today’s article guides you through 10 points to consider and re-visit as you build GDPR compliance into your sales and marketing strategy:
Read on to find more details about each step outlined in the checklist above.
10 Points Sales Leaders Should Focus on For GDPR Compliance
1. Build awareness:
This is arguably the most important item in the checklist. Making sure key players in sales and marketing (and throughout your organization) understand GDPR’s impacts can make the difference between adhering to the regulation or risking non-compliance. The best place to start is to train your teams and make sure all departments coming into contact with personal data are fully aware of the new policies, penalties and procedures.
2. Conduct data inventory:
Review all of the personal data you currently hold to know what it’s used for and where it comes from. This is a good opportunity to do some house-cleaning; get your sales and marketing lists to re-opt in, and delete inactive subscribers.
3. Review your processes for obtaining consent for marketing lists and sales leads:
Article 7 states that you must use “clear and plain language” when asking for consent. Although it is not required, a best practice is to use a double-opt in procedure. You’ll also have to detail how the data will be used, who will be using it, and how a data subject can withdraw consent. Make sure to check your upcoming campaigns for compliance.
5. Review how you store data:
You should have systems in place to encrypt and store data securely. Some questions to answer are: do you have complete visibility of prospect data you capture and store? Do your systems communicate and store data in one place that is updated across all systems? Knowing this will help you avoid situations where sales or marketing reach out to leads or send materials to individuals who have opted out. This is especially relevant to businesses who have data spanning multiple databases and/or locations.
6. Have systems in place to detect and report data breaches within 72 hours:
In the case of a personal data breach, GDPR requires that you report the breach to your supervisory authority within 72 hours unless you have “implemented appropriate technical and organizational protection measures to render the personal data unintelligible to unauthorized users.”
7. Make sure your technology is up to date:
You should have tools in place to store the data in a way that is readily accessible if someone asks to view information you hold about them, or if they ask you to delete it. A good practice is to use tools that have privacy by design built in. If you need help getting your organization’s technology up to speed, get in touch with Skaled here.
You can designate someone knowledgeable and qualified from your team to monitor compliance and provide guidance to other team members. The DPO will also take care of requests individuals have regarding their personal data. If there is no one on your team with experience or a thorough understanding of the regulation, think about hiring someone specifically for the role.
9. Ensure your processes and systems are in place:
This means mapping your inbound and outbound data flow and setting up processes to delete personal data from ALL your systems once you no longer need it, or upon request. Also, be prepared to meet the data portability article: if requested, organizations must be able to deliver information to an individual in a “commonly-used format” within a month. What’s more, under GDPR, you are required to keep records of your data processing activities. For example, if you share inaccurate personal data with another organization, it would be your responsibility to inform the organization about the inaccuracy so they correct their data.
10. Have a change management strategy in place for long-term compliance:
A strategy designed for the long-run will minimize the risk of non-compliance for your business. Some steps to take? Create documents for your team on specific procedures, such as how to remove people from your systems. You can print out the checklist provided above, and review additional articles covering how GDPR will impact how they collect data and store lists.
Although this article is not meant to replace legal advice for GDPR compliance, Skaled’s expertise in Sales and Marketing helps provide you with a better understanding of how the new EU privacy laws might impact your business and how to get the right technology and processes in place.
For more information on how GDPR might affect your data management best practices, please reach out to matt.lopez@skaled from our team to learn more about what GDPR may mean for your business and strategy.
(Ready for the GDPR? Download your copy of the eBook: The GDPR Guide for B2B Executives and Sales Leaders to help you prepare).