Explore our Digital Marketing Strategy and Planning Toolkit

A visual timeline for implementing the GDPR in the UK

Author's avatar By Robert Allen 07 Jun, 2016
Essential Essential topic

12 steps to becoming GDPR compliant

On the 25th of May, 2018, the GDPR became law. The multitude of provisions to protect users privacy are a bit of a legal minefield for marketers, who are always hungry to use customer data where ever possible so they can better target customers with propositions. Given its importance, we have shared much advice from legal specialists on the Implications of the GDPR for marketing in UK and Europe.

In this post we're alerting you to the opinion that matters most in the UK - that of the Information Commissioner's Office who is responsible for implementing GDPR in the UK. In this new guidance of implementing the GDPR in the UK the ICO provides more information to help companies become GDPR compliant over the next few months, so make sure to utilise the resources they produce to help your business.

The good news is lawmakers have given businesses a full two years to become compliant. Sound like a long time? You'll be surprised at how fast it will go. Here is the GDPR implementation timeline.

GDPR implementation timeline

To help companies make the most of that two years and ensure that they don't miss the deadline for being compliant the information commissioner's office have helpfully created a 12 point checklist for conforming to the GDPR's regulations.

1. Awareness

Make sure the leaders in your organisation are aware of the timescale for implementing necessary changes for being compliant. Don't assume they've got a handle on it!

2. Information you hold

Make sure to keep a record on what personal data you hold, where it comes from and who it is shared with.

3. Communicating privacy information

You should review your privacy notices and plan for how they will have to change to be GDPR compliant.

4. Individual rights

Check your processes to make sure you will be able to delete a person's data if they request it or provide them with their data if they request it.

5. Subject access requests

Think about how you will handle requests within the new timescales and provide any additional information.

6. Legal basis for processing personal data

Identify the legal basis you have any data processing you do. Make sure to document it thoroughly.

7. Consent

Review how you are getting your customers consent for any data collection, and check that it meets new guidelines. If not, plan how you will make the changes.

8. Children

You'll need to put systems in place to verify ages and get parental consent for any data collection on children.

9.  Data breaches

You should ensure you have the right procedures in place to detect and investigate a personal data breach.

10. Data protection by design and data protection impact assessments

Plan how you will pass a privacy impact assessment, and implement any changes required to be compliant.

11. Data protection officers

Designate a data protection officer if your organisation is large enough. If too small for a dedicated officer, you still need to assign the responsibility for compliance to someone in the business.

12. International

If you organisation operates globally you should make sure what supervisory authority different parts of your organisation falls under.

Develop a timeline specific to your organisation

The 12 pointers provided by the ICO are a great place to start, and help to structure your thinking when it comes to becoming GDPR compliant. But they're just a first step and a handy way to check you've got things covered. Use these 12 points to build a much more detailed timeline for implementing the changes you'll need to make to become compliant. Doing so will take all sorts of different departments working together, so make sure to get all the stakeholders on board and don't set any unrealistically short timeframes that lead to overrun. Once you start planning all the changes, you'll need to put in place you will soon find that two-year implementation window starting to look a little narrow. So make sure you don't put it off, and start planning now.

For more information on the 12 steps mentioned above, you can download their short report on the 12 steps to take now.

Author's avatar

By Robert Allen

Rob Allen is Marketing Manager for Numiko, a digital agency that design and build websites for purpose driven organisations, such as the Science Museum Group, Cancer Research UK, University of London and the Electoral Commission. Rob was blog editor at Smart Insights from 2015-2017. You can follow Rob on LinkedIn.

This blog post has been tagged with:

Implications of the GDPR for marketing in UK and Europe

Recommended Blog Posts