As a marketer, we’ve all read countless predictions of a GDPR-based apocalypse due (roughly) a year from now. However, one in four businesses are still unprepared, and One third won’t be fully compliant come May 2018. In fact, less than half of UK businesses have set in motion any processes to make their businesses compliant.

The marketers I speak to on a daily basis know the GDPR is coming. It’s like a big elephant in the room, they know the requirements for permissions, opt-ins, storage, and so on. There are just more pressing matters to attend to. After all, it’s still a whole year away.

Yet, there’s the fact that, without complying with GDPR, it really won’t matter what other marketing activities you have planned from May 2018 because you’ll have far fewer people to engage with.

And then there’s the date. Unless your organisation is part of a super-agile newcomer to the digital world, chances are change will happen at a glacial pace. Which means May 2018 is effectively the blink of an eye.

Think Brexit will save you? It won’t, not least because, as Matthew Hancock, Minister of State (Department for Culture, Media and Sport) (Digital Policy) noted, GDPR is a, “decent piece of legislation [that] will help ensure the UK is starting from a position of “harmonisation” rather than a position of difference in Brexit negotiations.”

If you’re operating in the EU, talking to consumers who have an increasing understanding of GDPR and an expectation that you will comply with it, there’s an even more pressing need to ‘act local, think global’.

So, the time to act is now. While UK businesses still have a chance to adapt. There’s time to make seismic changes if they need to happen. Better still, time to get your head around GDPR now and you may find you don’t have major changes to make. But where can you start?

1. Take the lead

GDPR isn’t solely the preserve of marketers, but they should be leading the way because it understands the impact of not complying better than any other business function. The GDPR gives marketing the chance to build a framework to run across the whole organisation, which will define a truly customer-centric way of working.

2. Apply the ‘chemistry of consent’

As consumers become more informed about their rights, they’ll increasingly enact them. Consent will no longer be a freely given right. But how can businesses make sure consumer’s “right to be forgotten”, data portability and data breach protections part of business as usual planning?

Simply, there are 5 basic questions which need to be asked and answered to ensure all parties know where they stand:

  • What permissions does the organisation currently have?
  • What data does it hold on its customers?
  • Does it have a roadmap for its planning and creative work?
  • Is there a plan for tracking and measuring consent? Both in the first instance and ongoing
  • Is there a plan for awareness training to bring all staff up to speed

3. Beat the rush

If you think your inbox is crowded now, that’s nothing to what will happen when every organisation that has you somewhere in its data starts scrambling to get your consent. So how do you beat the crowd? You have 12 months. 12 whole months to get your house in order. So prioritise the most relevant pieces of the legislation first! Find out what needs to change first and fastest, where the grey zones are, and plot out your path to ensuring you comply whilst remaining relevant with your consumers. This will require ensuring that you’re giving something of value in exchange for the opt-in and making sure you know how you intend to keep those precious permissions in the longer term.

4. Get ready for a change in consumer attitudes

The post-GDPR consumer won’t act like the pre-GDPR consumer. They’ll be empowered and in control. From Martin Lewis to Watchdog to the Daily Mail, consumers will have a new found understanding of their rights, and they won’t be afraid to use them. So marketers need to be thinking now about how this will change the way we communicate with customer going forward and start fixing any potential issues now.

GDPR: opportunity, not burden

The GDPR doesn’t have to be the scary elephant in the room. If seen as a great opportunity, it will help businesses explore new technology, data, and creativity – and help to reach and engage new and existing customers in ways never dreamed of previously.

We know that when GDPR is enacted, one wrong move or unwanted communication could see brands’ circle of reach dropping dramatically as customers switch off. At that point, permissions – and trust – will be far more difficult to earn back. So now more than ever, GDPR challenges us to listen to and understand our customers.

Sarah Hooper

Sarah Hooper


Sarah Hooper, Planning and CRM Communications Director at Amaze One.