Julian Saunders, CEO and founder of data management and GDPR compliance solution PORT.im, provides his top tips on how marketers can get ready for GDPR

Last month, there was news that the ‘world’s loneliest tree’ was set to become the marker of a new period in our geological history – the Anthropocene Epoch. The presence of radiation in its wood from nuclear tests was to be the ‘golden spike’ to date when humanity’s impact on the Earth suddenly intensified. For marketers, the ‘golden spike’ that will mark a new era for the profession will be May 2018. From then on, the old ways of hoovering up data to maximise the size and detail of a marketing database will be out thanks to GDPR. Left in the last epoch will be spray and pray marketing campaigns, mass use of third party datasets and unsolicited marketing campaigns.

Every organisation will have to change how they market to their customers and specifically, how they collect, store, manage and analyse data. Reams of material has been written about the scope, impact, and philosophy of GDPR, but there is little in the way of practical advice on how the average marketer, especially from an SME, can prepare their marketing database. Over the last year, we have been working with scores of SMEs to help them become GDPR compliant. This experience has given us an insight into the steps marketers can take to improve data management – actions that will ultimately save them time and money on the road to GDPR compliance.

Most marketers operate with either a limited CRM system, via multiple platforms storing customer data or deal with information of questionable provenance. As a result, the average SME’s data is disparate, lacks paper trails detailing why, when and where information was collected and is far from harmonised (in different formats). Dealing with this problem takes time but by breaking it down into stages it becomes much more manageable:

  • Identify your known data stores. Then, list all your customer touch points where data could be exchanged. Ask your colleagues to check what customer data they hold on their devices or, and this can easily be forgotten, within their email inbox. This should give you a map of where every piece of marketing data could be stored and used. Include old device hard drives, cloud storage, USB sticks and anywhere else a spreadsheet of data could conceivably be held.
  • Put it all in one place. Collect all of the data into a shareable, cloud-based platform. This could be an existing CRM system or, for very small companies, a simple Google Sheet. Ideally, include information from customer service and every other client facing departments.
  • Delete the remaining data silos. With your data centralised, risk of misuse (whether intentional or accidental) of data can be mitigated by deleting all the other duplicate stores of information.
  • Clean your data. The new GDPR-epoch is a world where more data equates to more risk. If you don’t know the provenance of some customer information – purge it. Similarly, if you don’t need the data get rid of it. Less is more in this instance and quality trumps quantity. At this stage, it’s also good to ensure that your information is all in the same format and readable, this will provide numerous future benefits for analysing and automating marketing processes.
  • Track consent. Every marketer should be fully aware that they need explicit consent to send marketing messages to a customer. In most cases, this requires getting ‘new’ consent. I’m not going to go into best-practice on how to approach a consent campaign except to briefly discuss the mechanics behind tracking consent. Put basically, you need to be able to link the response, or lack or response, from your consent campaign to your marketing database. On more complex CRM systems, workflows can be created that will automate this process. For organisations that don’t have this option, the choice is between manually amending the data – which can be both time consuming and subject to human error – or purchasing a technology solution that will manage consent. Whichever option you choose, it is critical that you can store and amend a paper trail covering consent on communications – including exactly what the customer consents to be contacted for and on what channel. This system also needs to be flexible enough to enable consent to be revoked at any time.
  • Plug your tech gap. If you find that tracking consent, managing your data or even creating a platform which can be accessed and used effectively by your marketing department Is difficult or impossible, chances are you need a new technology solution. This could mean augmenting an existing tech stack or throwing it out and getting something new. In any case, undertaking the above exercise will give you a clear brief on exactly what solution you need.
  • Enforce data governance procedures. The above will be pointless unless you make sure your marketing team understand and follow strict data governance procedures. Limiting or banning the copy and storing of data on personal devices or in places other than your main store will help. However, the best approach is to fully educate everyone in your organisation on their responsibilities and the fines that could be levelled for breaching GDPR. Reviewing these procedures regularly and ensuring they adhere will create a company culture that respects personal data and enables long-term compliance.

Julian Saunders

Julian Saunders


Julian Saunders, CEO and founder of data management company, PORT.im