At the beginning of this year, headlines stipulated that less than 50% of businesses within the UK were aware of the GDPR coming into effect at the end of May, or how to implement GDPR-compliant practices into their organisation.

The GDPR is a broad legislation and as such it affects companies differently dependant on sector, client base, and business objective. Therefore, this worrying figure unfortunately comes as no surprise.

As many firms still aren’t aware of what needs doing, this blog showcases B2B firms who are ahead of the curve when it comes to GDPR compliant practices. It serves as inspiration for other firms who are struggling to apply the theory of GDPR to everyday activity:

1. Hitachi Consulting Corporation

 

Two months before the official deadline, the British Standards Institution certified Hitachi Consulting as one of the first companies in the UK to become GDPR compliant. Speaking about how GDPR will affect them, Hitachi Consulting stated: “For us, GDPR is more than a new legal regulation, it has become instrumental in driving a positive culture of compliance for our employees, our customers and prospective customers and our suppliers” (Hitachi Consulting, 2018).

How are they implementing GDPR-compliant marketing?

When implementing GDPR-compliancy changes, Hitachi Consulting assessed its existing compliance landscape through interviews and questionnaires with key members of IT, business development and legal functions. This was the first step in ensuring all instances of the broad legislation were met in every department.

On top of review work, Hitachi Consulting appointed a steering group made up of “GDPR champions”. The group’s aim is to educate employees, provide visible support for the regulation and decide on GDPR-related priorities within the business. Hitachi has opted to appoint more than one designated Data Protection Officer to oversee the implementation across the business; going above and beyond the minimum requirements most firms are meeting.

A tip from Hitachi:

Remember that, even though the GDPR is a piece of legislation, it’s not solely a legal issue and should be a conversation between all relevant departments—IT, business development, legal etc—with input from the firm as a whole.

 

2. Lloyds Banking Group

 

Lloyds is in the minority of businesses that committed significant resources soon after the legislation was announced. Preparing for the May 2018 deadline two years ago has given them a significant advantage.

How are they implementing GDPR-compliant marketing?

In preparation for the GDPR, Lloyds accumulated a group of experts and divided them into 11 work streams to manage specific aspects of the new regulation within their business. These areas cover how data will be used, how requests for personal information will be dealt with, how group-wide marketing will be affected by the changes and data privacy generally. The aim of this is to determine how each area will impact the organisation as a whole after the 25th May.

Tips from Lloyds:

  • Educate various client-facing teams to ensure they’re aware of the implications of the GDPR. By running GDPR sessions for both clients and employees, firm’s can ensure that they keep up to date with the latest from the ICO.
  • Take stock of every one of your firm’s digital channels—website, email, app, database, and privacy policy—to understand what needs to change in preparation for the May 25th deadline.
  • Ensure that any future work is GDPR-compliant—whether that be in terms of data collection or processing.
How will GDPR effect your professional services firm? Read our in-depth blog on: The impact of GDPR on B2B marketing in the UK and worldwide.

 

3. Shell

 

Like Lloyds Banking Group, Shell started making GDPR-compliancy changes nearly two years ago. Before that, the business didn’t know where data was held or what was being done with it.

How are they implementing GDPR-compliant marketing?

Shell are focused on three key areas. These are:

  • Teaching focused teams… This comprises of working with a ‘focal point network’—those teams that work closely with personal data within all firm functions, including marketing and business development. This ensures each team is GDPR-compliant.
  • Structural… Which means working out how data is used within Shell’s marketing team at the moment and allowing the Shell team to understand what practices are no longer allowed under the GDPR. This practice enables them to work out how to gain similar marketing results post-GDPR in a compliant, simple way.
  • Raising general awareness… This involves teaching employees the new rules around data compliance. At Shell, those who work closely with data need to complete an annual training course to ensure there are no slip ups.

A tip from Shell:

The new GDPR will be an ongoing challenge but Shell’s in-house legal team have spent a long time simplifying the legislation as GDPR means something different to every company. The regulation can change depending on what company you’re in, what sector you’re in and what you’re trying to achieve overall. Shell’s tip is to not listen to blanket advice, but ask the right questions that are specific to your firm.

 

Where does this leave your firm?

 

The UK Information commissioner, Elizabeth Denham, has made it extremely clear that although some organisations won’t be fully compliant by the 25th of May, they need to prove that they’ve made an active effort to become GDPR compliant: “Have [organisations] taken steps, have they taken action to undertake the new compliance regime? We’re not going to be looking at perfection, we’re going to be looking for commitment” (BBC News, 2018).

It’s clear that the General Data Protection Regulation is here to stay—not just a one and done activity that’ll be left in 2018—and the continuous process will need to be constantly evaluated over time. Although the legislation has left a number of firms confused as to how to proceed with it, being proactive and tackling the change head on (like Shell, Lloyds and Hitachi Consulting), ensures that your firm is taking the GDPR seriously, therefore reducing the risk of fines while becoming GDPR compliant.

If you still have questions on how the GDPR will effect your firm, ask us anonymously on our Q&A and read the answers in a blog later this month.

If you’re interested in knowing how marketing will work in a post-GDPR world, sign up to our newsletter to receive our GDPR-related content, such as how GDPR will be beneficial for your firm, the best GDPR resources you can use and ICO interviews.

How can we help?

Leave a message below and a member of the senior team will be in touch.

Share This