• Cookie Policy (UK)

Certified Salesforce Partner UK - Salesforce Consultants - Salesforce Solutions

Consultants in Salesforce Marketing Cloud CDP Marketing Cloud Account Engagement - Top Certified & Experienced - 5/5 CSAT

Call +44 (0)330 808 3317
Salesforce consultant - marketing consultants, Salesforce partner UK REVIEWS
  • SALESFORCE CONSULTING
    • Pardot Consulting
      • Pardot Services to support your ongoing success
    • Marketing Cloud Consulting
    • CDP Implementation Consultants
    • Sales Cloud Consulting
      • Salesforce Managed Services
    • Salesforce Service Cloud Consulting
    • Salesforce integrators for ISV partners
      • Campaign Monitor for Salesforce
      • Emma for Salesforce
      • The Best Email Marketing Packages for Small Business
    • Salesforce Community Cloud Implementation
  • CLIENT SUCCESS
    • Clients Who Trust Us
    • Testimonials
    • Healthcare Case Study – Patient Communication
    • Salesforce nonprofit case study – LoveYourBrain’s marketing automation platform migration
    • Marketing Cloud Case Study for Church Community
    • Salesforce Marketing Cloud Case Study: Luxury Membership Club
  • ABOUT
    • Our Leadership
    • Our Team
      • Jobs
    • Our 1% Pledge
    • Press
  • BOOK A DISCOVERY CALL
  • CONTACT
    • Contact us by email
    • Call us at +44 (0)330 808 3317
    • Ask us a question
    • Get a Salesforce Demo
    • Marketing Cloud Prep Workshop
  • RESOURCES
    • What is Salesforce
      • What lies ahead: Salesforce Roadmap in 4 min videos
    • Marketing Cloud
      • Salesforce Marketing Cloud Case Study – B2B2C – Great read for Cat lovers
      • Salesforce Marketing Cloud FAQ
    • Salesforce CDP
    • Pardot
      • Pardot Naming Convention Generator
      • Guinness World Records Pardot Case Study
    • Sales Cloud
      • Hospitality Case Study
      • Grow Your Business Successfully with Salesforce CPQ
      • Campaign Monitor for Salesforce
    • Service Cloud
    • Salesforce Communities
    • Strategic Marketing
    • Other Digital Marketing Platforms and Tools
      • SEcockpit for SEO
      • Trendemon for Journey Optimising
      • Hootsuite for Social Mgt
      • WordPress
  • SALESFORCE BLOG
    • Insights for Marketing
    • For Sales & RevOps
    • Small Business Tips
    • Tips & Tools for Service
    • For Salesforce Leadership
    • Our Salesforce Webinars & Events

GDPR Compliance Process – Checklist for Companies

January 24, 2018 By ASTRID VAN DORST

The General Data Protection Regulation (GDPR). It’s the EU’s – UK’s new landmark privacy law will take effect on May 25, 2018. That’s around the corner. Have you started yet? If not, get quickly up to speed with this GDPR Compliance Process – Checklist for companies.

 

GDPR Compliance Process in 5 “easy” Steps: What Companies Need to Do

This GDPR Compliance Process and step-by-step Checklist is intended for our clients who are Salesforce and Marketing Cloud users to help them sort their compliance challenges, and quickly forge a path towards compliance, in 5 “easy” (or, not so easy) steps:

GDPR Compliance Process - Checklist

Let’s work through the checklist. For each major step, there are a couple of activities. As follows:

STEP 1. Get All Informed.

  • You: Learn about GDPR requirements for your particular business. If you are in an industry with sensitive personal data, your data management requirements will be stricter. (see this article: GDPR: What you need to know today.)
  • Management:Raise its awareness of the importance of GDPR compliance. This seem like extra nuisance paperwork to some business leaders who hope it will go away if they don’t look into it. Not so. Forge action.

 

STEP 2. Get to Build the Team.

  • Approval: Get management approval for needed budget & staff (your time, time of critical other employees who ought to be your team mates).
  • Lead: Appoint a GDPR “captain”.
  • Board: Build a steering committee with key functional managers. Get everyone on board and talking about it.
  • Champions: Pinpoint data protection champions throughout your company.

 

STEP 3. Assess Your Business.

  • SWOT: Assess the strengths and weaknesses of current privacy and security efforts. Is there anything in place yet? Look for “trouble spots”, areas of data management that must be cleaned up.
  • Create Data Inventory, embracing all data, in all systems. That is: everyone’s laptop, all databases, everywhere where the company stores personal data. For each data set, mark:
    • Specific purpose of holding the data.
    • When was individual consent obtained and for what specific usage.
    • Reasonable timeframe of holding the data, relating to that time frame. E.g.
      if people consented to get information regarding a particular seminar, and that seminar is passed, you probably don’t need to keep their personal data.
  • Create a Process Register: list all data processing activities. Depending what your company does with customer data, this can be quite a job.
  • Conduct a Privacy Impact Assessment: for high-risk activities.
  • Resolve issues and document current compliance..

 

STEP 4. Establish Controls & Processes.

Next, you need to setup a system that will ensure continued compliance over time.

  • Notices: Place privacy notices where/where your company collects personal data.
  • Controls: Set data-usage-controls to limit data usage to the purposes for which it was collected.
  • Consent Mechanisms: Establish mechanisms to manage data subject consent preferences.
  • Detection Measures: Implement appropriate administrative, physical, and technological security measures and processes to detect and respond to security breaches.
  • Response Procedures: Establish procedures to respond to data subject requests for access, rectification, objection, restriction, portability, and deletion (right to be forgotten).
  • Contracts: Enter into contracts with affiliates and vendors that collect or receive personal data. Salesforce & Marketing Cloud Customers, need this contract addendum: Salesforce Data Processing Addendum, plus this Salesforce Trust and Compliance Documentation for each Service. You will need this for each of your key data -related vendor.
  • Process: Establish a Privacy Impact Assessments’ Process. (Read the ICO’s Privacy by Design overview
  • Training: Conduct Employee & Vendor ‘privacy and security awareness’-Training.

 

STEP 5. Document Compliance & Upkeep.

  • Compile: copies of privacy notices and consent forms, the data inventory and register of data processing activities, written policies and procedures, training materials, intra-company data transfer agreements, and vendor contracts.
  • Appoint, if required, a Data Protection Officer, and identify the appropriate EU supervisory authority. (See Salesforce’s GDPR Facts vs. Fiction to see if you need an officer).
    Not everyone does.
  • Conduct: periodic risk assessments.

 

The GDPR Compliance Process – In conclusion

How much work this is varies by business. Best to start a.s.a.p.

I personally see all these legal requirements as a great opportunity for companies to become more customer-centric, and as such, become better marketer/more successful sellers. If you truly have your customers’ interest at heart, and you look at the world from their point of view, ‘blasting emails’ becomes repugnant. You’ll adopt an attitude of ‘helping them to achieve their goals’ instead.

I believe this attitude is the right angle to grow your business in much better way. The competitive game in 2018 is all about winning on customer experience. Use this legal compliance exercise to forge a shift towards helping customers in your organisation.

Disclaimer

Only lawyers can give you legal advice. We are not lawyers and our articles do not constitute legal advice. Therefore, we cannot take any responsibility for your compliance.

More GDPR & Related Resources

We just held a London Salesforce MARKETING CLOUD user group meeting on GDPR. Our presenter, Stephan Chandler-Garcia, is a well-known GDPR expert.

Stephan pointed out several additional complications for UK firms in particular:

1) GDPR is a European initiative. The UK will first be part of that, for a while. After that, upon Brexit, this legislation will be replaced by a UK regulation, which may be more stringent. This UK legislation is still being developed.

2) There is also the ePrivacy Regulation (ePR) and the (PECR), which was mentioned here, in a previous article: GDPR- what you need to know today. Here is the ICO Guide for PECR audits.

Do see our video below to learn more about these nuances and a wealth of further information on how you can gain legal compliance in this complex, broad and potentially costly data regulatory world.

 

Last Updated on May 6, 2021

Filed Under: IT, Marketing Tagged With: Data Protection, Marketing Automation

Want better
revenue marketing?


Expert UK salesforce consultants
Start today.
Get a FREE consultation with our Salesforce experts.



Follow us

LATEST ARTICLES – Tips & Insights from Salesforce experts

  • Salesforce Pardot for Lead Management: “A Leader” says Gartner
  • What is Marketing Cloud Account Engagement Optimizer
  • How Salesforce Service Cloud and Pardot can refine your marketing strategy
  • 15 Tips for cold email that converts
  • Millennials Marketing – Email is best way to reach ‘m 📣
  • Salesforce Genie 🧞 – what you need to know
  • Email personalisation is the new conversion rate optimisation
  • Salesforce winter 23 release notes best free features
  • What is Salesforce Integration? – An introduction
  • What are the Salesforce Characters? – Meet Genie
  • Use our email delivery best practices – for email hitting inbox
  • New Salesforce trailhead ranking for rangers
  • Using Pardot for events – Howto & Tips
  • Salesforce release notes – schedule Winter 23
  • Contact form spam protection in Pardot – 10+ ways to prevent form spam
  • 5 Tips to get the most out of Dreamforce 2022
  • Pardot Name change to Marketing Cloud Account Engagement
  • Grow Your Business Successfully with Salesforce CPQ
  • Salesforce Marketing Cloud August Release
  • New Pardot Landing Page Builder – Coming Up Next!

TOPICS

Salesforce Marketing Cloud Specialists Consultants UK - CloudAnalysts

Salesforce Consulting Partner
CloudAnalysts Proudly Took the 1 Percent Pledge
CloudAnalysts Proudly Took the 1 Percent Pledge

CloudAnalysts
Ridge Salesforce UK Consulting Partner
0330 808 3317

Experience in serving clients
in the UK and Ireland,
EMEA, US and Canada.

Registered office
1 Rosemont Road
London NW3 6NG
UK

WHAT CLIENTS SAY


star_rate star_rate star_rate star_rate star_rate

"Exceptionally well executed project"
"CloudAnalysts did an excellent job designing and implementing our Salesforce Marketing Cloud solution within 2-3 weeks to swiftly migrate from Oracle Service Cloud ensuring business-continuity." -- CIO


star_rate star_rate star_rate star_rate star_rate

From scoping to delivery, Cloud Analysts were professional, knowledgeable, flexible and accommodating." -- IT Projects Delivery Manager


star_rate star_rate star_rate star_rate star_rate

"Exceptionally talented marketeers"
"Helped me reframe my thinking about how we should be approaching sales and marketing." -- Head of Operations and Franchise Development


Copyright © 2023 CloudAnalysts, owned and operated by Aryta Ltd. | Privacy & Cookie Policy

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}