Get up to date:

GDPR: A year on

Advice specifically for marketers

Econsultancy subscribers can download A Marketer’s Guide to the GDPR. The guide includes opinion from compliance experts on the most important part of the GDPR as it pertains to marketing.

There are also a couple of DMA guides for marketers – one on the essentials of GDPR, and another on the concept of accountability.


The Information Commissioner’s Office (ICO) in the UK has self-assessment checklists for both data controllers and data processors which will help you understand high-level compliance with the legislation (and anything you might have missed). These checklists are ideal for small businesses, but are still a good tool for marketers to understand what compliance entails.

There is also a more concise checklist created by the ICO offering a 12-step roadmap to compliance.

Industry specific advice

There are plenty of articles out there on the impact of the GDPR at a sector level. But these are the ones created by the ICO and the DMA:


For the most authoritative information on consent as legal basis for data processing, read the Article 29 Working Party (WP29) guidance.

Legitimate interests

There are no plans for new WP29 Guidance on legitimate interests, but the ICO published guidance in March 2018.

The Data Protection Network has also produced its own guide to legitimate interests under the GDPR, as has the DMA.

Privacy notices

Another excellent ICO checklist will take you through everything you need to craft compliant privacy notices.


The ICO’s own ‘mythbuster’ article quashes some of the hype about big fines set to be meted out. Information Commissioner Elizabeth Denham also addresses the issue in a recent presentation shown below.

Accountability (documentation)

The ICO has produced a comprehensive guide to documentation.


The DMA clears up some of the myths around the GDPR and B2B maketing, with some links to additional resources such as a legitimate interest assessment template.


Econsultancy’s newly updated Email Marketing Best Practice Guide (subscriber only) includes a section on email and the GDPR.

Third party agreements (contracts with data processors)

Law firm Mayer Brown has produced a concise and useful checklist for third party agreements, to ensure your vendors comply.

Automated decision making and profiling

WP29 guidance is available here.

Breach notification

WP29 guidance is available here.


Transparency, along with accountability, is the chief principle of the GDPR. The WP29 guidance on transparency attempts to define what information should be presented to the data subject, and in what way, in order to be truly transparent.


Econsultancy provides face-to-face training for marketers getting to grips with the GDPR, as well as an online classroom.

online gdpr course

For further reading, check out Econsultancy’s own GDPR resources page.

Note that this article represents the views of the author solely, and are not intended to constitute legal advice.