In a recent Econsultancy survey, 67% of clientside marketers said they have at least partially read the ICO guide to the General Data Protection Regulation (GDPR).

But whether you have or haven’t read this excellent guide (it’s certainly the best starting point), there are plenty of other resources you will need access to if you really want to engage with the GDPR. Here’s a list of the ones I have found useful…

Advice specifically for marketers

Econsultancy subscribers can download A Marketer’s Guide to the GDPR. The guide includes opinion from compliance experts on the most important part of the GDPR as it pertains to marketing.

gdpr

There are also a couple of DMA guides for marketers – one on the essentials of GDPR, and another on the concept of accountability.

Checklists

The Information Commissioner’s Office (ICO) in the UK has self-assessment checklists for both data controllers and data processors which will help you understand high-level compliance with the legislation (and anything you might have missed). These checklists are ideal for small businesses, but are still a good tool for marketers to understand what compliance entails.

There is also a more concise checklist created by the ICO offering a 12-step roadmap to compliance.

Industry specific advice

There are plenty of articles out there on the impact of the GDPR at a sector level. But these are the ones created by the ICO and the DMA: 

Consent

For the most authoritative information on consent as legal basis for data processing, read the Article 29 Working Party (WP29) guidance.

Legitimate interests

There are no plans for new WP29 Guidance on legitimate interests, but the ICO published guidance in March 2018.

The Data Protection Network has also produced its own guide to legitimate interests under the GDPR, as has the DMA.

Privacy notices

Another excellent ICO checklist will take you through everything you need to craft compliant privacy notices.

Fines

Information Commissioner Elizabeth Denham’s own ‘mythbuster’ article written in August 2017 quashes some of the hype about big fines set to be meted out. Denham also addresses the issue in a recent presentation shown below.

 

Accountability (documentation)

The ICO has produced a comprehensive guide to documentation.

B2B

The DMA clears up some of the myths around the GDPR and B2B maketing, with some links to additional resources such as a legitimate interest assessment template.

Email

Econsultancy’s newly updated Email Marketing Best Practice Guide (subscriber only) includes a section on email and the GDPR.

Third party agreements (contracts with data processors)

Law firm Mayer Brown has produced a concise and useful checklist for third party agreements, to ensure your vendors comply.

Automated decision making and profiling

WP29 guidance is available here

Breach notification

WP29 guidance is available here.

Transparency

Transparency, along with accountability, is the chief principle of the GDPR. The WP29 guidance on transparency attempts to define what information should be presented to the data subject, and in what way, in order to be truly transparent. 

Training

Econsultancy provides face-to-face training for marketers getting to grips with the GDPR, as well as an online classroom

online gdpr course 

For further reading, check out Econsultancy’s own GDPR resources page.

Note that this article represents the views of the author solely, and are not intended to constitute legal advice.