GDPR will affect everyone working with EU citizens as of May 2018. You will have to be compliant with this new regulation and align your digital strategy. Here are some tips to help you get your marketing department GDPR compliant.

1. GDPR & Digital
Marketing:
How To Work With 3rd
Party Software Providers
@Mailjet

2. Why Does GDPR Matter For Digital Marketing?
• It is how you
communicate and
interact with your
customers
• It is what anyone visiting
your brand can see
• Easiest way to tell if you
are compliant and if you
respect your customers’
rights
2

3. GDPR Study
Of
Awareness
Amongst UK
Marketers
01

4. 72% of marketers
fail consent test
with a year to go.
https://www.mailjet.com/blog/guide/gdpr-research-report/

5. 64% assume
GDPR means
they must ensure
individuals are
able to opt-out
easily.
5
GDPR Awareness Across The UK
Only 17% of
respondents have
taken all the
recommended
steps towards
GDPR
compliance.

6. 02
How To Work
With 3rd Party
Digital Marketing
Providers

7. Why Are We Talking About 3rd Party
Solutions For Digital Marketing?
Every business uses them…
7

8. Make a list of suppliers and applications used
Map out the path your data takes during the lifecycle
Assess the level of risk
Review all your contracts and introduce new clauses
Ask 3rd party solutions providers if they’re compliant
Switch to 3rd party solution providers that are/will be GDPR
compliant by May 2018
Where To Start?
8
Here are the steps you could take…

9. 03
What Does GDPR
Mean For Email
Marketing
Communications

10. Email Marketing Under GDPR
Customers will have control of their own data
10
1. New consumer opt-in permission rules and
proof of consent storing systems
2. Transparency on data collection and
automated profiling
3. All contacts need to be able to:
• Unsubscribe from any lists
• Be erased from any system
• Request copy of their data
• Take their data

11. A Transparent Privacy Policy
We have aligned our policy to be GDPR compliant, have you?
11

12. Clear Consent
With double opt-in and a clear path to opt-out
12

13. Clear Examples Of Customer Rights
DON'T: Opt-out pre-checked box
DO: Double opt-in. Clear declaration of consent. Easy
to understand and identify your company.
DO: Confirmation email, with the specific purpose of
the consent & linking your privacy policy
DO: Remind customer that they can Opt-out easily and
at any time.
13

14. 14
All communication
with your contacts
under GDPR requires
explicit consent.
The Real Challenge Is Your IT Structure
Large amount
of personal data
stored and processed
by your ESP.
Your ESP must provide the ability for you to
erase your clients’ data records on request
(right to be forgotten).
Can your email solution help you…

15. The Resources You Need
Head to: www.mailjet.com/gdpr
15

16. Rules Specific Articles ETA Department Status Comments
Data Protection Officer (DPO) Articles 37 - 39 May - June 2017 HR Implemented
- Nominate a DPO - Darine Fayed, Head of Legal.
- Communicate to CNIL (https://www.cnil.fr/en/home).
Training across all personnel (development and
roll out)
Article 39 July 2017 HR & IT Implemented
- Security, Confidentiality & Data Privacy training sessions for all employees & contractors.
- First Training sessions in July 2017.
Data breach procedures Articles 33 & 34 July 2017 Legal Implemented
- Data breach response plan.
- Process to notify controller without undue delay after becoming aware of personal data breach and document such
breach.
Data processing records Article 30 July - September 2017 Tech Implemented
- Record of processing activities, including, purposes of the processing, description of the categories of data and
recepients, any transfers. Update periodically.
Audit and analysis of privacy framework Articles 28 - 30 July - October 2017 Legal In progress
- Audit all existing client and third party contracts to ensure compliance with GDPR.
- Make necessary amendments.
- Review & update insurance coverages.
- Implement processes.
- Review and control.
Revaluate notice, consent and withdrawal
mechanisms
Articles 7 - 8, 12 -15 September 2017 Legal & Support Implemented
- Evaluation of existing consent and procedures in place, and ease of withdrawal.
- Update internal processes & Privacy Policy to increase transparency.
Ensure appropriate technical & organisational
measures
Article 28 October 2017 Legal In progress
- Guarantees by processor to implement appropriate technical and organizational measures to ensure the protection
of the rights of the data subjects.
- Update data protection agreements and appendices.
Data transfers and export controls Articles 44 - 50 October 2017 Legal Implemented
- Identify cross-border data flows and review mechanisms in place.
- Ensure adequate level of protection with contractual clauses.
Data portability Article 20 October 2017 Tech & Support -
- Ensure data subjects' right to portability (facilitates their ability to move/copy/transmit personal data easily - whether
to their own systems, the systems of 3rd parties or those of new data controllers).
Data protection by design and by default Article 25 October - November 2017 Tech In Progress
- Technical & organizational measures to ensure that, by default, only personal data which are necessary for each
specific purpose of processing are processed.
- Implement data protection principles, such as data minimisation.
Security of processing Article 32 November 2017 Tech - - Technical & organizational measures to ensure a level of security appropriate to the risks at stake.
Carry out data protection impact assessment Article 35 December 2017 Legal - - Assessment of the impact of processing operations on the protection of personal data with advice of the DPO.
GDPR Compliance Roadmap
Updated as of 2 October, 2017