Get ready for GDPR

There are only four months to go. Follow Crab's 10 step checklist for GDPR compliance.

Back to the blog

Digital Marketing is facing a serious challenge that must be addressed: The General Data Protection Regulation will take effect on 25th May 2018. Its requirements are extensive and detailed, and the penalties can be extreme. Not complying with GDPR 2018 can make you lose your hard-earned database and pay millions in fines.

We understand how complicated and overwhelming this may sound. That’s why we simplified it into Crab’s 10 step checklist for GDPR, to guide you and make sure you’ve got everything you need to comply.

For digital marketers, managing the growth of your database is a number one priority. If users don’t complete the mandatory consent process, their personal information will have to be deleted and you may lose upwards of 70% of your marketing database.

Now, how can you minimise the loss? We are here to help. We’ve developed an enquiry form that once completed, will guide us to start the process with you.


Step 1 for GDPR: Documentation

Time to put your house in order: organise your data set, what personal data you hold, where it came from and who you share it with.

Step 2 for GDPR: Privacy policies

You will need to be transparent and state all the ways you gather, use and manage a users’ data. Review your current privacy policies and put a plan in place for making any necessary changes in time.

Step 3 for GDPR: Individual rights

Individual rights have been expanded, including the right to be forgotten (the erasure of personal data) and the right to access (access to your personal data).
Check your procedures to ensure they cover them all.

Step 4 for GDPR: Subject Access Request

When a user asks to access his or her personal data, you will need to respond within 1 month. Plan how you will handle this request within the new timescales.

Step 5 for GDPR: Children

Verify individuals’ ages and obtain parental consent for any data processing activity.

Step 6 for GDPR: Breaches

Make sure you have the right procedures in place to detect a personal data breach. If there is a breach, you have a 72-hour notification period to report it after you’ve identified it.

Step 7 for GDPR: Data Protection by Design

Privacy by design means making privacy a key consideration in the early stages of any project, and then throughout its lifecycle. Continuously minimising risks and building customer trust.

Step 8 for GDPR: International

If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.

Step 9 for GDPR: Lawful basis for processing personal data

There are many reasons why you may hold personal data, and GDPR contemplates 6 clauses that apply depending on each case.

The two clauses we believe are relevant to marketeers are:

  • Contractual obligations – If your customers buy a product from you, this only gives you the right to contact them about that purchase i.e. order confirmation and despatch emails.
  • Double opt-in consent – If you want to promote further products and services to them.

Step 10 for GDPR: Consent

You will need to be able to prove double-opt-in consent from all users and ensure you are only asking for strictly necessary information. The double-opt-in process is much longer than the current process and will require some IT integration.

Consent process required by GDPR 2018
Consent process required by GDPR 2018

You have less than 4 months before GDPR deadline.

Fill in the form and prepare for GDPR now.


Back to the blog

Like what you see? Drop us a line +44 (0) 2077 490 669