We’re back with another season of Yodel Mobile’s Mastering Mobile Marketing video series. Last time we covered some of the basics of the GDPR – in this video, we give you the essential checklist to ensure you are GDPR ready.
GDPR – The Checklist:
- Employee education
- Information Audits
- Privacy Policies
- User-facing Elements
- Analytics Implications
So – the first step is to make sure all the employees of the business have some basic knowledge of GDPR and what its implications are – even if this is just the knowledge that we must have permission to use personal data in new ways, for example sharing with third parties.
With everyone aware of the basics, your employees will know which situations may require involvement from a data protection expert and they can bring these people in accordingly.
Note too that if your company regularly and systematically processes personal data on a large scale, you will need to appoint a Data Protection Officer, or DPO. This person will monitor and advise on compliance.
Once you have completed this first step, you’ll need to do an information audit.
You need to have a full understanding on what personal data you collect, why you collect it, and how you use it.
The what and the why will first help you to establish your legal basis for processing the personal data.
If you find that you’re not sure why you collect a lot of the data you do, you may need to consider reducing the amount you collect.
Consider future requirements as well. For example, if you plan to launch an email retention strategy, it may be worth opting users in as early as possible.
Otherwise, you’ll have to go back and opt all existing users in.
What you do with your data will also help you to establish what the user needs to consent to, if this is your legal basis for processing.
For example, a user would need to opt in to direct marketing such as email, as well as any data sharing between third parties.
The easiest way to ensure this is to check out Article 13 of the GDPR text. You can use this essentially as a checklist of what needs to be included.
But this will no longer suffice – a short explanation of the processing required should be included, so that the user has some information in front of them on what they are opting in to.
It is likely therefore that at the very least your registration or onboarding process will require some tweaks.
Consider too that for consent to be valid, you must not use currently widespread tactics such as a pre-ticked box or opt out function.
Lastly, you must be able to prove that a particular person has opted in, or out, of each relevant processing requirement.
This will require some changes to your analytics tracking – ideally you want to include metatags which track whether someone opts in or out, and on what date.
You’ll also need to keep records of any requests you get from users exercising their rights, such as the right to object to processing.
This means that you’ll be fully covered and accountable for any data processing you undertake in the event of an investigation.
So there you have it – just some of the steps you can take to prepare for the new law.
Don’t forget to check out part 1 of GDPR if you haven’t already otherwise check out our Mastering Mobile Marketing YouTube Playlist to ensure you are in the loop with all things app marketing.
Want to find out more about optimising your app and keeping up with the latest OS capabilities? Make sure to subscribe to our Mastering Mobile Marketing video series. You can also get in touch by visiting the Contact Us page. Follow us on LinkedIn, chat with us on Twitter @yodelmobile, and join our #mobilemarketingUK LinkedIn group.