GDPR under the microscope at GDPR Summit London

Mystery still surrounds the EU’s General Data Protection Regulation, but the landmark legislation was unpacked and examined in detail last week at the GDPR Summit London supported by Henley Business School.

Delegates packed into three keynote theatres to hear from the experts on the full implications of GDPR, and to learn how organisations need to prepare as the May 25th deadline approaches.

Privacy by design

Tim Hunt, Marketing Leader & Strategic Adviser on GDPR at Flexile, opened proceedings in the Roadmap for Sales and Marketing Theatre, underlining how privacy by design must be at the heart of our services and offerings in a more security-conscious era.

Databases need a good cleaning out to ensure that the information we hold on clients, customers and employees alike is fully GDPR compliant. This marks the start on the pathway to winning back customer trust that will open up new opportunities for company growth when May passes.

A new culture of transparency

After coffee, bite-sized French pastries and networking, Sue Maclure spoke on the mindset shift that GDPR is designed to create, and how we need to take personal data care to new levels.

What’s creepy and what’s cool? What’s ok and what’s not in terms of marketing, asked the Head of Data at PSONA, in reference to how we, as marketers, reach out to our audience. If transparency is essential under GDPR, then we have a lot of work to do because so much data gets sold on and, ultimately, treated badly by many organisations today.

The transparency thread was picked up by the Julia Porter, Board Director at DMA: it relies on businesses telling customers what’s in it for them. How do those we rely upon most stand to benefit from our collective adherence to GDPR? This will have to be explained clearly as we seek to obtain individuals’ consent for using data.

Quality, not quantity: a case study

Organisations that are pro-active in obtaining of data-subject consent won’t only mitigate risk of a data breach, they will enjoy longer and more stable client relationships, improved profitability from quality audiences, enhanced reputation, shareholder trust and staff loyalty.

Some organisations have been quicker to embrace this mindset than others, and are now reaping the benefits.

Before 2015, the RNLI’s broad approach to marketing saw their database swell to 900,000 contacts. Their message response rate stood at 10.4%, yielding an average donation of £2.94.

In 2016, this database was streamlined to those contacts that actively opted into the organisation’s marketing, in a GDPR-compliant way. Response rate climbed to 32.8%, pushing donations up to an average of £8.39. Quality data, it appears, makes for quality marketing.

A foundation of accountability

In the HR Conference Room, Ty Winter, Global Privacy Officer at Cornerstone OnDemand turned our attention to the engine room, explaining how GDPR is set to affect the administrative side of enterprise.

HR departments must conduct risk assessments on how data is managed as a whole. While external software, consultants and legal counsel can help out, be careful because GDPR is catching out even the most celebrated of authorities.

It’s less about trusting one entity, more about educating yourself as a business manager, Ty said. Listen to a variety of sources and develop a best practice that suits your HR mechanisms. It’s about finding advice, as opposed to strict direction. Your organisation is responsible for your employees’ data under GDPR, so be prepared to be accountable for each piece of data under your care.

Instead of doing this independently, you and your team need to collaborate on a new HR privacy policy which should then be shared throughout the company. This will comprise the following considerations:

  • Don’t collect data you don’t need!
  • Define your purposes for processing personal data. Why do you need this information?
  • Only use data for those defined purposes
  • Track data, get employees to track data and make it easy for them to update this
  • Regularly ask data subjects about the accuracy of the data you hold.

With the May 25th deadline day looming, we’ll be taking the discussion further at Roadmap for Sales & Marketing.

Coming to 200 Aldergate, St Pauls, this exclusive deep-dive event will define successful and GDPR-friendly sales tactics, and give guidance on how processes must adapt to define the customer journey in a new age of compliance.

To find out more about the next GDPR Summit events, visit the website.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.